You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/09 10:20:57 UTC
[isis-app-helloworld] 01/01: adds demo of spring security with
userdetails
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch jdo-spring-security-userdetails
in repository https://gitbox.apache.org/repos/asf/isis-app-helloworld.git
commit 6dd2e96d5cc7a6f7c0132270c98bcf4de05503ca
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Fri Apr 9 11:19:57 2021 +0100
adds demo of spring security with userdetails
---
pom.xml | 5 ++
src/main/java/domainapp/webapp/AppManifest.java | 14 ++++-
src/main/java/domainapp/webapp/SecurityConfig.java | 32 +++++++++++
.../spring/webmodule/SpringSecurityFilter.java | 67 ++++++++++++++++++++++
src/main/resources/static/index.html | 62 ++++----------------
5 files changed, 127 insertions(+), 53 deletions(-)
diff --git a/pom.xml b/pom.xml
index 6fdb43c..75ce11f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,11 @@
</dependency>
<dependency>
+ <groupId>org.apache.isis.security</groupId>
+ <artifactId>isis-security-spring</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.isis.mavendeps</groupId>
<artifactId>isis-mavendeps-jdo</artifactId>
<type>pom</type>
diff --git a/src/main/java/domainapp/webapp/AppManifest.java b/src/main/java/domainapp/webapp/AppManifest.java
index 86995b9..7701a8e 100644
--- a/src/main/java/domainapp/webapp/AppManifest.java
+++ b/src/main/java/domainapp/webapp/AppManifest.java
@@ -4,11 +4,18 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.PropertySources;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.apache.isis.core.config.presets.IsisPresets;
import org.apache.isis.core.runtimeservices.IsisModuleCoreRuntimeServices;
import org.apache.isis.persistence.jdo.datanucleus.IsisModuleJdoDatanucleus;
+import org.apache.isis.security.bypass.authorization.AuthorizorBypass;
import org.apache.isis.security.shiro.IsisModuleSecurityShiro;
+import org.apache.isis.security.spring.IsisModuleSecuritySpring;
import org.apache.isis.testing.h2console.ui.IsisModuleTestingH2ConsoleUi;
import org.apache.isis.viewer.restfulobjects.jaxrsresteasy4.IsisModuleViewerRestfulObjectsJaxrsResteasy4;
import org.apache.isis.viewer.wicket.viewer.IsisModuleViewerWicketViewer;
@@ -18,11 +25,15 @@ import domainapp.modules.hello.HelloWorldModule;
@Configuration
@Import({
IsisModuleCoreRuntimeServices.class,
- IsisModuleSecurityShiro.class,
+ IsisModuleSecuritySpring.class,
IsisModuleJdoDatanucleus.class,
IsisModuleViewerRestfulObjectsJaxrsResteasy4.class,
IsisModuleViewerWicketViewer.class,
+// LoginController.class,
+ SecurityConfig.class,
+ AuthorizorBypass.class,
+
IsisModuleTestingH2ConsoleUi.class,
HelloWorldModule.class
})
@@ -30,4 +41,5 @@ import domainapp.modules.hello.HelloWorldModule;
@PropertySource(IsisPresets.NoTranslations),
})
public class AppManifest {
+
}
diff --git a/src/main/java/domainapp/webapp/SecurityConfig.java b/src/main/java/domainapp/webapp/SecurityConfig.java
new file mode 100644
index 0000000..3f01080
--- /dev/null
+++ b/src/main/java/domainapp/webapp/SecurityConfig.java
@@ -0,0 +1,32 @@
+package domainapp.webapp;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter
+{
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.inMemoryAuthentication()
+ .withUser("sven")
+ .password(passwordEncoder().encode("pass"))
+ .roles("USER");
+ ;
+ }
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
+
+}
diff --git a/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java b/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
new file mode 100644
index 0000000..fa4a12a
--- /dev/null
+++ b/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
@@ -0,0 +1,67 @@
+package org.apache.isis.security.spring.webmodule;
+
+import java.io.IOException;
+import java.util.stream.Stream;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import org.apache.isis.applib.services.user.UserMemento;
+import org.apache.isis.core.interaction.session.InteractionFactory;
+import org.apache.isis.core.security.authentication.Authentication;
+import org.apache.isis.core.security.authentication.standard.SimpleAuthentication;
+
+/**
+ * This is a patch to replace the version provided in 2.0.0-M5
+ */
+public class SpringSecurityFilter implements Filter {
+
+ @Autowired
+ private InteractionFactory isisInteractionFactory;
+
+ @Override
+ public void doFilter(
+ final ServletRequest servletRequest,
+ final ServletResponse servletResponse,
+ final FilterChain filterChain) throws IOException, ServletException {
+
+ HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
+
+ org.springframework.security.core.Authentication springAuthentication = SecurityContextHolder.getContext().getAuthentication();
+ if(springAuthentication==null
+ || !springAuthentication.isAuthenticated()) {
+ httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ return; // not authenticated
+ }
+
+ String principalIdentity;
+ Object principal = springAuthentication.getPrincipal();
+ if (principal instanceof UserDetails) {
+ final UserDetails user = (UserDetails) principal;
+ principalIdentity = user.getUsername();
+ } else {
+ httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ return; // unknown principal type, not handled
+ }
+
+
+ UserMemento user = UserMemento.ofNameAndRoleNames(principalIdentity,
+ Stream.of("org.apache.isis.viewer.wicket.roles.USER"));
+ SimpleAuthentication authentication = SimpleAuthentication.validOf(user);
+ authentication.setType(Authentication.Type.EXTERNAL);
+
+ isisInteractionFactory.runAuthenticated(
+ authentication,
+ ()->{
+ filterChain.doFilter(servletRequest, servletResponse);
+ });
+ }
+}
diff --git a/src/main/resources/static/index.html b/src/main/resources/static/index.html
index ec5144e..97d0f7d 100644
--- a/src/main/resources/static/index.html
+++ b/src/main/resources/static/index.html
@@ -1,54 +1,12 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
- <title>Apache Isis™ HelloWorld</title>
-
- <link rel="stylesheet" type="text/css" href="css/page.css">
- </head>
- <body>
- <div id="wrapper">
- <img alt="Isis Logo" src="images/apache-isis/logo.png" />
-
- <p>
- This is a minimal <a href="https://isis.apache.org">Apache Isis</a> application, intended as a starting
- point to learn what the framework is all about.
- <br/>
- </p>
-
- <p>To access the app:</p>
- <ul>
- <li>
- <p>
- <b><a href="wicket/">Generic UI (Wicket)</a></b>
- </p>
- <p>
- provides access to a generic UI for end-users. This
- viewer is built with <a href="http://wicket.apache.org" target="_blank">Apache Wicket</a>™.
- </p>
- </li>
- <li>
- <p>
- <b>
- <a href="swagger-ui/index.thtml">RESTful API (Swagger)</a>
- </b>
- </p>
- <p>
- provides access to a Swagger UI for convenient access
- to (a subset of) the automatically generated REST API.
- </p>
- <p>
- The full backend API (at <a href="restful/">restful/</a>) renders both simple and also richer
- hypermedia representations of domain objects, the latter conforming to the
- <a href="http://restfulobjects.org" target="_blank">Restful Objects</a> spec.
- </p>
- </li>
- </ul>
-
- <p>
- The default user/password is <b><i>sven/pass</i></b>.
- </p>
-
- </div>
- </body>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+ <meta http-equiv="refresh" content="0;url=/wicket/" />
+</head>
+<body>
+<div id="wrapper">
+ <!-- we just redirect immediately, because swagger/restful API not configured to use spring security -->
+</div>
+</body>
</html>