You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2022/01/27 15:08:17 UTC
[syncope] branch master updated (f029f8e -> b1d11bd)
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git.
from f029f8e Adjusting website for upcoming release
new 1e3950d Upgrading Nimbus JOSE JWT and SLF4J
new 571cca9 Upgrading Nimbus JOSE JWT and SLF4J
new 3e694ca Upgrading Camel
new b1d11bd [SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../core/spring/security/WebSecurityContext.java | 69 ++++++++++++++--------
pom.xml | 6 +-
2 files changed, 46 insertions(+), 29 deletions(-)
[syncope] 04/04: [SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter
Posted by il...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit b1d11bd9f1e7a9e8a5f836376879e22cec07fae0
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Thu Jan 27 16:07:56 2022 +0100
[SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter
---
.../core/spring/security/WebSecurityContext.java | 69 ++++++++++++++--------
1 file changed, 43 insertions(+), 26 deletions(-)
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
index 82aa27a..6117375 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
@@ -37,6 +37,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -44,9 +45,11 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.context.NullSecurityContextRepository;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
@@ -57,6 +60,8 @@ import org.springframework.security.web.firewall.HttpFirewall;
@Configuration(proxyBeanMethods = false)
public class WebSecurityContext {
+ private static final String ANONYMOUS_BEAN_KEY = "doesNotMatter";
+
public WebSecurityContext() {
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
}
@@ -70,10 +75,12 @@ public class WebSecurityContext {
@Bean
public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(
- final ApplicationContext ctx,
- final SecurityProperties securityProperties,
- final HttpFirewall allowUrlEncodedSlashHttpFirewall) {
+ final ApplicationContext ctx,
+ final SecurityProperties securityProperties,
+ final HttpFirewall allowUrlEncodedSlashHttpFirewall) {
+
return new WebSecurityConfigurerAdapter(true) {
+
@Override
public void configure(final WebSecurity web) {
web.httpFirewall(allowUrlEncodedSlashHttpFirewall);
@@ -81,40 +88,50 @@ public class WebSecurityContext {
@Override
protected void configure(final HttpSecurity http) throws Exception {
+ SyncopeAuthenticationDetailsSource authenticationDetailsSource =
+ new SyncopeAuthenticationDetailsSource();
+
+ AnonymousAuthenticationProvider anonymousAuthenticationProvider =
+ new AnonymousAuthenticationProvider(ANONYMOUS_BEAN_KEY);
+ AnonymousAuthenticationFilter anonymousAuthenticationFilter =
+ new AnonymousAuthenticationFilter(
+ ANONYMOUS_BEAN_KEY,
+ securityProperties.getAnonymousUser(),
+ AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+ anonymousAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
+
SyncopeBasicAuthenticationEntryPoint basicAuthenticationEntryPoint =
- new SyncopeBasicAuthenticationEntryPoint();
+ new SyncopeBasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName("Apache Syncope authentication");
- SyncopeAuthenticationDetailsSource authenticationDetailsSource =
- new SyncopeAuthenticationDetailsSource();
-
JWTAuthenticationFilter jwtAuthenticationFilter = new JWTAuthenticationFilter(
- authenticationManager(),
- basicAuthenticationEntryPoint,
- authenticationDetailsSource,
- ctx.getBean(AuthDataAccessor.class),
- ctx.getBean(DefaultCredentialChecker.class));
+ authenticationManager(),
+ basicAuthenticationEntryPoint,
+ authenticationDetailsSource,
+ ctx.getBean(AuthDataAccessor.class),
+ ctx.getBean(DefaultCredentialChecker.class));
http.authorizeRequests().
- antMatchers("/**").permitAll().and().
- sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
- securityContext().securityContextRepository(new NullSecurityContextRepository()).and().
- anonymous().principal(securityProperties.getAnonymousUser()).and().
- httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint).
- authenticationDetailsSource(authenticationDetailsSource).and().
- exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().
- addFilterBefore(jwtAuthenticationFilter, BasicAuthenticationFilter.class).
- addFilterBefore(new MustChangePasswordFilter(), FilterSecurityInterceptor.class).
- headers().disable().
- csrf().disable();
+ antMatchers("/**").permitAll().and().
+ sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
+ securityContext().securityContextRepository(new NullSecurityContextRepository()).and().
+ anonymous().
+ authenticationProvider(anonymousAuthenticationProvider).
+ authenticationFilter(anonymousAuthenticationFilter).and().
+ httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint).
+ authenticationDetailsSource(authenticationDetailsSource).and().
+ exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().
+ addFilterBefore(jwtAuthenticationFilter, BasicAuthenticationFilter.class).
+ addFilterBefore(new MustChangePasswordFilter(), FilterSecurityInterceptor.class).
+ headers().disable().
+ csrf().disable();
}
-
@Override
protected void configure(final AuthenticationManagerBuilder builder) throws Exception {
builder.
- authenticationProvider(ctx.getBean(UsernamePasswordAuthenticationProvider.class)).
- authenticationProvider(ctx.getBean(JWTAuthenticationProvider.class));
+ authenticationProvider(ctx.getBean(UsernamePasswordAuthenticationProvider.class)).
+ authenticationProvider(ctx.getBean(JWTAuthenticationProvider.class));
}
};
}
[syncope] 01/04: Upgrading Nimbus JOSE JWT and SLF4J
Posted by il...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 1e3950d111e6c371a66f243811af75f625f2511d
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Tue Jan 25 16:01:59 2022 +0100
Upgrading Nimbus JOSE JWT and SLF4J
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1935696..d361e0b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -405,7 +405,7 @@ under the License.
<cxf.version>3.5.0</cxf.version>
<bouncycastle.version>1.70</bouncycastle.version>
- <nimbus-jose-jwt.version>9.15.2</nimbus-jose-jwt.version>
+ <nimbus-jose-jwt.version>9.16</nimbus-jose-jwt.version>
<jackson.version>2.13.1</jackson.version>
@@ -428,7 +428,7 @@ under the License.
<camel.version>3.14.0</camel.version>
- <slf4j.version>1.7.33</slf4j.version>
+ <slf4j.version>1.7.34</slf4j.version>
<elasticsearch.version>7.16.3</elasticsearch.version>
[syncope] 02/04: Upgrading Nimbus JOSE JWT and SLF4J
Posted by il...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 571cca92bc208bba50e5e018032ad25f58b0e90d
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed Jan 26 16:16:50 2022 +0100
Upgrading Nimbus JOSE JWT and SLF4J
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index d361e0b..d714d8b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -405,7 +405,7 @@ under the License.
<cxf.version>3.5.0</cxf.version>
<bouncycastle.version>1.70</bouncycastle.version>
- <nimbus-jose-jwt.version>9.16</nimbus-jose-jwt.version>
+ <nimbus-jose-jwt.version>9.16.1</nimbus-jose-jwt.version>
<jackson.version>2.13.1</jackson.version>
@@ -428,7 +428,7 @@ under the License.
<camel.version>3.14.0</camel.version>
- <slf4j.version>1.7.34</slf4j.version>
+ <slf4j.version>1.7.35</slf4j.version>
<elasticsearch.version>7.16.3</elasticsearch.version>
[syncope] 03/04: Upgrading Camel
Posted by il...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 3e694ca3a2764001f64a43660ee408d08d55bf3c
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Thu Jan 27 16:07:48 2022 +0100
Upgrading Camel
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index d714d8b..5fbc8d2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -426,7 +426,7 @@ under the License.
<flowable.version>6.7.2</flowable.version>
- <camel.version>3.14.0</camel.version>
+ <camel.version>3.14.1</camel.version>
<slf4j.version>1.7.35</slf4j.version>