From 0383dcbd7b87aaf39527b7005eb728b68ffa807c Mon Sep 17 00:00:00 2001 From: Devon Hillard Date: Sat, 24 Jun 2023 14:10:23 -0600 Subject: [PATCH] Added flag for OAuth2 setup in WebSecurityConfig --- .../spring/user/util/WebSecurityConfig.java | 53 ++++++++++++------- src/main/resources/application.yml | 3 ++ 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/src/main/java/com/digitalsanctuary/spring/user/util/WebSecurityConfig.java b/src/main/java/com/digitalsanctuary/spring/user/util/WebSecurityConfig.java index 2319c4c..ed1d534 100644 --- a/src/main/java/com/digitalsanctuary/spring/user/util/WebSecurityConfig.java +++ b/src/main/java/com/digitalsanctuary/spring/user/util/WebSecurityConfig.java @@ -90,6 +90,9 @@ public class WebSecurityConfig { @Value("${user.security.registrationNewVerificationURI}") private String registrationNewVerificationURI; + @Value("${spring.security.oauth2.enabled:false} ") + private boolean oauth2Enabled; + @Autowired private UserDetailsService userDetailsService; @@ -105,10 +108,10 @@ public class WebSecurityConfig { @Autowired private DSOAuth2UserService dsOAuth2UserService; - /** * - * The securityFilterChain method builds the security filter chain for Spring Security. + * The securityFilterChain method builds the security filter chain for Spring + * Security. * * @param http the HttpSecurity object * @return the SecurityFilterChain object @@ -121,15 +124,19 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti ArrayList unprotectedURIs = getUnprotectedURIsList(); log.debug("WebSecurityConfig.configure:" + "enhanced unprotectedURIs: {}", unprotectedURIs.toString()); - CustomOAuth2AuthenticationEntryPoint loginAuthenticationEntryPoint = new CustomOAuth2AuthenticationEntryPoint(null, loginPageURI); + CustomOAuth2AuthenticationEntryPoint loginAuthenticationEntryPoint = new CustomOAuth2AuthenticationEntryPoint( + null, loginPageURI); - List disableCSRFURIs = Arrays.stream(disableCSRFURIsArray).filter(uri -> uri != null && !uri.isEmpty()).collect(Collectors.toList()); + List disableCSRFURIs = Arrays.stream(disableCSRFURIsArray).filter(uri -> uri != null && !uri.isEmpty()) + .collect(Collectors.toList()); http.formLogin( - formLogin -> formLogin.loginPage(loginPageURI).loginProcessingUrl(loginActionURI).successHandler(loginSuccessService).permitAll()) + formLogin -> formLogin.loginPage(loginPageURI).loginProcessingUrl(loginActionURI) + .successHandler(loginSuccessService).permitAll()) .rememberMe(withDefaults()); - http.logout(logout -> logout.logoutUrl(logoutActionURI).logoutSuccessUrl(logoutSuccessURI).invalidateHttpSession(true) + http.logout(logout -> logout.logoutUrl(logoutActionURI).logoutSuccessUrl(logoutSuccessURI) + .invalidateHttpSession(true) .deleteCookies("JSESSIONID")); if (disableCSRFURIs != null && disableCSRFURIs.size() > 0) { @@ -137,24 +144,30 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti csrf.ignoringRequestMatchers(disableCSRFURIsArray); }); } - http.oauth2Login(o -> o.loginPage(loginPageURI).successHandler(loginSuccessService).failureHandler((request, response, exception) -> { - log.error("WebSecurityConfig.configure:" + "OAuth2 login failure: {}", exception.getMessage()); - request.getSession().setAttribute("error.message", exception.getMessage()); - response.sendRedirect(loginPageURI); - // handler.onAuthenticationFailure(request, response, exception); - }).userInfoEndpoint().userService(dsOAuth2UserService)).userDetailsService(userDetailsService) - .exceptionHandling(handling -> handling.authenticationEntryPoint(loginAuthenticationEntryPoint)); - - + if (oauth2Enabled) { + http.oauth2Login(o -> o.loginPage(loginPageURI).successHandler(loginSuccessService) + .failureHandler((request, response, exception) -> { + log.error("WebSecurityConfig.configure:" + "OAuth2 login failure: {}", exception.getMessage()); + request.getSession().setAttribute("error.message", exception.getMessage()); + response.sendRedirect(loginPageURI); + // handler.onAuthenticationFailure(request, response, exception); + }).userInfoEndpoint().userService(dsOAuth2UserService)).userDetailsService(userDetailsService) + .exceptionHandling(handling -> handling.authenticationEntryPoint(loginAuthenticationEntryPoint)); + } // Configure authorization rules based on the default action if (DEFAULT_ACTION_DENY.equals(getDefaultAction())) { - // Allow access to unprotected URIs and require authentication for all other requests - http.authorizeHttpRequests().requestMatchers(unprotectedURIs.toArray(new String[0])).permitAll().anyRequest().authenticated(); + // Allow access to unprotected URIs and require authentication for all other + // requests + http.authorizeHttpRequests().requestMatchers(unprotectedURIs.toArray(new String[0])).permitAll() + .anyRequest().authenticated(); } else if (DEFAULT_ACTION_ALLOW.equals(getDefaultAction())) { - // Require authentication for protected URIs and allow access to all other requests - http.authorizeHttpRequests().requestMatchers(protectedURIsArray).authenticated().requestMatchers("/**").permitAll(); + // Require authentication for protected URIs and allow access to all other + // requests + http.authorizeHttpRequests().requestMatchers(protectedURIsArray).authenticated().requestMatchers("/**") + .permitAll(); } else { - // Log an error and deny access to all resources if the default action is not set correctly + // Log an error and deny access to all resources if the default action is not + // set correctly log.error("WebSecurityConfig.configure:" + "user.security.defaultAction must be set to either {} or {}!!! Denying access to all resources to force intentional configuration.", DEFAULT_ACTION_ALLOW, DEFAULT_ACTION_DENY); diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index bdd4694..7ca864b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -15,6 +15,7 @@ spring: host: email-smtp.us-west-2.amazonaws.com # security: # oauth2: + # enabled: true # client: # registration: # google: @@ -71,6 +72,8 @@ spring: user: registration: sendVerificationEmail: true + googleEnabled: false + facebookEnabled: false audit: logFilePath: /opt/app/logs/user-audit.log flushOnWrite: false