From 0595c0ec9f0b5e032a666909004cc0286eb62b42 Mon Sep 17 00:00:00 2001
From: Joze RIHTARSIC <Joze.RIHTARSIC@ext.ec.europa.eu>
Date: Tue, 21 Sep 2021 18:37:31 +0200
Subject: [PATCH] PR updates
---
.../smp/data/ui/enums/SMPPropertyEnum.java | 6 +----
.../smp/services/ConfigurationService.java | 23 +++++++++---------
.../edelivery/smp/utils/SMPCookieWriter.java | 7 ++++++
.../smp/config/SMPTaskSchedulerConfig.java | 2 +-
.../smp/config/SpringSecurityConfig.java | 24 ++++++++++++-------
.../smp/ui/AuthenticationResource.java | 14 +++++++----
6 files changed, 44 insertions(+), 32 deletions(-)
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
index a99e7e32f..07b824c9e 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -28,15 +28,12 @@ public enum SMPPropertyEnum {
SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address","http://localhost:8080/smp/","Logical SMP endpoint which will be registered on SML when registering new domain", false, false , SMPPropertyTypeEnum.URL),
SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address","0.0.0.0","Physical SMP endpoint which will be registered on SML when registering new domain.", false, false , SMPPropertyTypeEnum.STRING),
-
-
HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host", false,false, SMPPropertyTypeEnum.STRING),
HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1", false,false, SMPPropertyTypeEnum.STRING),
HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.", false, true,SMPPropertyTypeEnum.STRING),
HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port", false, false, SMPPropertyTypeEnum.INTEGER),
HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user", false, false, SMPPropertyTypeEnum.STRING),
-
KEYSTORE_PASSWORD("smp.keystore.password","","Encrypted keystore (and keys) password ", false, true, SMPPropertyTypeEnum.STRING),
KEYSTORE_FILENAME("smp.keystore.filename","smp-keystore.jks","Keystore filename ", true, false , SMPPropertyTypeEnum.FILENAME),
TRUSTSTORE_PASSWORD("smp.truststore.password","","Encrypted truststore password ", false, true, SMPPropertyTypeEnum.STRING),
@@ -61,8 +58,7 @@ public enum SMPPropertyEnum {
UI_COOKIE_SESSION_SECURE("smp.ui.session.secure","false","Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistent to man-in-the-middle attacks.", false, false , SMPPropertyTypeEnum.BOOLEAN),
UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age","","Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter", false, false , SMPPropertyTypeEnum.INTEGER),
UI_COOKIE_SESSION_SITE("smp.ui.session.strict","None","Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax", false, false , SMPPropertyTypeEnum.STRING),
- UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false , SMPPropertyTypeEnum.STRING),
- ;
+ UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false , SMPPropertyTypeEnum.STRING);
String property;
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index b526bb674..bad6337e0 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -30,7 +30,6 @@ public class ConfigurationService {
@Autowired
private ConfigurationDao configurationDAO;
-
public DBConfiguration setPropertyToDatabase(SMPPropertyEnum key, String value, String description) {
String finalValue = StringUtils.trimToNull(value);
if (finalValue == null) {
@@ -57,15 +56,15 @@ public class ConfigurationService {
return res;
}
- public Pattern getParticipantIdentifierSchemeRexExp(){
- return (Pattern)configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
+ public Pattern getParticipantIdentifierSchemeRexExp() {
+ return (Pattern) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
}
- public String getParticipantIdentifierSchemeRexExpPattern(){
+ public String getParticipantIdentifierSchemeRexExpPattern() {
return configurationDAO.getCachedProperty(PARTC_SCH_REGEXP);
}
- public String getParticipantIdentifierSchemeRexExpMessage(){
+ public String getParticipantIdentifierSchemeRexExpMessage() {
return configurationDAO.getCachedProperty(PARTC_SCH_REGEXP_MSG);
}
@@ -94,13 +93,12 @@ public class ConfigurationService {
return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
}
-
public List<String> getCaseSensitiveDocumentScheme() {
- return (List<String>)configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
+ return (List<String>) configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
}
public List<String> getCaseSensitiveParticipantScheme() {
- return (List<String>)configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
+ return (List<String>) configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
}
public boolean isProxyEnabled() {
@@ -132,27 +130,26 @@ public class ConfigurationService {
return configurationDAO.getCachedProperty(SML_PHYSICAL_ADDRESS);
}
-
public boolean forceCRLValidation() {
Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
// by default is not froce
return value != null && value;
}
+
public String getSMLIntegrationServerCertSubjectRegExp() {
return configurationDAO.getCachedProperty(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
}
+
public boolean smlDisableCNCheck() {
Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
// by default is not froce
return value != null && value;
}
-
public File getConfigurationFolder() {
return (File) configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
}
-
public File getTruststoreFile() {
return (File) configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
}
@@ -169,17 +166,19 @@ public class ConfigurationService {
return (String) configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
}
-
public boolean getSessionCookieSecure() {
Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
return value != null && value;
}
+
public Integer getSessionCookieMaxAge() {
return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
}
+
public String getSessionCookieSameSite() {
return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
}
+
public String getSessionCookiePath() {
return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
index cfc4b0728..33b596c77 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
@@ -12,6 +12,13 @@ import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
+
+/**
+ * Purpose of class is to serialize SMP cookies with the security flags
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
public class SMPCookieWriter {
private static final SMPLogger LOG = SMPLoggerFactory.getLogger(SMPCookieWriter.class);
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
index 27102a76c..d3dbe497a 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
@@ -14,7 +14,7 @@ import org.springframework.scheduling.annotation.Scheduled;
basePackages = "eu.europa.ec.edelivery.smp")
public class SMPTaskSchedulerConfig {
- ConfigurationDao configurationDao;
+ final ConfigurationDao configurationDao;
@Autowired
public SMPTaskSchedulerConfig(ConfigurationDao configurationDao) {
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
index 569bf7e2a..627db4d95 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
@@ -18,6 +18,7 @@ import eu.europa.ec.edelivery.security.EDeliveryX509AuthenticationFilter;
import eu.europa.ec.edelivery.smp.auth.SMPAuthenticationProvider;
import eu.europa.ec.edelivery.smp.auth.SMPAuthority;
import eu.europa.ec.edelivery.smp.error.SpringSecurityExceptionHandler;
+import eu.europa.ec.edelivery.smp.utils.SMPCookieWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -97,18 +98,18 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.and()
.authorizeRequests()
.antMatchers(HttpMethod.DELETE).hasAnyAuthority(
- SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
- SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
- SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
+ SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
+ SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
+ SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
.antMatchers(HttpMethod.PUT).hasAnyAuthority(
- SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
- SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
- SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
+ SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
+ SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
+ SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
.antMatchers(HttpMethod.GET).permitAll().and()
.authorizeRequests().antMatchers(HttpMethod.GET, "/ui/").hasAnyAuthority(
- SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
- SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
- SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority()).and()
+ SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
+ SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
+ SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority()).and()
;
@@ -153,4 +154,9 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
x509AuthenticationFilter.setAuthenticationManager(authenticationManager);
return x509AuthenticationFilter;
}
+
+ @Bean
+ public SMPCookieWriter getSMPCookieWriter() {
+ return new SMPCookieWriter();
+ }
}
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
index 680ebce5a..24da759ac 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
@@ -42,20 +42,24 @@ public class AuthenticationResource {
private static final SMPLogger LOG = SMPLoggerFactory.getLogger(AuthenticationResource.class);
- @Autowired
protected SMPAuthenticationService authenticationService;
- @Autowired
protected SMPAuthorizationService authorizationService;
- @Autowired
private ConversionService conversionService;
- @Autowired
private ConfigurationService configurationService;
- SMPCookieWriter smpCookieWriter = new SMPCookieWriter();
+ SMPCookieWriter smpCookieWriter;
+ @Autowired
+ public AuthenticationResource(SMPAuthenticationService authenticationService, SMPAuthorizationService authorizationService, ConversionService conversionService, ConfigurationService configurationService, SMPCookieWriter smpCookieWriter) {
+ this.authenticationService = authenticationService;
+ this.authorizationService = authorizationService;
+ this.conversionService = conversionService;
+ this.configurationService = configurationService;
+ this.smpCookieWriter = smpCookieWriter;
+ }
@ResponseStatus(value = HttpStatus.FORBIDDEN)
@ExceptionHandler({AuthenticationException.class})
--
GitLab