Update Securioty config with exception handler for "http basic"

602535c1 · Joze RIHTARSIC · ec9dfc5b · 602535c1 · 602535c1
Commit 602535c1 authored 3 years ago by Joze RIHTARSIC
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
@@ -93,12 +93,15 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

        httpSecurity
                .csrf().csrfTokenRepository(csrfTokenRepository).requireCsrfProtectionMatcher(csrfURLMatcher).and()
-                .exceptionHandling().authenticationEntryPoint(new SpringSecurityExceptionHandler()).and()
-                .headers().frameOptions().deny().contentTypeOptions().and().xssProtection().xssProtectionEnabled(true).and().and()
+                .exceptionHandling()
+                .authenticationEntryPoint(new SpringSecurityExceptionHandler())
+                .accessDeniedHandler(new SpringSecurityExceptionHandler())
+                .and()

+                .headers().frameOptions().deny().contentTypeOptions().and().xssProtection().xssProtectionEnabled(true).and().and()
                .addFilter(blueCoatAuthenticationFilter)
                .addFilter(x509AuthenticationFilter)
-                .httpBasic()
+                .httpBasic().authenticationEntryPoint(new SpringSecurityExceptionHandler())
                .and() // username
                .anonymous().authorities(SMPAuthority.S_AUTHORITY_ANONYMOUS.getAuthority()).and()
                .authorizeRequests().antMatchers(HttpMethod.DELETE, "/ui/rest/security/authentication").permitAll()
@@ -119,8 +122,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
                SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
                SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority()).and()
        ;
-
-
    }

    @Override

--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/error/SpringSecurityExceptionHandler.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/error/SpringSecurityExceptionHandler.java
@@ -45,7 +45,7 @@ public class SpringSecurityExceptionHandler extends BasicAuthenticationEntryPoin
    private static final Logger log = LoggerFactory.getLogger(SpringSecurityExceptionHandler.class);

    public SpringSecurityExceptionHandler() {
-        this.setRealmName("any realm name");
+        this.setRealmName("SMPSecurityRealm");
    }

    @Override
@@ -79,8 +79,8 @@ public class SpringSecurityExceptionHandler extends BasicAuthenticationEntryPoin

        String errorUniqueId = ((ErrorResponse) response.getBody()).getErrorUniqueId();
        String logMsg = format("Error unique ID: %s", errorUniqueId);
-
-        log.warn(logMsg, exception);
+        log.warn("Security error:[{}] with [{}].", errorMsg, logMsg);
+        log.debug(logMsg, exception);
        return response;
    }