Code development platform for open source projects from the European Union institutions

Skip to content
Snippets Groups Projects
Commit a42a767a authored by Joze RIHTARSIC's avatar Joze RIHTARSIC
Browse files

Update security config with exception handler for "http basic"

parent 602535c1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
smp-api/src/test/java/eu/europa/ec/smp/api/validators/BdxSmpOasisValidatorTest.java
+ 9
9
View file @ a42a767a
......@@ -35,7 +35,7 @@ public class BdxSmpOasisValidatorTest {
private static final String UTF_8 = "UTF-8";
@Test
@Parameters({"ServiceMetadata_OK.xml","ServiceGroup_OK.xml"})
@Parameters({"ServiceMetadata_OK.xml", "ServiceGroup_OK.xml"})
public void testValidatePositive(String xmlFilename) throws IOException, XmlInvalidAgainstSchemaException {
// given
byte[] xmlBody = loadXMLFileAsByteArray(xmlFilename);
......@@ -48,12 +48,12 @@ public class BdxSmpOasisValidatorTest {
}
private static Object[] negativeCases() {
return new Object[][] {
{"ServiceMetadata_ElementAdded.xml", "cvc-complex-type.2.4.a: Invalid content was found starting with element 'ElementAdded'. One of '{\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":ServiceInformation, \"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":Redirect}' is expected."},
{"ServiceMetadata_ElementMissing.xml", "cvc-complex-type.2.4.b: The content of element 'Redirect' is not complete. One of '{\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":CertificateUID}' is expected."},
{"ServiceGroup_MissingAssignment.xml", "Attribute name \"missingAssignment\" associated with an element type \"ServiceMetadataReferenceCollection\" must be followed by the ' = ' character."},
{"ServiceGroup_UnexpectedAttribute.xml","cvc-complex-type.3.2.2: Attribute 'unexpectedAttribute' is not allowed to appear in element 'ServiceMetadataReferenceCollection'."},
{"ServiceGroup_externalDTD.xml", "External DTD: Failed to read external DTD 'any_external_file_address.dtd', because 'file' access is not allowed due to restriction set by the accessExternalDTD property."}
return new Object[][]{
{"ServiceMetadata_ElementAdded.xml", "cvc-complex-type.2.4.a: Invalid content was found starting with element '{\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":ElementAdded}'. One of '{\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":ServiceInformation, \"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":Redirect}' is expected."},
{"ServiceMetadata_ElementMissing.xml", "cvc-complex-type.2.4.b: The content of element 'Redirect' is not complete. One of '{\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":CertificateUID}' is expected."},
{"ServiceGroup_MissingAssignment.xml", "Attribute name \"missingAssignment\" associated with an element type \"ServiceMetadataReferenceCollection\" must be followed by the ' = ' character."},
{"ServiceGroup_UnexpectedAttribute.xml", "cvc-complex-type.3.2.2: Attribute 'unexpectedAttribute' is not allowed to appear in element 'ServiceMetadataReferenceCollection'."},
{"ServiceGroup_externalDTD.xml", "External DTD: Failed to read external DTD 'any_external_file_address.dtd', because 'file' access is not allowed due to restriction set by the accessExternalDTD property."}
};
}
......@@ -75,12 +75,12 @@ public class BdxSmpOasisValidatorTest {
}
public String loadXMLFile(String path) throws IOException {
URL fileUrl = BdxSmpOasisValidatorTest.class.getResource("/XMLValidation/"+path);
URL fileUrl = BdxSmpOasisValidatorTest.class.getResource("/XMLValidation/" + path);
return IOUtils.toString(fileUrl.openStream(), UTF_8);
}
public byte[] loadXMLFileAsByteArray(String path) throws IOException {
URL fileUrl = BdxSmpOasisValidatorTest.class.getResource("/XMLValidation/"+path);
URL fileUrl = BdxSmpOasisValidatorTest.class.getResource("/XMLValidation/" + path);
return IOUtils.toByteArray(fileUrl.openStream());
}
}
smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceIntegrationTest.java
+ 4
1
View file @ a42a767a
......@@ -14,6 +14,7 @@ import eu.europa.ec.edelivery.smp.services.AbstractServiceIntegrationTest;
import eu.europa.ec.edelivery.smp.testutil.TestConstants;
import eu.europa.ec.edelivery.smp.testutil.TestDBUtils;
import eu.europa.ec.edelivery.smp.testutil.TestROUtils;
import org.hamcrest.text.MatchesPattern;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
......@@ -24,6 +25,7 @@ import java.io.IOException;
import java.util.Collections;
import static org.hamcrest.core.StringContains.containsString;
import static org.hamcrest.text.MatchesPattern.matchesPattern;
import static org.junit.Assert.*;
......@@ -331,7 +333,8 @@ public class UIServiceGroupServiceIntegrationTest extends AbstractServiceIntegra
// then
assertNotNull(sg.getErrorMessage());
assertThat(sg.getErrorMessage(), containsString("cvc-complex-type.2.4.a: Invalid content was found starting with element '{\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\":ExtensionID}'."));
assertThat(sg.getErrorMessage(), matchesPattern(".*cvc-complex-type.2.4.a: Invalid content was found starting with element \\'\\{?(\"http://docs.oasis-open.org/bdxr/ns/SMP/2016/05\")?:ExtensionID\\}?\\'.*"));
assertNotNull(sg.getExtension());
}
......
smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
+ 20
31
View file @ a42a767a
......@@ -87,41 +87,35 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// prepare filters
blueCoatAuthenticationFilter.setBlueCoatEnabled(clientCertEnabled);
httpSecurity
.csrf().csrfTokenRepository(csrfTokenRepository).requireCsrfProtectionMatcher(csrfURLMatcher).and()
.exceptionHandling()
.authenticationEntryPoint(new SpringSecurityExceptionHandler())
.accessDeniedHandler(new SpringSecurityExceptionHandler())
.authenticationEntryPoint(new SpringSecurityExceptionHandler())
.accessDeniedHandler(new SpringSecurityExceptionHandler())
.and()
.headers().frameOptions().deny().contentTypeOptions().and().xssProtection().xssProtectionEnabled(true).and().and()
.addFilter(blueCoatAuthenticationFilter)
.addFilter(x509AuthenticationFilter)
.httpBasic().authenticationEntryPoint(new SpringSecurityExceptionHandler())
.and() // username
.httpBasic().authenticationEntryPoint(new SpringSecurityExceptionHandler()).and() // username
.anonymous().authorities(SMPAuthority.S_AUTHORITY_ANONYMOUS.getAuthority()).and()
.authorizeRequests().antMatchers(HttpMethod.DELETE, "/ui/rest/security/authentication").permitAll()
.antMatchers(HttpMethod.POST, "/ui/rest/security/authentication").permitAll()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.DELETE).hasAnyAuthority(
SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
.antMatchers(HttpMethod.PUT).hasAnyAuthority(
SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
.antMatchers(HttpMethod.DELETE, "/ui/rest/security/authentication").permitAll()
.antMatchers(HttpMethod.POST, "/ui/rest/security/authentication").permitAll().and()
.authorizeRequests()
.antMatchers(HttpMethod.DELETE).hasAnyAuthority(
SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
.antMatchers(HttpMethod.PUT).hasAnyAuthority(
SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority())
.antMatchers(HttpMethod.GET).permitAll().and()
.authorizeRequests().antMatchers(HttpMethod.GET, "/ui/").hasAnyAuthority(
SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority()).and()
;
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/ui/").hasAnyAuthority(
SMPAuthority.S_AUTHORITY_SMP_ADMIN.getAuthority(),
SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority());
}
@Override
......@@ -154,6 +148,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
public BlueCoatAuthenticationFilter getClientCertAuthenticationFilter(@Qualifier("smpAuthenticationManager") AuthenticationManager authenticationManager) {
BlueCoatAuthenticationFilter blueCoatAuthenticationFilter = new BlueCoatAuthenticationFilter();
blueCoatAuthenticationFilter.setAuthenticationManager(authenticationManager);
blueCoatAuthenticationFilter.setBlueCoatEnabled(clientCertEnabled);
return blueCoatAuthenticationFilter;
}
......@@ -183,12 +178,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
requestMatcher.addIgnoreUrl("/ui/rest/security/authentication", HttpMethod.DELETE, HttpMethod.POST);
// allow all gets
requestMatcher.addIgnoreUrl("/ui/.*", HttpMethod.GET);
// altternative fine tuned
//requestMatcher.addIgnoreUrl("/ui/(index.html|styles.*|runtime.*|polyfills.*|main.*)", HttpMethod.GET);
//requestMatcher.addIgnoreUrl("/ui/.*(\\.html|\\.css|\\.js)$", HttpMethod.GET);
//requestMatcher.addIgnoreUrl("/ui/assets/.*", HttpMethod.GET); // allow to retrieve assets
//requestMatcher.addIgnoreUrl("/ui/rest/(domain|search).*", HttpMethod.GET); // public methods
//requestMatcher.addIgnoreUrl("/ui/rest/application/(info|rootContext|name)", HttpMethod.GET); // public methods
// monitor
requestMatcher.addIgnoreUrl("/monitor/is-alive", HttpMethod.GET);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

For further information about the platform and support, please see https://code.europa.eu/info/about