Merge branch 'development' of...

Merge branch 'development' of https://ec.europa.eu/cefdigital/code/scm/edelivery/smp into bugfix/EDELIVERY-6343-set-csrf-tokens-for-the-smp-console Conflicts: smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java

Merge branch 'development' of...
Merge branch 'development' of https://ec.europa.eu/cefdigital/code/scm/edelivery/smp into bugfix/EDELIVERY-6343-set-csrf-tokens-for-the-smp-console Conflicts: smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
d19d7df9 · Joze RIHTARSIC · a42a767a · 3b0818da · d19d7df9 · d19d7df9
Commit d19d7df9 authored 3 years ago by Joze RIHTARSIC
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -28,15 +28,12 @@ public enum SMPPropertyEnum {
    SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address","http://localhost:8080/smp/","Logical SMP endpoint which will be registered on SML when registering new domain", false, false , SMPPropertyTypeEnum.URL),
    SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address","0.0.0.0","Physical SMP endpoint which will be registered on SML when registering new domain.", false, false , SMPPropertyTypeEnum.STRING),

-
-
    HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host", false,false, SMPPropertyTypeEnum.STRING),
    HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1", false,false, SMPPropertyTypeEnum.STRING),
    HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.", false, true,SMPPropertyTypeEnum.STRING),
    HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port", false, false, SMPPropertyTypeEnum.INTEGER),
    HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user", false, false, SMPPropertyTypeEnum.STRING),

-
    KEYSTORE_PASSWORD("smp.keystore.password","","Encrypted keystore (and keys) password ", false, true, SMPPropertyTypeEnum.STRING),
    KEYSTORE_FILENAME("smp.keystore.filename","smp-keystore.jks","Keystore filename ", true, false , SMPPropertyTypeEnum.FILENAME),
    TRUSTSTORE_PASSWORD("smp.truststore.password","","Encrypted truststore password ", false, true, SMPPropertyTypeEnum.STRING),
@@ -61,8 +58,7 @@ public enum SMPPropertyEnum {
    UI_COOKIE_SESSION_SECURE("smp.ui.session.secure","false","Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistent to man-in-the-middle attacks.", false, false , SMPPropertyTypeEnum.BOOLEAN),
    UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age","","Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter", false, false , SMPPropertyTypeEnum.INTEGER),
    UI_COOKIE_SESSION_SITE("smp.ui.session.strict","None","Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax", false, false , SMPPropertyTypeEnum.STRING),
-    UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header.  Null/Empty value sets the authentication requests context by default.  The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false , SMPPropertyTypeEnum.STRING),
-    ;
+    UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header.  Null/Empty value sets the authentication requests context by default.  The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false , SMPPropertyTypeEnum.STRING);


    String property;

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -30,7 +30,6 @@ public class ConfigurationService {
    @Autowired
    private ConfigurationDao configurationDAO;

-
    public DBConfiguration setPropertyToDatabase(SMPPropertyEnum key, String value, String description) {
        String finalValue = StringUtils.trimToNull(value);
        if (finalValue == null) {
@@ -57,15 +56,15 @@ public class ConfigurationService {
        return res;
    }

-    public Pattern getParticipantIdentifierSchemeRexExp(){
-        return (Pattern)configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
+    public Pattern getParticipantIdentifierSchemeRexExp() {
+        return (Pattern) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
    }

-    public String getParticipantIdentifierSchemeRexExpPattern(){
+    public String getParticipantIdentifierSchemeRexExpPattern() {
        return configurationDAO.getCachedProperty(PARTC_SCH_REGEXP);
    }

-    public String getParticipantIdentifierSchemeRexExpMessage(){
+    public String getParticipantIdentifierSchemeRexExpMessage() {
        return configurationDAO.getCachedProperty(PARTC_SCH_REGEXP_MSG);
    }

@@ -94,13 +93,12 @@ public class ConfigurationService {
        return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
    }

-
    public List<String> getCaseSensitiveDocumentScheme() {
-        return (List<String>)configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
+        return (List<String>) configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
    }

    public List<String> getCaseSensitiveParticipantScheme() {
-        return (List<String>)configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
+        return (List<String>) configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
    }

    public boolean isProxyEnabled() {
@@ -132,27 +130,26 @@ public class ConfigurationService {
        return configurationDAO.getCachedProperty(SML_PHYSICAL_ADDRESS);
    }

-
    public boolean forceCRLValidation() {
        Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
        // by default is not froce
        return value != null && value;
    }
+
    public String getSMLIntegrationServerCertSubjectRegExp() {
        return configurationDAO.getCachedProperty(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
    }
+
    public boolean smlDisableCNCheck() {
        Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
        // by default is not froce
        return value != null && value;
    }

-
    public File getConfigurationFolder() {
        return (File) configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
    }

-
    public File getTruststoreFile() {
        return (File) configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
    }
@@ -169,17 +166,19 @@ public class ConfigurationService {
        return (String) configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
    }

-
    public boolean getSessionCookieSecure() {
        Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
        return value != null && value;
    }
+
    public Integer getSessionCookieMaxAge() {
        return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
    }
+
    public String getSessionCookieSameSite() {
        return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
    }
+
    public String getSessionCookiePath() {
        return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
    }

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
@@ -12,6 +12,13 @@ import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;

+
+/**
+ * Purpose of class is to serialize SMP cookies with the security flags
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
 public class SMPCookieWriter {
    private static final SMPLogger LOG = SMPLoggerFactory.getLogger(SMPCookieWriter.class);


--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
@@ -14,7 +14,7 @@ import org.springframework.scheduling.annotation.Scheduled;
        basePackages = "eu.europa.ec.edelivery.smp")
 public class SMPTaskSchedulerConfig {

-    ConfigurationDao configurationDao;
+    final ConfigurationDao configurationDao;

    @Autowired
    public SMPTaskSchedulerConfig(ConfigurationDao configurationDao) {

--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
@@ -19,6 +19,7 @@ import eu.europa.ec.edelivery.smp.auth.SMPAuthenticationProvider;
 import eu.europa.ec.edelivery.smp.auth.SMPAuthority;
 import eu.europa.ec.edelivery.smp.auth.URLCsrfMatcher;
 import eu.europa.ec.edelivery.smp.error.SpringSecurityExceptionHandler;
+import eu.europa.ec.edelivery.smp.utils.SMPCookieWriter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
@@ -43,23 +43,32 @@ public class AuthenticationResource {

    private static final SMPLogger LOG = SMPLoggerFactory.getLogger(AuthenticationResource.class);

-    @Autowired
    protected SMPAuthenticationService authenticationService;

-    @Autowired
    protected SMPAuthorizationService authorizationService;

-    @Autowired
    private ConversionService conversionService;

-    @Autowired
    private ConfigurationService configurationService;

-    @Autowired
    public CsrfTokenRepository csrfTokenRepository;

-    SMPCookieWriter smpCookieWriter = new SMPCookieWriter();
+    SMPCookieWriter smpCookieWriter;

+    @Autowired
+    public AuthenticationResource(SMPAuthenticationService authenticationService
+            , SMPAuthorizationService authorizationService
+            , ConversionService conversionService
+            , ConfigurationService configurationService
+            , SMPCookieWriter smpCookieWriter
+            , CsrfTokenRepository csrfTokenRepository;) {
+        this.authenticationService = authenticationService;
+        this.authorizationService = authorizationService;
+        this.conversionService = conversionService;
+        this.configurationService = configurationService;
+        this.smpCookieWriter = smpCookieWriter;
+        this.csrfTokenRepository = csrfTokenRepository;
+    }

    @ResponseStatus(value = HttpStatus.FORBIDDEN)
    @ExceptionHandler({AuthenticationException.class})