diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
index a99e7e32fe5814729ba635946852de083809fb11..07b824c9e61b1eae53c8a80b46cde9fa62163aa4 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -28,15 +28,12 @@ public enum SMPPropertyEnum {
SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address","http://localhost:8080/smp/","Logical SMP endpoint which will be registered on SML when registering new domain", false, false , SMPPropertyTypeEnum.URL),
SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address","0.0.0.0","Physical SMP endpoint which will be registered on SML when registering new domain.", false, false , SMPPropertyTypeEnum.STRING),
-
-
HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host", false,false, SMPPropertyTypeEnum.STRING),
HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1", false,false, SMPPropertyTypeEnum.STRING),
HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.", false, true,SMPPropertyTypeEnum.STRING),
HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port", false, false, SMPPropertyTypeEnum.INTEGER),
HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user", false, false, SMPPropertyTypeEnum.STRING),
-
KEYSTORE_PASSWORD("smp.keystore.password","","Encrypted keystore (and keys) password ", false, true, SMPPropertyTypeEnum.STRING),
KEYSTORE_FILENAME("smp.keystore.filename","smp-keystore.jks","Keystore filename ", true, false , SMPPropertyTypeEnum.FILENAME),
TRUSTSTORE_PASSWORD("smp.truststore.password","","Encrypted truststore password ", false, true, SMPPropertyTypeEnum.STRING),
@@ -61,8 +58,7 @@ public enum SMPPropertyEnum {
UI_COOKIE_SESSION_SECURE("smp.ui.session.secure","false","Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistent to man-in-the-middle attacks.", false, false , SMPPropertyTypeEnum.BOOLEAN),
UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age","","Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter", false, false , SMPPropertyTypeEnum.INTEGER),
UI_COOKIE_SESSION_SITE("smp.ui.session.strict","None","Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax", false, false , SMPPropertyTypeEnum.STRING),
- UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false , SMPPropertyTypeEnum.STRING),
- ;
+ UI_COOKIE_SESSION_PATH("smp.ui.session.path","","A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false , SMPPropertyTypeEnum.STRING);
String property;
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index b526bb6744f0adc9beb27a17a2a409cdcb3f2272..bad6337e0afad02d534177f117bc61af0463b4fa 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -30,7 +30,6 @@ public class ConfigurationService {
@Autowired
private ConfigurationDao configurationDAO;
-
public DBConfiguration setPropertyToDatabase(SMPPropertyEnum key, String value, String description) {
String finalValue = StringUtils.trimToNull(value);
if (finalValue == null) {
@@ -57,15 +56,15 @@ public class ConfigurationService {
return res;
}
- public Pattern getParticipantIdentifierSchemeRexExp(){
- return (Pattern)configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
+ public Pattern getParticipantIdentifierSchemeRexExp() {
+ return (Pattern) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
}
- public String getParticipantIdentifierSchemeRexExpPattern(){
+ public String getParticipantIdentifierSchemeRexExpPattern() {
return configurationDAO.getCachedProperty(PARTC_SCH_REGEXP);
}
- public String getParticipantIdentifierSchemeRexExpMessage(){
+ public String getParticipantIdentifierSchemeRexExpMessage() {
return configurationDAO.getCachedProperty(PARTC_SCH_REGEXP_MSG);
}
@@ -94,13 +93,12 @@ public class ConfigurationService {
return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
}
-
public List<String> getCaseSensitiveDocumentScheme() {
- return (List<String>)configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
+ return (List<String>) configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
}
public List<String> getCaseSensitiveParticipantScheme() {
- return (List<String>)configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
+ return (List<String>) configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
}
public boolean isProxyEnabled() {
@@ -132,27 +130,26 @@ public class ConfigurationService {
return configurationDAO.getCachedProperty(SML_PHYSICAL_ADDRESS);
}
-
public boolean forceCRLValidation() {
Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
// by default is not froce
return value != null && value;
}
+
public String getSMLIntegrationServerCertSubjectRegExp() {
return configurationDAO.getCachedProperty(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
}
+
public boolean smlDisableCNCheck() {
Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
// by default is not froce
return value != null && value;
}
-
public File getConfigurationFolder() {
return (File) configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
}
-
public File getTruststoreFile() {
return (File) configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
}
@@ -169,17 +166,19 @@ public class ConfigurationService {
return (String) configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
}
-
public boolean getSessionCookieSecure() {
Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
return value != null && value;
}
+
public Integer getSessionCookieMaxAge() {
return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
}
+
public String getSessionCookieSameSite() {
return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
}
+
public String getSessionCookiePath() {
return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
index cfc4b072822aaaff27c30b632dfeb08f5c7063c3..33b596c77c13814fdc977236f182fd9a475d27d1 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/utils/SMPCookieWriter.java
@@ -12,6 +12,13 @@ import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
+
+/**
+ * Purpose of class is to serialize SMP cookies with the security flags
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
public class SMPCookieWriter {
private static final SMPLogger LOG = SMPLoggerFactory.getLogger(SMPCookieWriter.class);
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
index 27102a76c922e2233b8d1e18ac6df6bb88ecab37..d3dbe497a8e72519279fc39efde1fe60173279b0 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SMPTaskSchedulerConfig.java
@@ -14,7 +14,7 @@ import org.springframework.scheduling.annotation.Scheduled;
basePackages = "eu.europa.ec.edelivery.smp")
public class SMPTaskSchedulerConfig {
- ConfigurationDao configurationDao;
+ final ConfigurationDao configurationDao;
@Autowired
public SMPTaskSchedulerConfig(ConfigurationDao configurationDao) {
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
index 04122ed158c6c7ef7e1a5834955d58e3d2f3b87d..dea48449e88cea4fd6e9b1ac5cef3712727ecb4c 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
@@ -19,6 +19,7 @@ import eu.europa.ec.edelivery.smp.auth.SMPAuthenticationProvider;
import eu.europa.ec.edelivery.smp.auth.SMPAuthority;
import eu.europa.ec.edelivery.smp.auth.URLCsrfMatcher;
import eu.europa.ec.edelivery.smp.error.SpringSecurityExceptionHandler;
+import eu.europa.ec.edelivery.smp.utils.SMPCookieWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
index 1f026c36f4ca88493847c0fe55ddb943e054fda2..f3f013342c46dac708dd98edd683e5acb7461ebb 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
@@ -43,23 +43,32 @@ public class AuthenticationResource {
private static final SMPLogger LOG = SMPLoggerFactory.getLogger(AuthenticationResource.class);
- @Autowired
protected SMPAuthenticationService authenticationService;
- @Autowired
protected SMPAuthorizationService authorizationService;
- @Autowired
private ConversionService conversionService;
- @Autowired
private ConfigurationService configurationService;
- @Autowired
public CsrfTokenRepository csrfTokenRepository;
- SMPCookieWriter smpCookieWriter = new SMPCookieWriter();
+ SMPCookieWriter smpCookieWriter;
+ @Autowired
+ public AuthenticationResource(SMPAuthenticationService authenticationService
+ , SMPAuthorizationService authorizationService
+ , ConversionService conversionService
+ , ConfigurationService configurationService
+ , SMPCookieWriter smpCookieWriter
+ , CsrfTokenRepository csrfTokenRepository;) {
+ this.authenticationService = authenticationService;
+ this.authorizationService = authorizationService;
+ this.conversionService = conversionService;
+ this.configurationService = configurationService;
+ this.smpCookieWriter = smpCookieWriter;
+ this.csrfTokenRepository = csrfTokenRepository;
+ }
@ResponseStatus(value = HttpStatus.FORBIDDEN)
@ExceptionHandler({AuthenticationException.class})