Repository: cxf-fediz Updated Branches: refs/heads/master 3684347ed -> a2eec7eb4
FEDIZ-199 - Update the Spring plugin to spring security 4 Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a2eec7eb Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a2eec7eb Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a2eec7eb Branch: refs/heads/master Commit: a2eec7eb4a032dfc1f53a49c55b3c5ef9094aca6 Parents: 3684347 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Apr 11 15:26:00 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Apr 11 15:26:00 2017 +0100 ---------------------------------------------------------------------- .../web/FederationAuthenticationFilter.java | 3 +-- pom.xml | 2 +- services/idp-core/pom.xml | 4 +++ .../WEB-INF/applicationContext-security.xml | 27 ++++++++++---------- .../WEB-INF/applicationContext-security.xml | 3 ++- 5 files changed, 21 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index db61219..485ca38 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -143,8 +143,7 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces */ @Override protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) { - boolean result = request.getRequestURI().contains(getFilterProcessesUrl()); - result |= isTokenExpired(); + boolean result = isTokenExpired() || super.requiresAuthentication(request, response); if (logger.isDebugEnabled()) { logger.debug("requiresAuthentication = " + result); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index e897862..de60dd2 100644 --- a/pom.xml +++ b/pom.xml @@ -66,7 +66,7 @@ <servlet.version>2.5</servlet.version> <slf4j.version>1.7.22</slf4j.version> <spring.version>4.3.5.RELEASE</spring.version> - <spring.security.version>3.2.10.RELEASE</spring.security.version> + <spring.security.version>4.2.2.RELEASE</spring.security.version> <tomcat7.version>7.0.75</tomcat7.version> <tomcat8.version>8.5.12</tomcat8.version> <wss4j.version>2.1.9</wss4j.version> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/services/idp-core/pom.xml ---------------------------------------------------------------------- diff --git a/services/idp-core/pom.xml b/services/idp-core/pom.xml index 8ef9646..c6ca035 100644 --- a/services/idp-core/pom.xml +++ b/services/idp-core/pom.xml @@ -28,6 +28,10 @@ <artifactId>fediz-idp-core</artifactId> <name>Apache Fediz IDP Core</name> <packaging>jar</packaging> + + <properties> + <spring.security.version>3.2.10.RELEASE</spring.security.version> + </properties> <dependencyManagement> <dependencies> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml ---------------------------------------------------------------------- diff --git a/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml b/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml index 1b04079..b7b3ec5 100644 --- a/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -26,10 +26,10 @@ xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd - http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd"> <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> - <sec:filter-chain-map path-type="ant"> + <sec:filter-chain-map request-matcher="ant"> <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/> </sec:filter-chain-map> </bean> @@ -80,31 +80,30 @@ </constructor-arg> </bean> - <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/> - <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter"> - <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/> + <constructor-arg ref="preAuthenticatedProcessingFilterEntryPoint"/> </bean> <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> - <property name="allowIfAllAbstainDecisions" value="false"/> - <property name="decisionVoters"> + <constructor-arg> <list> <ref bean="roleVoter"/> + <bean class="org.springframework.security.web.access.expression.WebExpressionVoter" /> </list> - </property> + </constructor-arg> + <property name="allowIfAllAbstainDecisions" value="false"/> </bean> <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> <property name="securityMetadataSource"> - <sec:filter-invocation-definition-source> - <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/> - <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/> - <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/> - <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED,ROLE_SECRETARY"/> - </sec:filter-invocation-definition-source> + <sec:filter-security-metadata-source> + <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/> + <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/> + <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/> + <sec:intercept-url pattern="/secure/fedservlet" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER','ROLE_AUTHENTICATED','ROLE_SECRETARY')"/> + </sec:filter-security-metadata-source> </property> </bean> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml ---------------------------------------------------------------------- diff --git a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml index 9121045..68d1a5b 100644 --- a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -23,7 +23,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" - xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd + xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd"> @@ -44,6 +44,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/sch <sec:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/> <sec:custom-filter ref="federationSignOutCleanupFilter" position="PRE_AUTH_FILTER"/> <sec:session-management session-authentication-strategy-ref="sas"/> + <sec:csrf disabled="true"/> </sec:http>