This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 2_1_X in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 5938894368c255600175de0b66e5f139605bb774 Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Thu Jan 27 14:58:39 2022 +0100 [SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter --- .../SyncopeAnonymousAuthenticationFilter.java | 29 ++++++++++++++++++++++ core/spring/src/main/resources/securityContext.xml | 14 +++++++++-- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java new file mode 100644 index 0000000..c85e942 --- /dev/null +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.spring.security; + +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; + +public class SyncopeAnonymousAuthenticationFilter extends AnonymousAuthenticationFilter { + + public SyncopeAnonymousAuthenticationFilter(final String key, final String anonymousUser) { + super(key, anonymousUser, AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); + } +} diff --git a/core/spring/src/main/resources/securityContext.xml b/core/spring/src/main/resources/securityContext.xml index bec0d12..5f7490b 100644 --- a/core/spring/src/main/resources/securityContext.xml +++ b/core/spring/src/main/resources/securityContext.xml @@ -96,6 +96,15 @@ under the License. <property name="realmName" value="Apache Syncope authentication"/> </bean> + <bean id="anonymousAuthenticationFilter" class="org.apache.syncope.core.spring.security.SyncopeAnonymousAuthenticationFilter"> + <constructor-arg value="doesNotMatter"/> + <constructor-arg value="${anonymousUser}"/> + <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/> + </bean> + <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider"> + <constructor-arg value="doesNotMatter"/> + </bean> + <bean id="jwtAuthenticationFilter" class="org.apache.syncope.core.spring.security.JWTAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/> @@ -112,12 +121,13 @@ under the License. use-expressions="false" disable-url-rewriting="false" pattern="/**"> - <security:anonymous username="${anonymousUser}"/> + <security:anonymous enabled="false"/> + <security:custom-filter ref="anonymousAuthenticationFilter" position="ANONYMOUS_FILTER"/> <security:custom-filter ref="jwtAuthenticationFilter" before="BASIC_AUTH_FILTER"/> <security:http-basic authentication-details-source-ref="authenticationDetailsSource"/> - <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="mustChangePasswordFilter"/> + <security:custom-filter ref="mustChangePasswordFilter" before="FILTER_SECURITY_INTERCEPTOR"/> <security:access-denied-handler ref="syncopeAccessDeniedHandler"/>