cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: FEDIZ-199 - Update the Spring plugin to spring security 4
Date Tue, 11 Apr 2017 14:26:13 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 3684347ed -> a2eec7eb4


FEDIZ-199 - Update the Spring plugin to spring security 4


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a2eec7eb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a2eec7eb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a2eec7eb

Branch: refs/heads/master
Commit: a2eec7eb4a032dfc1f53a49c55b3c5ef9094aca6
Parents: 3684347
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 11 15:26:00 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 11 15:26:00 2017 +0100

----------------------------------------------------------------------
 .../web/FederationAuthenticationFilter.java     |  3 +--
 pom.xml                                         |  2 +-
 services/idp-core/pom.xml                       |  4 +++
 .../WEB-INF/applicationContext-security.xml     | 27 ++++++++++----------
 .../WEB-INF/applicationContext-security.xml     |  3 ++-
 5 files changed, 21 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index db61219..485ca38 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -143,8 +143,7 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
      */
     @Override
     protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse
response) {
-        boolean result = request.getRequestURI().contains(getFilterProcessesUrl());
-        result |= isTokenExpired();
+        boolean result = isTokenExpired() || super.requiresAuthentication(request, response);
         if (logger.isDebugEnabled()) {
             logger.debug("requiresAuthentication = " + result);
         }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index e897862..de60dd2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,7 +66,7 @@
         <servlet.version>2.5</servlet.version>
         <slf4j.version>1.7.22</slf4j.version>
         <spring.version>4.3.5.RELEASE</spring.version>
-        <spring.security.version>3.2.10.RELEASE</spring.security.version>
+        <spring.security.version>4.2.2.RELEASE</spring.security.version>
         <tomcat7.version>7.0.75</tomcat7.version>
         <tomcat8.version>8.5.12</tomcat8.version>
         <wss4j.version>2.1.9</wss4j.version>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/services/idp-core/pom.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/pom.xml b/services/idp-core/pom.xml
index 8ef9646..c6ca035 100644
--- a/services/idp-core/pom.xml
+++ b/services/idp-core/pom.xml
@@ -28,6 +28,10 @@
     <artifactId>fediz-idp-core</artifactId>
     <name>Apache Fediz IDP Core</name>
     <packaging>jar</packaging>
+
+    <properties>
+        <spring.security.version>3.2.10.RELEASE</spring.security.version>
+    </properties>
     
     <dependencyManagement>
         <dependencies>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
b/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
index 1b04079..b7b3ec5 100644
--- a/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/systests/webapps/springPreauthWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -26,10 +26,10 @@
     xmlns:sec="http://www.springframework.org/schema/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">
 
     <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
-        <sec:filter-chain-map path-type="ant">
+        <sec:filter-chain-map request-matcher="ant">
             <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
         </sec:filter-chain-map>
     </bean>
@@ -80,31 +80,30 @@
         </constructor-arg>
     </bean>
 
-    <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
-
     <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
-        <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
+        <constructor-arg ref="preAuthenticatedProcessingFilterEntryPoint"/>
     </bean>
 
     <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-        <property name="allowIfAllAbstainDecisions" value="false"/>
-        <property name="decisionVoters">
+        <constructor-arg>
             <list>
                 <ref bean="roleVoter"/>
+                <bean class="org.springframework.security.web.access.expression.WebExpressionVoter"
/>
             </list>
-        </property>
+        </constructor-arg>
+        <property name="allowIfAllAbstainDecisions" value="false"/>
     </bean>
 
     <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
         <property name="securityMetadataSource">
-            <sec:filter-invocation-definition-source>
-                <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/>
-                <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/>
-                <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/>
-                <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED,ROLE_SECRETARY"/>
-            </sec:filter-invocation-definition-source>
+            <sec:filter-security-metadata-source>
+                <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/>
+                <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/>
+                <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/>
+                <sec:intercept-url pattern="/secure/fedservlet" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER','ROLE_AUTHENTICATED','ROLE_SECRETARY')"/>
+            </sec:filter-security-metadata-source>
         </property>
     </bean>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a2eec7eb/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
index 9121045..68d1a5b 100644
--- a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -23,7 +23,7 @@
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:context="http://www.springframework.org/schema/context"
     xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd
 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
@@ -44,6 +44,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/sch
         <sec:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
         <sec:custom-filter ref="federationSignOutCleanupFilter" position="PRE_AUTH_FILTER"/>
         <sec:session-management session-authentication-strategy-ref="sas"/>
+        <sec:csrf disabled="true"/>
     </sec:http>
 
 


Mime
View raw message