Skip to content
Snippets Groups Projects
Commit 51761336 authored by jerry's avatar jerry
Browse files

disabling certificate validation for parametrized IP address

parent 9b0503f3
No related branches found
No related tags found
2 merge requests!7Features/keycloak integration,!6Features/keycloak integration
......@@ -47,7 +47,7 @@ frontend:
loginUrl: {{ default .Env.FRONTEND_LOGIN_URL "http://frontend/services/login/hbp" }}
redirectAfterLogoutUrl: {{ default .Env.FRONTEND_AFTER_LOGOUT_URL (default .Env.LOGIN_URI "http://frontend/services/login/hbp") }}
redirectAfterLoginUrl: {{ default .Env.FRONTEND_AFTER_LOGIN_URL "http://frontend/home" }}
logging:
level:
root: {{ default .Env.LOG_LEVEL "INFO" }}
......@@ -88,4 +88,5 @@ services:
galaxyUsername: {{ default .Env.GALAXY_USERNAME "admin" }}
galaxyPassword: {{ default .Env.GALAXY_PASSWORD "password" }}
galaxyContext: {{ default .Env.GALAXY_CONTEXT "nativeGalaxy" }}
keycloak:
keycloakUrl: {{ default .Env.KEYCLOAK_URL "88.197.53.10"}}
......@@ -4,14 +4,23 @@
package eu.hbp.mip;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
@SpringBootApplication
public class MIPApplication {
private static final Logger LOGGER = LoggerFactory.getLogger(MIPApplication.class);
public static void main(String[] args) {
SpringApplication.run(MIPApplication.class, args);
}
}
......@@ -65,6 +65,18 @@ import org.springframework.util.MultiValueMap;
import java.net.URI;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
// See https://spring.io/guides/tutorials/spring-boot-oauth2/ for reference about configuring OAuth2 login
// also http://cscarioni.blogspot.ch/2013/04/pro-spring-security-and-oauth-2.html
......@@ -120,6 +132,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
disableCertificateValidation();
// @formatter:off
http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
......@@ -309,6 +322,52 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
ResponseEntity<String> responseEntity = restTemplate.exchange(requestEntity, String.class);
}
@Value("#{'${services.keycloak.keycloakUrl:88.197.53.10}'}")
private String keycloakUrl;
// static {
// disableCertificateValidation();
// }
public void disableCertificateValidation() {
LOGGER.info("disabling certificate validation host : " + keycloakUrl);
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {}
public void checkServerTrusted(X509Certificate[] certs, String authType) {}
} };
// Ignore differences between given hostname and certificate hostname
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
// System.out.println("Warning: URL Host: " + hostname + " vs. "
// + session.getPeerHost());
if(hostname.equals(keycloakUrl) && session.getPeerHost().equals(keycloakUrl))
{
return true;
}
else
{
return false;
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
} catch (Exception e) {}
}
}
......@@ -3,10 +3,13 @@
<file>logs/log1.txt</file>
<append>true</append>
<encoder>
<pattern>%d{yyyy-MM-dd} %msg%n</pattern>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %msg%n</pattern>
</encoder>
</appender>
<logger name="eu.hbp.mip">
<appender-ref ref="FILE1" />
</logger>
<logger name="org.springframework">
<appender-ref ref="FILE1" />
</logger>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment