From b875346b99cbdfcfaebb5af0d59ea8f97d37286d Mon Sep 17 00:00:00 2001
From: Ludovic Claude <ludovic.claude54@gmail.com>
Date: Tue, 22 Jan 2019 17:15:23 +0100
Subject: [PATCH] Update woken-messages to 2.9.1, revert upgrade of Spring
---
Dockerfile | 3 +-
pom.xml | 20 ++-------
src/main/java/eu/hbp/mip/MIPApplication.java | 4 +-
.../configuration/BugsnagConfiguration.java | 4 +-
.../PersistenceConfiguration.java | 3 +-
.../configuration/SecurityConfiguration.java | 42 ++-----------------
...ustomLoginUrlAuthenticationEntryPoint.java | 21 ++++++++++
7 files changed, 34 insertions(+), 63 deletions(-)
create mode 100644 src/main/java/eu/hbp/mip/utils/CustomLoginUrlAuthenticationEntryPoint.java
diff --git a/Dockerfile b/Dockerfile
index bf47525ce..64d96a7e4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,8 @@ ARG BUILD_DATE
ARG VCS_REF
ARG VERSION
-ENV CONTEXT_PATH "/services"
+ENV CONTEXT_PATH "/services" \
+ BUGSNAG_KEY "dff301aa15eb795a6d8b22b600586f77"
RUN apt-get update && apt-get install -y --no-install-recommends curl \
&& rm -rf /var/lib/apt/lists/* /tmp/*
diff --git a/pom.xml b/pom.xml
index ab304cbca..90d24a639 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
- <version>1.5.18.RELEASE</version>
+ <version>1.3.7.RELEASE</version>
<relativePath />
</parent>
@@ -27,7 +27,7 @@
<asciidoctor.maven.plugin.version>1.5.5</asciidoctor.maven.plugin.version>
<asciidoctorj.pdf.version>1.5.0-alpha.15</asciidoctorj.pdf.version>
<asciidoctorj.version>1.5.5</asciidoctorj.version>
- <spring-data-commons.version>1.12.11.RELEASE</spring-data-commons.version>
+ <spring-data-commons.version>1.13.17.RELEASE</spring-data-commons.version>
<angularjs.version>1.5.7</angularjs.version>
<jquery.version>3.0.0</jquery.version>
<bootstrap.version>3.3.7</bootstrap.version>
@@ -45,9 +45,9 @@
<hibernate-jpa-2.1-api.version>1.0.0.Final</hibernate-jpa-2.1-api.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<spring-data-jpa.version>1.10.11.RELEASE</spring-data-jpa.version>
- <spring-boot-starter-actuator.version>1.5.18.RELEASE</spring-boot-starter-actuator.version>
+ <spring-boot-starter-actuator.version>1.4.7.RELEASE</spring-boot-starter-actuator.version>
<aspectjweaver.version>1.8.9</aspectjweaver.version>
- <woken-messages.version>2.8.4</woken-messages.version>
+ <woken-messages.version>2.9.1</woken-messages.version>
<javax-inject.version>1</javax-inject.version>
<akka.version>2.5.19</akka.version>
<spring-context.version>4.3.4.RELEASE</spring-context.version>
@@ -99,18 +99,6 @@
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-oauth2-client</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-oauth2-jose</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-data-jpa</artifactId>
- </dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
diff --git a/src/main/java/eu/hbp/mip/MIPApplication.java b/src/main/java/eu/hbp/mip/MIPApplication.java
index b3f8648cd..d85f8c13e 100644
--- a/src/main/java/eu/hbp/mip/MIPApplication.java
+++ b/src/main/java/eu/hbp/mip/MIPApplication.java
@@ -6,14 +6,12 @@ package eu.hbp.mip;
import eu.hbp.mip.configuration.*;
import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.boot.autoconfigure.validation.ValidationAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
@Configuration
-@EnableAutoConfiguration(exclude = { ValidationAutoConfiguration.class })
+//@EnableAutoConfiguration(exclude = { ValidationAutoConfiguration.class })
@Import({ AkkaConfiguration.class, BugsnagConfiguration.class,
CacheConfiguration.class, PersistenceConfiguration.class,
SecurityConfiguration.class, WebConfiguration.class})
diff --git a/src/main/java/eu/hbp/mip/configuration/BugsnagConfiguration.java b/src/main/java/eu/hbp/mip/configuration/BugsnagConfiguration.java
index b02b1e6a1..36770fcbc 100644
--- a/src/main/java/eu/hbp/mip/configuration/BugsnagConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/BugsnagConfiguration.java
@@ -11,6 +11,6 @@ import org.springframework.context.annotation.Import;
public class BugsnagConfiguration {
@Bean
public Bugsnag bugsnag() {
- return new Bugsnag("dff301aa15eb795a6d8b22b600586f77");
+ return new Bugsnag(System.getenv("BUGSNAG_KEY"));
}
-}
\ No newline at end of file
+}
diff --git a/src/main/java/eu/hbp/mip/configuration/PersistenceConfiguration.java b/src/main/java/eu/hbp/mip/configuration/PersistenceConfiguration.java
index d1a57c654..9b4d490e4 100644
--- a/src/main/java/eu/hbp/mip/configuration/PersistenceConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/PersistenceConfiguration.java
@@ -7,7 +7,6 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.jdbc.DataSourceBuilder;
import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.autoconfigure.domain.EntityScan;
import org.springframework.context.annotation.*;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.jdbc.core.JdbcTemplate;
@@ -27,7 +26,7 @@ import javax.sql.DataSource;
@Configuration
@EnableJpaRepositories("eu.hbp.mip.repositories")
@EnableTransactionManagement
-@EntityScan(basePackages = "eu.hbp.mip.model")
+//@EntityScan(basePackages = "eu.hbp.mip.model")
public class PersistenceConfiguration {
@Value("#{'${spring.featuresDatasource.main-table:features}'}")
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index 28d482ddf..d8ec1acfb 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -2,6 +2,7 @@ package eu.hbp.mip.configuration;
import eu.hbp.mip.model.UserInfo;
import eu.hbp.mip.utils.CORSFilter;
+import eu.hbp.mip.utils.CustomLoginUrlAuthenticationEntryPoint;
import eu.hbp.mip.utils.HTTPUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -9,12 +10,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
@@ -25,7 +25,6 @@ import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResour
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -33,11 +32,6 @@ import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
-import org.springframework.security.web.firewall.FirewalledRequest;
-import org.springframework.security.web.firewall.HttpFirewall;
-import org.springframework.security.web.firewall.RequestRejectedException;
-import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.web.filter.CommonsRequestLoggingFilter;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;
@@ -94,12 +88,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("#{'${hbp.resource.revokeTokenUri:https://services.humanbrainproject.eu/oidc/revoke}'}")
private String revokeTokenURI;
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
- }
-
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
@@ -112,12 +100,11 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
"/", "/login/**", "/health/**", "/info/**", "/metrics/**", "/trace/**", "/frontend/**", "/webjars/**", "/v2/api-docs", "/swagger-ui.html", "/swagger-resources/**"
).permitAll()
.anyRequest().authenticated()
- .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(loginUrl))
+ .and().exceptionHandling().authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint(loginUrl))
.and().logout().addLogoutHandler(new CustomLogoutHandler()).logoutSuccessUrl(redirectAfterLogoutUrl)
.and().logout().permitAll()
.and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
- .addFilterBefore(requestLoggingFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
else {
@@ -145,29 +132,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
return registration;
}
- @Bean
- public CommonsRequestLoggingFilter requestLoggingFilter() {
- CommonsRequestLoggingFilter loggingFilter = new CommonsRequestLoggingFilter();
- loggingFilter.setIncludeClientInfo(true);
- loggingFilter.setIncludeHeaders(true);
- loggingFilter.setIncludeQueryString(true);
- loggingFilter.setIncludePayload(true);
- return loggingFilter;
- }
-
- @Bean
- public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
- StrictHttpFirewall firewall = new StrictHttpFirewall() {
- @Override
- public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
- System.out.println(request.getRequestURI() + " " + request.getContextPath());
- return super.getFirewalledRequest(request);
- }
- };
- firewall.setAllowUrlEncodedSlash(true);
- return firewall;
- }
-
@Bean(name="hbp")
@ConfigurationProperties("hbp.client")
public OAuth2ProtectedResourceDetails hbp() {
diff --git a/src/main/java/eu/hbp/mip/utils/CustomLoginUrlAuthenticationEntryPoint.java b/src/main/java/eu/hbp/mip/utils/CustomLoginUrlAuthenticationEntryPoint.java
new file mode 100644
index 000000000..45870c777
--- /dev/null
+++ b/src/main/java/eu/hbp/mip/utils/CustomLoginUrlAuthenticationEntryPoint.java
@@ -0,0 +1,21 @@
+package eu.hbp.mip.utils;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class CustomLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
+
+ public CustomLoginUrlAuthenticationEntryPoint(String url) {
+ super(url);
+ }
+
+ @Override
+ public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+}
--
GitLab