/* * (c) Copyright 2014-2016 Micro Focus or one of its affiliates. * * Licensed under the MIT License (the "License"); you may not use this file * except in compliance with the License. * * The only warranties for products and services of Micro Focus and its affiliates * and licensors ("Micro Focus") are as may be set forth in the express warranty * statements accompanying such products and services. Nothing herein should be * construed as constituting an additional warranty. Micro Focus shall not be * liable for technical or editorial errors or omissions contained herein. The * information contained herein is subject to change without notice. */ package com.hp.autonomy.frontend.find.idol.beanconfiguration; import com.hp.autonomy.frontend.configuration.ConfigService; import com.hp.autonomy.frontend.configuration.authentication.AuthenticationConfig; import com.hp.autonomy.frontend.configuration.authentication.CommunityAuthenticationProvider; import com.hp.autonomy.frontend.configuration.authentication.Role; import com.hp.autonomy.frontend.configuration.authentication.Roles; import com.hp.autonomy.frontend.find.core.beanconfiguration.FindRole; import com.hp.autonomy.frontend.find.core.web.FindController; import com.hp.autonomy.frontend.find.idol.authentication.FindCommunityRole; import com.hp.autonomy.user.UserService; import com.hpe.bigdata.frontend.spring.authentication.AuthenticationInformationRetriever; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.stereotype.Component; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Set; @SuppressWarnings("SpringAutowiredFieldsWarningInspection") @Component @ConditionalOnProperty(value = "server.reverseProxy", havingValue = "false", matchIfMissing = true) public class IdolSecurityCustomizerImpl implements IdolSecurityCustomizer { static final String DEFAULT_ROLES_KEY = "find.defaultRoles"; @Autowired private ConfigService<? extends AuthenticationConfig<?>> configService; @Autowired private UserService userService; @Autowired private GrantedAuthoritiesMapper grantedAuthoritiesMapper; @Autowired private AuthenticationInformationRetriever<?, ?> authenticationInformationRetriever; @Value("${" + DEFAULT_ROLES_KEY + '}') private String defaultRolesProperty; @SuppressWarnings("ProhibitedExceptionDeclared") @Override public void customize(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception { final AuthenticationSuccessHandler successHandler = new IdolLoginSuccessHandler( FindController.CONFIG_PATH, FindController.APP_PATH, FindRole.CONFIG.toString(), authenticationInformationRetriever ); http.formLogin() .loginPage(FindController.DEFAULT_LOGIN_PAGE) .loginProcessingUrl("/authenticate") .successHandler(successHandler) .failureUrl(FindController.DEFAULT_LOGIN_PAGE + "?error=auth"); } @Override public Collection<AuthenticationProvider> getAuthenticationProviders() { return Collections.singleton(communityAuthenticationProvider()); } private AuthenticationProvider communityAuthenticationProvider() { final Role user = new Role.Builder() .setName(FindCommunityRole.USER.value()) .setPrivileges(Collections.singleton("login")) .build(); final Set<String> defaultRoles; if (defaultRolesProperty.isEmpty()) { defaultRoles = Collections.emptySet(); } else { defaultRoles = new HashSet<>(Arrays.asList(defaultRolesProperty.split(","))); } return new CommunityAuthenticationProvider( configService, userService, new Roles(Collections.singletonList(user)), Collections.singleton("login"), grantedAuthoritiesMapper, defaultRoles ); } }