diff --git a/package-lock.json b/package-lock.json
index 4962f30e1ce9248817464c643d2268194b2c31a9..e92b223e3fdef6dcc829ee89a5def82d76f60a4a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,13 +11,13 @@
"license": "UNLICENSED",
"dependencies": {
"@angular/animations": "13.1.3",
- "@angular/cdk": "^13.1.3",
+ "@angular/cdk": "^13.3.9",
"@angular/common": "13.1.3",
"@angular/compiler": "13.1.3",
"@angular/core": "13.1.3",
"@angular/forms": "13.1.3",
"@angular/localize": "13.1.3",
- "@angular/material": "^13.1.3",
+ "@angular/material": "^13.3.9",
"@angular/platform-browser": "13.1.3",
"@angular/platform-browser-dynamic": "13.1.3",
"@angular/router": "13.1.3",
@@ -1341,9 +1341,9 @@
}
},
"node_modules/@angular/cdk": {
- "version": "13.2.2",
- "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.2.2.tgz",
- "integrity": "sha512-cT5DIaz+NI9IGb3X61Wh26+L6zdRcOXT1BP37iRbK2Qa2qM8/0VNeK6hrBBIblyoHKR/WUmRlS8XYf6mmArpZw==",
+ "version": "13.3.9",
+ "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.3.9.tgz",
+ "integrity": "sha512-XCuCbeuxWFyo3EYrgEYx7eHzwl76vaWcxtWXl00ka8d+WAOtMQ6Tf1D98ybYT5uwF9889fFpXAPw98mVnlo3MA==",
"dependencies": {
"tslib": "^2.3.0"
},
@@ -1636,15 +1636,15 @@
}
},
"node_modules/@angular/material": {
- "version": "13.2.2",
- "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.2.2.tgz",
- "integrity": "sha512-YAjPp2+/wuEOPfkAxdRVdbWHiK4P3DgMZa9qP/NizN2lTXNrftEfD09ZlPIFMZRnnExezJ2LnO7eyELpc1VSKg==",
+ "version": "13.3.9",
+ "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.3.9.tgz",
+ "integrity": "sha512-FU8lcMgo+AL8ckd27B4V097ZPoIZNRHiCe3wpgkImT1qC0YwcyXZVn0MqQTTFSdC9a/aI8wPm3AbTClJEVw5Vw==",
"dependencies": {
"tslib": "^2.3.0"
},
"peerDependencies": {
"@angular/animations": "^13.0.0 || ^14.0.0-0",
- "@angular/cdk": "13.2.2",
+ "@angular/cdk": "13.3.9",
"@angular/common": "^13.0.0 || ^14.0.0-0",
"@angular/core": "^13.0.0 || ^14.0.0-0",
"@angular/forms": "^13.0.0 || ^14.0.0-0",
@@ -26782,9 +26782,9 @@
}
},
"@angular/cdk": {
- "version": "13.2.2",
- "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.2.2.tgz",
- "integrity": "sha512-cT5DIaz+NI9IGb3X61Wh26+L6zdRcOXT1BP37iRbK2Qa2qM8/0VNeK6hrBBIblyoHKR/WUmRlS8XYf6mmArpZw==",
+ "version": "13.3.9",
+ "resolved": "https://registry.npmjs.org/@angular/cdk/-/cdk-13.3.9.tgz",
+ "integrity": "sha512-XCuCbeuxWFyo3EYrgEYx7eHzwl76vaWcxtWXl00ka8d+WAOtMQ6Tf1D98ybYT5uwF9889fFpXAPw98mVnlo3MA==",
"requires": {
"parse5": "^5.0.0",
"tslib": "^2.3.0"
@@ -26980,9 +26980,9 @@
}
},
"@angular/material": {
- "version": "13.2.2",
- "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.2.2.tgz",
- "integrity": "sha512-YAjPp2+/wuEOPfkAxdRVdbWHiK4P3DgMZa9qP/NizN2lTXNrftEfD09ZlPIFMZRnnExezJ2LnO7eyELpc1VSKg==",
+ "version": "13.3.9",
+ "resolved": "https://registry.npmjs.org/@angular/material/-/material-13.3.9.tgz",
+ "integrity": "sha512-FU8lcMgo+AL8ckd27B4V097ZPoIZNRHiCe3wpgkImT1qC0YwcyXZVn0MqQTTFSdC9a/aI8wPm3AbTClJEVw5Vw==",
"requires": {
"tslib": "^2.3.0"
}
diff --git a/package.json b/package.json
index 068983bafd5846b6933205ef733bdb52b045d64a..95446a4897e7363d1fad071d6a0da27c2d8587bb 100644
--- a/package.json
+++ b/package.json
@@ -86,13 +86,13 @@
},
"dependencies": {
"@angular/animations": "13.1.3",
- "@angular/cdk": "^13.1.3",
+ "@angular/cdk": "^13.3.9",
"@angular/common": "13.1.3",
"@angular/compiler": "13.1.3",
"@angular/core": "13.1.3",
"@angular/forms": "13.1.3",
"@angular/localize": "13.1.3",
- "@angular/material": "^13.1.3",
+ "@angular/material": "^13.3.9",
"@angular/platform-browser": "13.1.3",
"@angular/platform-browser-dynamic": "13.1.3",
"@angular/router": "13.1.3",
diff --git a/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java b/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java
index 868dae0d60210860cebebb3791827e410cab9843..80283d7070521f491b00864bf56a4d7a098ff112 100644
--- a/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java
+++ b/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java
@@ -2,27 +2,18 @@ package at.ac.uibk.gitsearch.config;
import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
-import at.ac.uibk.gitsearch.security.AuthoritiesConstants;
-import at.ac.uibk.gitsearch.security.jwt.JWTConfigurer;
-import at.ac.uibk.gitsearch.security.jwt.TokenProvider;
-import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthenticationToken;
-import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthorizationRequestRepository;
-import at.ac.uibk.gitsearch.security.oauth2.SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport;
-import at.ac.uibk.gitsearch.security.oauth2.UserDetailsFetcher;
-import at.ac.uibk.gitsearch.service.UserService;
-import at.ac.uibk.gitsearch.service.dto.AdminUserDTO;
-import at.ac.uibk.gitsearch.service.mapper.UserMapper;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URI;
-import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+
import javax.servlet.DispatcherType;
+
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
@@ -39,7 +30,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -72,7 +62,6 @@ import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtDecoders;
import org.springframework.security.oauth2.jwt.JwtValidators;
@@ -92,9 +81,21 @@ import org.springframework.web.filter.ForwardedHeaderFilter;
import org.springframework.web.util.UriComponentsBuilder;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
+import at.ac.uibk.gitsearch.security.AuthoritiesConstants;
+import at.ac.uibk.gitsearch.security.jwt.JWTConfigurer;
+import at.ac.uibk.gitsearch.security.jwt.TokenProvider;
+import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthenticationToken;
+import at.ac.uibk.gitsearch.security.oauth2.GitSearchOAuth2AuthorizationRequestRepository;
+import at.ac.uibk.gitsearch.security.oauth2.SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport;
+import at.ac.uibk.gitsearch.security.oauth2.UserDetailsFetcher;
+import at.ac.uibk.gitsearch.service.UserService;
+import at.ac.uibk.gitsearch.service.dto.AdminUserDTO;
+import at.ac.uibk.gitsearch.service.mapper.UserMapper;
+
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
+@java.lang.SuppressWarnings("PMD")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger logger = LogManager.getLogger(SecurityConfiguration.class);
@@ -251,8 +252,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
if (object instanceof OAuth2LoginAuthenticationFilter) {
OAuth2LoginAuthenticationFilter oAuthLoginFilter = (OAuth2LoginAuthenticationFilter) object;
oAuthLoginFilter.setAuthenticationResultConverter((OAuth2LoginAuthenticationToken authenticationResult) -> {
- OAuth2AuthenticationToken authToken = new GitSearchOAuth2AuthenticationToken(authenticationResult);
- return authToken;
+ return new GitSearchOAuth2AuthenticationToken(authenticationResult);
});
}
return object;
@@ -267,34 +267,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
return jwtAuthenticationConverter;
}
- /**
- * this is unfortunately an hard core access to the oauth2 Login Authentication Filter.
- * This is required in order to set the Authentication Converter, which is not available via OAuth2LoginConfigurer.
- * If you have a better idea, you are welcome.
- *
- * @param c the OAuth2LoginConfigurer
- * @return the Filter (if accessible)
- */
- private static final Optional<OAuth2LoginAuthenticationFilter> getOAuth2AuthenticationFilterFromConfig(
- OAuth2LoginConfigurer<HttpSecurity> c
- ) {
- try {
- final Method getFilterMethod = AbstractAuthenticationFilterConfigurer.class.getDeclaredMethod("getAuthenticationFilter");
- getFilterMethod.setAccessible(true);
- return Optional.ofNullable((OAuth2LoginAuthenticationFilter) getFilterMethod.invoke(c));
- } catch (
- NullPointerException
- | IllegalAccessException
- | IllegalArgumentException
- | InvocationTargetException
- | NoSuchMethodException
- | SecurityException e
- ) {
- logger.warn("Cannot get OAuth2LoginAuthenticationFilter :-(", e);
- return Optional.empty();
- }
- }
-
private JWTConfigurer securityConfigurerAdapter() {
return new JWTConfigurer(tokenProvider);
}
diff --git a/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthenticationToken.java b/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthenticationToken.java
index f9f88d04552c5fe6e3a4d2d7bcfe8665a031bc7e..cde913274820970ff1f3ed6604d0e9f86fac881f 100644
--- a/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthenticationToken.java
+++ b/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthenticationToken.java
@@ -10,7 +10,7 @@ public class GitSearchOAuth2AuthenticationToken extends OAuth2AuthenticationToke
*/
private static final long serialVersionUID = 1L;
- private String redirectURL;
+ private final String redirectURL;
public GitSearchOAuth2AuthenticationToken(OAuth2LoginAuthenticationToken authenticationResult) {
super(
@@ -18,12 +18,12 @@ public class GitSearchOAuth2AuthenticationToken extends OAuth2AuthenticationToke
authenticationResult.getAuthorities(),
authenticationResult.getClientRegistration().getRegistrationId()
);
- redirectURL =
+ String configuredRedirectURL =
authenticationResult
.getAuthorizationExchange()
.getAuthorizationRequest()
.getAttribute(GitSearchOAuth2AuthorizationRequestRepository.REFERER_ATTRIBUTE);
- if (redirectURL == null) redirectURL = "/";
+ redirectURL = configuredRedirectURL!=null?configuredRedirectURL:"/";
}
public String getRedirectURL() {
diff --git a/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthorizationRequestRepository.java b/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthorizationRequestRepository.java
index be7565456277f260bd97ead19641c740ab5c5bdd..e093a04971183313ef6b979a7ab72600fcae61a3 100644
--- a/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthorizationRequestRepository.java
+++ b/src/main/java/at/ac/uibk/gitsearch/security/oauth2/GitSearchOAuth2AuthorizationRequestRepository.java
@@ -1,10 +1,11 @@
package at.ac.uibk.gitsearch.security.oauth2;
-import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@@ -49,7 +50,7 @@ public class GitSearchOAuth2AuthorizationRequestRepository implements Authorizat
String state = authorizationRequest.getState();
Assert.hasText(state, "authorizationRequest.state cannot be empty");
String referer = request.getHeader(REFERER_ATTRIBUTE);
- final Map<String, Object> requestAttributes = new HashMap<>(authorizationRequest.getAttributes());
+ final Map<String, Object> requestAttributes = new ConcurrentHashMap<>(authorizationRequest.getAttributes());
requestAttributes.put(REFERER_ATTRIBUTE, referer);
OAuth2AuthorizationRequest extendedAuthorizationRequest = OAuth2AuthorizationRequest
.from(authorizationRequest)