feat: use uPortal soffit

NOTICE

@@ -24,6 +24,7 @@ This project includes:
   ASM based accessors helper used by json-smart under The Apache Software License, Version 2.0
   AspectJ Weaver under Eclipse Public License - v 2.0
   AssertJ fluent assertions under Apache License, Version 2.0
+  Bouncy Castle Provider under Bouncy Castle Licence
   Byte Buddy (without dependencies) under Apache License, Version 2.0
   Byte Buddy agent under Apache License, Version 2.0
   Caffeine cache under Apache License, Version 2.0
@@ -51,14 +52,19 @@ This project includes:
   Jakarta Bean Validation API under Apache License 2.0
   Jakarta Persistence API under Eclipse Public License v. 2.0 or Eclipse Distribution License v. 1.0
   Jakarta XML Binding API under Eclipse Distribution License - v 1.0
+  JASYPT: Java Simplified Encryption under The Apache Software License, Version 2.0
   Java Annotation Indexer under Apache License, Version 2.0
   Java Native Access under LGPL-2.1-or-later or Apache-2.0
   Java Native Access Platform under LGPL-2.1-or-later or Apache-2.0
+  javax.annotation API under CDDL + GPLv2 with classpath exception
   javax.inject under The Apache Software License, Version 2.0
   javax.transaction API under EPL 2.0 or GPL2 w/ CPE
   JAXB Runtime under Eclipse Distribution License - v 1.0
   JBoss Logging 3 under Apache License, version 2.0
   JCL 1.2 implemented over SLF4J under Apache License, Version 2.0
+  JJWT :: API under Apache License, Version 2.0
+  JJWT :: Extensions :: Jackson under Apache License, Version 2.0
+  JJWT :: Impl under Apache License, Version 2.0
   JSON library from Android SDK under Apache License 2.0
   JSON Small and Fast Parser under The Apache Software License, Version 2.0
   JSONassert under The Apache Software License, Version 2.0
@@ -128,5 +134,6 @@ This project includes:
   tomcat-embed-el under Apache License, Version 2.0
   tomcat-embed-websocket under Apache License, Version 2.0
   TXW2 Runtime under Eclipse Distribution License - v 1.0
+  uPortal under The Apache License, Version 2.0
   waffle-jna under MIT
 

pom.xml

@@ -1,47 +1,47 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 
-	<modelVersion>4.0.0</modelVersion>
+  <modelVersion>4.0.0</modelVersion>
 
-	<parent>
-		<groupId>org.springframework.boot</groupId>
+  <parent>
+    <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.7.17</version>
-		<relativePath/> <!-- lookup parent from repository -->
-	</parent>
+    <version>2.7.17</version>
+    <relativePath/> <!-- lookup parent from repository -->
+  </parent>
 
-	<groupId>fr.recia</groupId>
-	<artifactId>esco-collabsoft</artifactId>
-	<version>0.0.1-SNAPSHOT</version>
-	<packaging>war</packaging>
-	<name>esco-collabsoft</name>
-	<description>API de collabsoft</description>
+  <groupId>fr.recia</groupId>
+  <artifactId>esco-collabsoft</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+  <packaging>war</packaging>
+  <name>esco-collabsoft</name>
+  <description>API de collabsoft</description>
 
-	<properties>
-		<java.version>11</java.version>
-	</properties>
+  <properties>
+    <java.version>11</java.version>
+  </properties>
 
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-data-jpa</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-data-jpa</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
 
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-devtools</artifactId>
-			<scope>runtime</scope>
-			<optional>true</optional>
-		</dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-devtools</artifactId>
+      <scope>runtime</scope>
+      <optional>true</optional>
+    </dependency>
 
     <dependency>
       <groupId>org.projectlombok</groupId>
@@ -104,28 +104,33 @@
 <!--      <classifier>jakarta</classifier>-->
     </dependency>
 
-	</dependencies>
+    <dependency>
+      <groupId>org.jasig.portal</groupId>
+      <artifactId>uPortal-soffit-renderer</artifactId>
+      <version>5.13.1</version>
+    </dependency>
+  </dependencies>
 
-	<build>
+  <build>
     <resources>
       <resource>
         <directory>src/main/resources</directory>
         <filtering>true</filtering>
       </resource>
     </resources>
-		<plugins>
-			<plugin>
-				<groupId>org.springframework.boot</groupId>
-				<artifactId>spring-boot-maven-plugin</artifactId>
-				<configuration>
-					<excludes>
-						<exclude>
-							<groupId>org.projectlombok</groupId>
-							<artifactId>lombok</artifactId>
-						</exclude>
-					</excludes>
-				</configuration>
-			</plugin>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <configuration>
+          <excludes>
+            <exclude>
+              <groupId>org.projectlombok</groupId>
+              <artifactId>lombok</artifactId>
+            </exclude>
+          </excludes>
+        </configuration>
+      </plugin>
       <plugin>
         <groupId>com.mycila</groupId>
         <artifactId>license-maven-plugin</artifactId>
@@ -231,8 +236,8 @@
           </webResources>
         </configuration>
       </plugin>
-		</plugins>
-	</build>
+    </plugins>
+  </build>
 
   <scm>
     <connection>scm:git:ssh://git@github.com:GIP-RECIA/Collabsoft.git</connection>

src/main/java/fr/recia/collabsoft/configuration/CollabsoftProperties.java

@@ -18,6 +18,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import fr.recia.collabsoft.configuration.beans.CorsProperties;
 import fr.recia.collabsoft.configuration.beans.SecurityProperties;
+import fr.recia.collabsoft.configuration.beans.SoffitProperties;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -38,6 +39,7 @@ public class CollabsoftProperties {
 
   private CorsProperties cors = new CorsProperties();
   private SecurityProperties security = new SecurityProperties();
+  private SoffitProperties soffit = new SoffitProperties();
 
   @PostConstruct
   private void init() throws JsonProcessingException {
@@ -49,6 +51,7 @@ public String toString() {
     return "{\n"
       + cors + ",\n"
       + security + ",\n"
+      + soffit + "\n"
       + "\n}";
   }
 

src/main/java/fr/recia/collabsoft/configuration/SecurityConfiguration.java

@@ -16,24 +16,45 @@
 package fr.recia.collabsoft.configuration;
 
 import lombok.extern.slf4j.Slf4j;
+import org.apereo.portal.soffit.security.SoffitApiAuthenticationManager;
+import org.apereo.portal.soffit.security.SoffitApiPreAuthenticatedProcessingFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
 @Slf4j
 @Configuration
 @EnableWebSecurity
 public class SecurityConfiguration {
 
+  private final CollabsoftProperties collabsoftProperties;
+
+  public SecurityConfiguration(CollabsoftProperties collabsoftProperties) {
+    this.collabsoftProperties = collabsoftProperties;
+  }
+
+  @Bean
+  public AuthenticationManager authenticationManager() {
+    return new SoffitApiAuthenticationManager();
+  }
+
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    final AbstractPreAuthenticatedProcessingFilter filter = new SoffitApiPreAuthenticatedProcessingFilter(
+      collabsoftProperties.getSoffit().getJwtSignatureKey()
+    );
+    filter.setAuthenticationManager(authenticationManager());
+    http.addFilter(filter);
+
     http
       .csrf()
-        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
 
     http
       .authorizeHttpRequests(authz -> authz
@@ -43,6 +64,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         .anyRequest().denyAll()
       );
 
+    http.sessionManagement().sessionFixation().newSession();
+
     return http.build();
   }
 

src/main/java/fr/recia/collabsoft/configuration/beans/SoffitProperties.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2023 GIP-RECIA, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package fr.recia.collabsoft.configuration.beans;
+
+import lombok.Data;
+
+@Data
+public class SoffitProperties {
+
+  private String jwtSignatureKey;
+
+  @Override
+  public String toString() {
+    return "\"SoffitProperties\": {" +
+      "\n\t\"jwtSignatureKey\": \"" + jwtSignatureKey + "\"" +
+      "\n}";
+  }
+
+}

src/main/java/fr/recia/collabsoft/services/FileService.java

@@ -22,11 +22,9 @@
 import fr.recia.collabsoft.db.entities.QCollaboration;
 import fr.recia.collabsoft.db.entities.QFile;
 import fr.recia.collabsoft.db.entities.QMetadata;
-import fr.recia.collabsoft.db.entities.QUser;
 import fr.recia.collabsoft.db.entities.User;
 import fr.recia.collabsoft.db.repositories.AssociatedAppRepository;
 import fr.recia.collabsoft.db.repositories.FileRepository;
-import fr.recia.collabsoft.db.repositories.UserRepository;
 import fr.recia.collabsoft.interceptors.beans.SoffitHolder;
 import fr.recia.collabsoft.pojo.JsonFileBody;
 import org.apache.commons.collections4.IteratorUtils;
@@ -52,7 +50,7 @@ public FileService(SoffitHolder soffitHolder) {
     this.soffitHolder = soffitHolder;
   }
 
-  public List<File> getMyFiles() {
+  public List<File> getFiles() {
     return IteratorUtils.toList(
       fileRepository.findAll(QFile.file.creator.casUid.eq(soffitHolder.getSub())).iterator()
     );

src/main/java/fr/recia/collabsoft/services/MetadataService.java

@@ -45,6 +45,7 @@ public MetadataService(SoffitHolder soffitHolder) {
 
   public boolean updateMetadata(Long fileId, JsonMetadataBody body) {
     final User user = userService.getCurrentUser();
+    if (user == null) return false;
     Metadata metadata = metadataRepository.findOne(
       QMetadata.metadata.file.id.eq(fileId).and(QMetadata.metadata.user.casUid.eq(soffitHolder.getSub()))
     ).orElse(null);

src/main/java/fr/recia/collabsoft/web/rest/FileController.java

@@ -23,8 +23,8 @@
 import fr.recia.collabsoft.pojo.JsonHistoryBody;
 import fr.recia.collabsoft.pojo.JsonMetadataBody;
 import fr.recia.collabsoft.services.CollaborationService;
-import fr.recia.collabsoft.services.FileService;
 import fr.recia.collabsoft.services.FileHistoryService;
+import fr.recia.collabsoft.services.FileService;
 import fr.recia.collabsoft.services.MetadataService;
 import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
@@ -67,7 +67,7 @@ public class FileController {
    */
   @GetMapping
   public ResponseEntity<List<File>> getFiles() {
-    return new ResponseEntity<>(fileService.getMyFiles(), HttpStatus.OK);
+    return new ResponseEntity<>(fileService.getFiles(), HttpStatus.OK);
   }
 
   /**

src/main/resources/config/application-prod.example.yml

@@ -18,3 +18,6 @@ app:
     enable: true
     allowed-origins: >
       https://*.giprecia.net
+
+  soffit:
+    jwt-signature-key: ''

src/main/resources/config/application.yml

@@ -11,7 +11,7 @@ server:
     context-path: /spring-api
 
 logging:
-  config: "classpath:logback.xml"
+  config: 'classpath:logback.xml'
 
 spring:
   application:
@@ -61,3 +61,6 @@ app:
       PUT,
       POST,
       DELETE
+
+  soffit:
+    jwt-signature-key: ''