diff --git a/NOTICE b/NOTICE index 6a8aa2e4..9ad4c9ab 100644 --- a/NOTICE +++ b/NOTICE @@ -24,6 +24,7 @@ This project includes: ASM based accessors helper used by json-smart under The Apache Software License, Version 2.0 AspectJ Weaver under Eclipse Public License - v 2.0 AssertJ fluent assertions under Apache License, Version 2.0 + Bouncy Castle Provider under Bouncy Castle Licence Byte Buddy (without dependencies) under Apache License, Version 2.0 Byte Buddy agent under Apache License, Version 2.0 Caffeine cache under Apache License, Version 2.0 @@ -51,14 +52,19 @@ This project includes: Jakarta Bean Validation API under Apache License 2.0 Jakarta Persistence API under Eclipse Public License v. 2.0 or Eclipse Distribution License v. 1.0 Jakarta XML Binding API under Eclipse Distribution License - v 1.0 + JASYPT: Java Simplified Encryption under The Apache Software License, Version 2.0 Java Annotation Indexer under Apache License, Version 2.0 Java Native Access under LGPL-2.1-or-later or Apache-2.0 Java Native Access Platform under LGPL-2.1-or-later or Apache-2.0 + javax.annotation API under CDDL + GPLv2 with classpath exception javax.inject under The Apache Software License, Version 2.0 javax.transaction API under EPL 2.0 or GPL2 w/ CPE JAXB Runtime under Eclipse Distribution License - v 1.0 JBoss Logging 3 under Apache License, version 2.0 JCL 1.2 implemented over SLF4J under Apache License, Version 2.0 + JJWT :: API under Apache License, Version 2.0 + JJWT :: Extensions :: Jackson under Apache License, Version 2.0 + JJWT :: Impl under Apache License, Version 2.0 JSON library from Android SDK under Apache License 2.0 JSON Small and Fast Parser under The Apache Software License, Version 2.0 JSONassert under The Apache Software License, Version 2.0 @@ -128,5 +134,6 @@ This project includes: tomcat-embed-el under Apache License, Version 2.0 tomcat-embed-websocket under Apache License, Version 2.0 TXW2 Runtime under Eclipse Distribution License - v 1.0 + uPortal under The Apache License, Version 2.0 waffle-jna under MIT diff --git a/pom.xml b/pom.xml index 0708147b..cd068878 100644 --- a/pom.xml +++ b/pom.xml @@ -1,47 +1,47 @@ + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> - 4.0.0 + 4.0.0 - - org.springframework.boot + + org.springframework.boot spring-boot-starter-parent - 2.7.17 - - + 2.7.17 + + - fr.recia - esco-collabsoft - 0.0.1-SNAPSHOT - war - esco-collabsoft - API de collabsoft + fr.recia + esco-collabsoft + 0.0.1-SNAPSHOT + war + esco-collabsoft + API de collabsoft - - 11 - + + 11 + - - - org.springframework.boot - spring-boot-starter-data-jpa - - - org.springframework.boot - spring-boot-starter-security - - - org.springframework.boot - spring-boot-starter-web - + + + org.springframework.boot + spring-boot-starter-data-jpa + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-web + - - org.springframework.boot - spring-boot-devtools - runtime - true - + + org.springframework.boot + spring-boot-devtools + runtime + true + org.projectlombok @@ -104,28 +104,33 @@ - + + org.jasig.portal + uPortal-soffit-renderer + 5.13.1 + + - + src/main/resources true - - - org.springframework.boot - spring-boot-maven-plugin - - - - org.projectlombok - lombok - - - - + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + com.mycila license-maven-plugin @@ -231,8 +236,8 @@ - - + + scm:git:ssh://git@github.com:GIP-RECIA/Collabsoft.git diff --git a/src/main/java/fr/recia/collabsoft/configuration/CollabsoftProperties.java b/src/main/java/fr/recia/collabsoft/configuration/CollabsoftProperties.java index a0224a1d..9d0481ee 100644 --- a/src/main/java/fr/recia/collabsoft/configuration/CollabsoftProperties.java +++ b/src/main/java/fr/recia/collabsoft/configuration/CollabsoftProperties.java @@ -18,6 +18,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import fr.recia.collabsoft.configuration.beans.CorsProperties; import fr.recia.collabsoft.configuration.beans.SecurityProperties; +import fr.recia.collabsoft.configuration.beans.SoffitProperties; import lombok.Data; import lombok.extern.slf4j.Slf4j; import org.springframework.boot.context.properties.ConfigurationProperties; @@ -38,6 +39,7 @@ public class CollabsoftProperties { private CorsProperties cors = new CorsProperties(); private SecurityProperties security = new SecurityProperties(); + private SoffitProperties soffit = new SoffitProperties(); @PostConstruct private void init() throws JsonProcessingException { @@ -49,6 +51,7 @@ public String toString() { return "{\n" + cors + ",\n" + security + ",\n" + + soffit + "\n" + "\n}"; } diff --git a/src/main/java/fr/recia/collabsoft/configuration/SecurityConfiguration.java b/src/main/java/fr/recia/collabsoft/configuration/SecurityConfiguration.java index 963d3c97..99c4ac6f 100644 --- a/src/main/java/fr/recia/collabsoft/configuration/SecurityConfiguration.java +++ b/src/main/java/fr/recia/collabsoft/configuration/SecurityConfiguration.java @@ -16,12 +16,16 @@ package fr.recia.collabsoft.configuration; import lombok.extern.slf4j.Slf4j; +import org.apereo.portal.soffit.security.SoffitApiAuthenticationManager; +import org.apereo.portal.soffit.security.SoffitApiPreAuthenticatedProcessingFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @Slf4j @@ -29,11 +33,28 @@ @EnableWebSecurity public class SecurityConfiguration { + private final CollabsoftProperties collabsoftProperties; + + public SecurityConfiguration(CollabsoftProperties collabsoftProperties) { + this.collabsoftProperties = collabsoftProperties; + } + + @Bean + public AuthenticationManager authenticationManager() { + return new SoffitApiAuthenticationManager(); + } + @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + final AbstractPreAuthenticatedProcessingFilter filter = new SoffitApiPreAuthenticatedProcessingFilter( + collabsoftProperties.getSoffit().getJwtSignatureKey() + ); + filter.setAuthenticationManager(authenticationManager()); + http.addFilter(filter); + http .csrf() - .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http .authorizeHttpRequests(authz -> authz @@ -43,6 +64,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .anyRequest().denyAll() ); + http.sessionManagement().sessionFixation().newSession(); + return http.build(); } diff --git a/src/main/java/fr/recia/collabsoft/configuration/beans/SoffitProperties.java b/src/main/java/fr/recia/collabsoft/configuration/beans/SoffitProperties.java new file mode 100644 index 00000000..3d4fe883 --- /dev/null +++ b/src/main/java/fr/recia/collabsoft/configuration/beans/SoffitProperties.java @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2023 GIP-RECIA, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package fr.recia.collabsoft.configuration.beans; + +import lombok.Data; + +@Data +public class SoffitProperties { + + private String jwtSignatureKey; + + @Override + public String toString() { + return "\"SoffitProperties\": {" + + "\n\t\"jwtSignatureKey\": \"" + jwtSignatureKey + "\"" + + "\n}"; + } + +} diff --git a/src/main/java/fr/recia/collabsoft/services/FileService.java b/src/main/java/fr/recia/collabsoft/services/FileService.java index e5c4a105..cafbac60 100644 --- a/src/main/java/fr/recia/collabsoft/services/FileService.java +++ b/src/main/java/fr/recia/collabsoft/services/FileService.java @@ -22,11 +22,9 @@ import fr.recia.collabsoft.db.entities.QCollaboration; import fr.recia.collabsoft.db.entities.QFile; import fr.recia.collabsoft.db.entities.QMetadata; -import fr.recia.collabsoft.db.entities.QUser; import fr.recia.collabsoft.db.entities.User; import fr.recia.collabsoft.db.repositories.AssociatedAppRepository; import fr.recia.collabsoft.db.repositories.FileRepository; -import fr.recia.collabsoft.db.repositories.UserRepository; import fr.recia.collabsoft.interceptors.beans.SoffitHolder; import fr.recia.collabsoft.pojo.JsonFileBody; import org.apache.commons.collections4.IteratorUtils; @@ -52,7 +50,7 @@ public FileService(SoffitHolder soffitHolder) { this.soffitHolder = soffitHolder; } - public List getMyFiles() { + public List getFiles() { return IteratorUtils.toList( fileRepository.findAll(QFile.file.creator.casUid.eq(soffitHolder.getSub())).iterator() ); diff --git a/src/main/java/fr/recia/collabsoft/services/MetadataService.java b/src/main/java/fr/recia/collabsoft/services/MetadataService.java index 3ef0bb62..a24ed4be 100644 --- a/src/main/java/fr/recia/collabsoft/services/MetadataService.java +++ b/src/main/java/fr/recia/collabsoft/services/MetadataService.java @@ -45,6 +45,7 @@ public MetadataService(SoffitHolder soffitHolder) { public boolean updateMetadata(Long fileId, JsonMetadataBody body) { final User user = userService.getCurrentUser(); + if (user == null) return false; Metadata metadata = metadataRepository.findOne( QMetadata.metadata.file.id.eq(fileId).and(QMetadata.metadata.user.casUid.eq(soffitHolder.getSub())) ).orElse(null); diff --git a/src/main/java/fr/recia/collabsoft/web/rest/FileController.java b/src/main/java/fr/recia/collabsoft/web/rest/FileController.java index 334232ec..1b4fd684 100644 --- a/src/main/java/fr/recia/collabsoft/web/rest/FileController.java +++ b/src/main/java/fr/recia/collabsoft/web/rest/FileController.java @@ -23,8 +23,8 @@ import fr.recia.collabsoft.pojo.JsonHistoryBody; import fr.recia.collabsoft.pojo.JsonMetadataBody; import fr.recia.collabsoft.services.CollaborationService; -import fr.recia.collabsoft.services.FileService; import fr.recia.collabsoft.services.FileHistoryService; +import fr.recia.collabsoft.services.FileService; import fr.recia.collabsoft.services.MetadataService; import lombok.NonNull; import lombok.extern.slf4j.Slf4j; @@ -67,7 +67,7 @@ public class FileController { */ @GetMapping public ResponseEntity> getFiles() { - return new ResponseEntity<>(fileService.getMyFiles(), HttpStatus.OK); + return new ResponseEntity<>(fileService.getFiles(), HttpStatus.OK); } /** diff --git a/src/main/resources/config/application-prod.example.yml b/src/main/resources/config/application-prod.example.yml index 11521bc4..d1479a8d 100644 --- a/src/main/resources/config/application-prod.example.yml +++ b/src/main/resources/config/application-prod.example.yml @@ -18,3 +18,6 @@ app: enable: true allowed-origins: > https://*.giprecia.net + + soffit: + jwt-signature-key: '' diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index 0dd73d28..4b8badbe 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -11,7 +11,7 @@ server: context-path: /spring-api logging: - config: "classpath:logback.xml" + config: 'classpath:logback.xml' spring: application: @@ -61,3 +61,6 @@ app: PUT, POST, DELETE + + soffit: + jwt-signature-key: ''