Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consolidate Ladybug and Console authentication properties #7754

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Consolidate Ladybug and Console authentication properties #7754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions core/src/main/java/org/frankframework/lifecycle/ServletManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
public class ServletManager implements ApplicationContextAware, InitializingBean, ServletContextAware {

private ServletContext servletContext = null;
private final List<String> registeredRoles = new ArrayList<>(ServletAuthenticatorBase.DEFAULT_IBIS_ROLES); //Add the default IBIS roles
private final List<String> registeredRoles = new ArrayList<>(ServletAuthenticatorBase.DEFAULT_IBIS_ROLES); // Add the default IBIS roles
private final Logger log = LogUtil.getLogger(this);
private final Map<String, ServletConfiguration> servlets = new HashMap<>();
private final Map<String, IAuthenticator> authenticators = new HashMap<>();
Expand Down Expand Up @@ -229,7 +229,7 @@ private void registerServlet(ServletConfiguration config) {
serv.setServletSecurity(getServletSecurity(config));

if(!config.getInitParameters().isEmpty()) {
//Manually loop through the map as serv.setInitParameters will fail all parameters even if only 1 fails...
// Manually loop through the map as serv.setInitParameters will fail all parameters even if only 1 fails...
for(Entry<String, String> entry : config.getInitParameters().entrySet()) {
String key = entry.getKey();
String value = entry.getValue();
Expand Down
3 changes: 3 additions & 0 deletions core/src/main/resources/AppConstants.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ application.security.http.transportGuarantee=
#application.security.http.authenticators.myADAuth.url=ldap://10.1.2.3
application.security.http.authenticators=

## Default authenticator for HTTP endpoints.
application.security.http.authenticator=CONTAINER

application.name=IAF

## [Deprecated] [Generated] Deprecated as we now use maven this will be determined dynamically during the build pipeline.
Expand Down
3 changes: 1 addition & 2 deletions core/src/main/resources/StageSpecifics_LOC.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,4 @@ csrf.enabled=false
servlet.LarvaServlet.allowFileSave=true

# Disable login on console and ladybug endpoints when using local setup
application.security.console.authentication.type=NONE
application.security.testtool.authentication.type=NONE
application.security.console.authentication.type=NONE
1 change: 0 additions & 1 deletion ...ider/src/main/java/org/frankframework/credentialprovider/FileSystemCredentialFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ public class FileSystemCredentialFactory implements ICredentialFactory {
public static final String USERNAME_FILE_PROPERTY="credentialFactory.filesystem.usernamefile";
public static final String PASSWORD_FILE_PROPERTY="credentialFactory.filesystem.passwordfile";

public static final String FILESYSTEM_ROOT_DEFAULT="/etc/secrets";
public static final String USERNAME_FILE_DEFAULT="username";
public static final String PASSWORD_FILE_DEFAULT="password";

Expand Down
18 changes: 13 additions & 5 deletions ...ommon/src/main/java/org/frankframework/ladybug/config/LadybugSecurityChainConfigurer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,10 @@ public class LadybugSecurityChainConfigurer implements ApplicationContextAware,
private @Setter Environment environment;
private @Setter ServletContext servletContext;

private IAuthenticator createAuthenticator() {
String properyPrefix = "application.security.testtool.authentication.";
private static final String STANDALONE_PROPERTY_PREFIX = "application.security.testtool.authentication.";
private static final String CONSOLE_PROPERTY_PREFIX = "application.security.console.authentication.";

private IAuthenticator createAuthenticator(String properyPrefix) {
String type = environment.getProperty(properyPrefix+"type", AuthenticationType.SEALED.name());
AuthenticationType auth = null;
try {
Expand All @@ -111,11 +113,17 @@ private IAuthenticator createAuthenticator() {

@Bean
public SecurityFilterChain createLadybugSecurityChain(HttpSecurity http) throws Exception {
return configureChain();
final IAuthenticator authenticator;
if(StringUtils.isNotBlank(environment.getProperty(STANDALONE_PROPERTY_PREFIX+"type"))) {
authenticator = createAuthenticator(STANDALONE_PROPERTY_PREFIX);
} else {
authenticator = createAuthenticator(CONSOLE_PROPERTY_PREFIX);
}

return configureChain(authenticator);
}

private SecurityFilterChain configureChain() throws Exception {
IAuthenticator authenticator = createAuthenticator();
private SecurityFilterChain configureChain(IAuthenticator authenticator) throws Exception {
APPLICATION_LOG.info("Securing Ladybug TestTool using {}", ClassUtils.classNameOf(authenticator));

authenticator.registerServlet(createServletConfig("ladybugApiServletBean"));
Expand Down
10 changes: 3 additions & 7 deletions security/src/main/java/org/frankframework/lifecycle/servlets/ServletConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,9 @@ public class ServletConfiguration implements InitializingBean, EnvironmentAware

@Override
public void afterPropertiesSet() {
defaultSecuritySettings();
transportGuarantee = SecuritySettings.getDefaultTransportGuarantee();
String defaultAuthenticatorName = environment.getProperty("application.security.http.authenticator");
authenticatorName = SecuritySettings.isWebSecurityEnabled() ? defaultAuthenticatorName : AuthenticationType.NONE.name();
}

public void setSecurityRoles(String[] accessGrantingRoles) {
Expand Down Expand Up @@ -114,12 +116,6 @@ public boolean isAuthenticationEnabled() {
return !securityRoles.isEmpty() && !"NONE".equals(authenticatorName);
}

private void defaultSecuritySettings() {
transportGuarantee = SecuritySettings.getDefaultTransportGuarantee();
AuthenticationType defaultType = SecuritySettings.isWebSecurityEnabled() ? AuthenticationType.CONTAINER : AuthenticationType.NONE;
authenticatorName = defaultType.name();
}

/**
* Overwrites servlet defaults with properties.
*/
Expand Down
16 changes: 14 additions & 2 deletions security/src/test/java/org/frankframework/lifecycle/servlets/ServletAuthenticatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertInstanceOf;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;

import java.util.Map;

Expand All @@ -14,6 +17,7 @@
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextInitializer;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
Expand Down Expand Up @@ -62,6 +66,15 @@ public void setup() {
httpSecurity = createHttpSecurity();
}

protected final ServletConfiguration createServletConfiguration() {
ServletConfiguration config = new ServletConfiguration();
Environment environment = mock(Environment.class);
when(environment.getProperty(anyString())).thenReturn("CONTAINER");
config.setEnvironment(environment);
config.afterPropertiesSet();
return config;
}

protected abstract ServletAuthenticatorBase createAuthenticator();

private HttpSecurity createHttpSecurity() {
Expand All @@ -80,8 +93,7 @@ public <O> O postProcess(O object) {
@Test
void testRequestMatchersMultilineUrl() throws Exception {
// Arrange
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping("/iaf/api/*, !/iaf/api/server/health");
config.setSecurityRoles(new String[] {"IbisTester"});
authenticator.registerServlet(config);
Expand Down
37 changes: 21 additions & 16 deletions security/src/test/java/org/frankframework/lifecycle/servlets/ServletConfigurationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,30 @@
import static org.hamcrest.Matchers.hasItem;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;
import org.springframework.core.env.Environment;

public class ServletConfigurationTest {

private ServletConfiguration createServletConfiguration() {
ServletConfiguration config = new ServletConfiguration();
Environment environment = mock(Environment.class);
when(environment.getProperty(anyString())).thenReturn("CONTAINER");
config.setEnvironment(environment);
config.afterPropertiesSet();
return config;
}

@ParameterizedTest
@ValueSource(strings = {"test", "/test", "/test, "})
public void testSingleUrl(String url) {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping(url);

assertEquals(1, config.getUrlMapping().size());
Expand All @@ -24,8 +36,7 @@ public void testSingleUrl(String url) {

@Test
public void testMultilineUrl() {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping("/one/*, /two,three/, */four/,*five");

assertEquals(5, config.getUrlMapping().size());
Expand All @@ -39,29 +50,25 @@ public void testMultilineUrl() {
@ParameterizedTest
@ValueSource(strings = {"", ", ", " "})
public void testEmptyUrls(String endpointSet) {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
assertThrows(IllegalStateException.class, ()->config.setUrlMapping(endpointSet));
}

@Test
public void testFaultyExclude() {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
assertThrows(IllegalStateException.class, ()->config.setUrlMapping("/one/*,!one/healthcheck"));
}

@Test
public void testFaultyExcludeWildcard() {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
assertThrows(IllegalStateException.class, ()->config.setUrlMapping("/one/*,!/one/healthcheck/*"));
}

@Test
public void testExclude() {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping("/one/*,!/one/healthcheck");

assertEquals(2, config.getUrlMapping().size());
Expand All @@ -71,8 +78,7 @@ public void testExclude() {

@Test
public void testRootPath() {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping("/*");

assertEquals(1, config.getUrlMapping().size());
Expand All @@ -81,8 +87,7 @@ public void testRootPath() {

@Test
public void testWildcard() {
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping("*");

assertEquals(1, config.getUrlMapping().size());
Expand Down
3 changes: 1 addition & 2 deletions security/src/test/java/org/frankframework/lifecycle/servlets/YmlFileAuthenticatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ public void cannotFindFile() throws Exception {
((YmlFileAuthenticator) authenticator).setFile("tralala");

// Arrange
ServletConfiguration config = new ServletConfiguration();
config.afterPropertiesSet();
ServletConfiguration config = createServletConfiguration();
config.setUrlMapping("/iaf/api/*, !/iaf/api/server/health");
config.setSecurityRoles(new String[] {"IbisTester"});
authenticator.registerServlet(config);
Expand Down
Loading