For tobi

qbicsoftware · Jan 21, 2025 · 9a061c6 · 9a061c6
1 parent e852a82
commit 9a061c6
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 22 deletions.
diff --git a/user-interface/src/main/java/life/qbic/datamanager/MyVaadinSessionInitListener.java b/user-interface/src/main/java/life/qbic/datamanager/MyVaadinSessionInitListener.java
@@ -6,14 +6,19 @@
 import com.vaadin.flow.component.UI;
 import com.vaadin.flow.component.page.Page.ExtendedClientDetailsReceiver;
 import com.vaadin.flow.router.BeforeEnterEvent;
+import com.vaadin.flow.server.RequestHandler;
 import com.vaadin.flow.server.ServiceDestroyEvent;
 import com.vaadin.flow.server.ServiceInitEvent;
 import com.vaadin.flow.server.SessionDestroyEvent;
 import com.vaadin.flow.server.SessionInitEvent;
 import com.vaadin.flow.server.UIInitEvent;
+import com.vaadin.flow.server.VaadinRequest;
+import com.vaadin.flow.server.VaadinResponse;
 import com.vaadin.flow.server.VaadinServiceInitListener;
+import com.vaadin.flow.server.VaadinSession;
 import com.vaadin.flow.server.WrappedSession;
 import com.vaadin.flow.spring.annotation.SpringComponent;
+import java.io.IOException;
 import life.qbic.datamanager.exceptionhandling.UiExceptionHandler;
 import life.qbic.datamanager.security.LogoutService;
 import life.qbic.datamanager.views.AppRoutes;

diff --git a/user-interface/src/main/java/life/qbic/datamanager/security/FilterChainDebugger.java b/user-interface/src/main/java/life/qbic/datamanager/security/FilterChainDebugger.java
@@ -0,0 +1,30 @@
+package life.qbic.datamanager.security;
+
+/**
+ * <b><class short description - 1 Line!></b>
+ *
+ * <p><More detailed description - When to use, what it solves, etc.></p>
+ *
+ * @since <version tag>
+ */
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.stereotype.Component;
+
+@Component
+public class FilterChainDebugger {
+
+  private final FilterChainProxy filterChainProxy;
+
+  public FilterChainDebugger(FilterChainProxy filterChainProxy) {
+    this.filterChainProxy = filterChainProxy;
+  }
+
+  @Bean
+  public void printFilterChains() {
+    filterChainProxy.getFilterChains().forEach(chain -> {
+      System.out.println("Filter Chain for: " + chain.getFilters());
+      chain.getFilters().forEach(filter -> System.out.println("  " + filter.getClass().getName()));
+    });
+  }
+}
diff --git a/user-interface/src/main/java/life/qbic/datamanager/security/SecurityConfiguration.java b/user-interface/src/main/java/life/qbic/datamanager/security/SecurityConfiguration.java
@@ -50,19 +50,33 @@ private AuthenticationSuccessHandler authenticationSuccessHandler() {
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
-    http.authorizeHttpRequests(v -> v.requestMatchers(
+    /*http.authorizeHttpRequests(v -> v.requestMatchers(
             new AntPathRequestMatcher("/oauth2/authorization/orcid"),
+            new AntPathRequestMatcher("/oauth2/authorization/zenodo"),
+            new AntPathRequestMatcher("/oauth2/callback/zenodo2"),
             new AntPathRequestMatcher("/oauth2/code/**"), new AntPathRequestMatcher("images/*.png"))
         .permitAll());
 
     http.oauth2Login(oAuth2Login -> {
       oAuth2Login.loginPage("/login").permitAll();
       oAuth2Login.defaultSuccessUrl("/");
+      oAuth2Login.failureHandler((request, response, e) -> {
+        System.out.println(e.getMessage());
+      });
       oAuth2Login.successHandler(
           authenticationSuccessHandler());
       oAuth2Login.failureUrl("/login?errorOauth2=true&error");
     });
     super.configure(http);
-    setLoginView(http, LoginLayout.class);
+    setLoginView(http, LoginLayout.class);*/
+    http.authorizeHttpRequests(v ->
+            v.requestMatchers("/", "/login", "/oauth2/authorization/zenodo2").permitAll() // Public paths
+            .requestMatchers("/oauth2/code/**").permitAll()
+        )
+        .oauth2Login(oauth2 -> oauth2
+            .defaultSuccessUrl("/login2", true) // Redirect after login
+        );
+
+    super.configure(http);
   }
 }
diff --git a/user-interface/src/main/java/life/qbic/datamanager/security/ZenodoSecurityConfiguration.java b/user-interface/src/main/java/life/qbic/datamanager/security/ZenodoSecurityConfiguration.java
@@ -4,7 +4,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 /**
  * <b><class short description - 1 Line!></b>
@@ -18,18 +17,15 @@ public class ZenodoSecurityConfiguration {
 
   @Bean
   public SecurityFilterChain secondarySecurityChain(HttpSecurity http) throws Exception {
-    http
-        .securityMatcher("/oauth2/code**") // Only handle routes related to Zenodo OAuth2 flow
-        .authorizeHttpRequests(auth -> auth
-            .requestMatchers(new AntPathRequestMatcher("/oauth2/code*"),
-                new AntPathRequestMatcher("/oauth2/callback")).permitAll() // Allow the callback
-            .anyRequest().authenticated()
-        )
-        .oauth2Login(oauth2 -> oauth2
-                .loginPage("/whoami").permitAll()
-                .defaultSuccessUrl("/whoami/zenodo/success", true).failureUrl("/zenodo/failure")
-            // Redirect after successful login
-        );
+//    http
+//        .authorizeHttpRequests(auth -> auth
+//            .requestMatchers("/", "/login", "/oauth2/authorization/zenodo2").permitAll() // Public paths
+//            .requestMatchers("/oauth2/code/**").permitAll()
+//            .anyRequest().authenticated() // Protect all other paths
+//        )
+//        .oauth2Login(oauth2 -> oauth2
+//            .defaultSuccessUrl("/login2", true) // Redirect after login
+//        );
 
     return http.build();
   }

diff --git a/user-interface/src/main/java/life/qbic/datamanager/views/demo/AuthTest.java b/user-interface/src/main/java/life/qbic/datamanager/views/demo/AuthTest.java
@@ -6,9 +6,11 @@
 import com.vaadin.flow.router.BeforeEnterEvent;
 import com.vaadin.flow.router.BeforeEnterObserver;
 import com.vaadin.flow.router.Route;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 import com.vaadin.flow.spring.annotation.UIScope;
 import jakarta.annotation.security.PermitAll;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
@@ -28,16 +30,16 @@
  * @since <version tag>
  */
 @Profile("test-ui") // This view will only be available when the "test-ui" profile is active
-@Route("whoami")
-@PermitAll
+@Route("login2")
+@AnonymousAllowed
 @UIScope
 @Component
 public class AuthTest extends Div implements BeforeEnterObserver {
 
   @Autowired
   private OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager;
 
-  public AuthTest() {
+  public AuthTest(@Autowired ApplicationContext app) {
     Button button = new Button("Authorize Zenodo");
     button.addClickListener(e -> {
       String authorizationUrl = ServletUriComponentsBuilder

diff --git a/user-interface/src/main/resources/application.properties b/user-interface/src/main/resources/application.properties
@@ -112,16 +112,15 @@ spring.security.oauth2.client.registration.zenodo.client-name=zenodo
 spring.security.oauth2.client.registration.zenodo.client-id=XOLzn76ndm5ZCRMa8157l44fqMLw3Tz743nLQz3i
 spring.security.oauth2.client.registration.zenodo.client-secret=zSwZKoh6aA0zuFUL4nCxpo53lKpuqK6X8cYIEpaIivcl8mNf95XWqDGrByw3
 spring.security.oauth2.client.registration.zenodo.authorization-grant-type=authorization_code
-spring.security.oauth2.client.registration.zenodo.redirect-uri={baseUrl}/whoami/oauth2/code/zenodo
+spring.security.oauth2.client.registration.zenodo.redirect-uri={baseUrl}/login/oauth2/code/zenodo2
 spring.security.oauth2.client.registration.zenodo.scope=user:email
 spring.security.oauth2.client.provider.zenodo.authorization-uri=https://zenodo.org/oauth/authorize
 spring.security.oauth2.client.provider.zenodo.token-uri=https://zenodo.org/oauth/token
 spring.security.oauth2.client.provider.zenodo.user-info-uri=https://zenodo.org/api/me
-spring.security.oauth2.client.provider.zenodo.jwk-set-uri=""
 logging.level.org.springframework.security=DEBUG
 logging.level.org.springframework.security.oauth2=DEBUG
-
-#logging.level.org.springframework.security.web=DEBUG
+logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
+logging.level.org.springframework.security.web=DEBUG
 ###############################################################################
 ################### ActiveMQ Artemis ##########################################
 # ActiveMQ Artemis is used as a global message broker handling

diff --git a/user-interface/src/main/resources/templates/login.html b/user-interface/src/main/resources/templates/login.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Title</title>
+</head>
+<body>
+
+</body>
+</html>