diff --git a/user-interface/src/main/java/life/qbic/datamanager/MyVaadinSessionInitListener.java b/user-interface/src/main/java/life/qbic/datamanager/MyVaadinSessionInitListener.java
index 08ac65f23d..bcffc27349 100644
--- a/user-interface/src/main/java/life/qbic/datamanager/MyVaadinSessionInitListener.java
+++ b/user-interface/src/main/java/life/qbic/datamanager/MyVaadinSessionInitListener.java
@@ -6,14 +6,19 @@
import com.vaadin.flow.component.UI;
import com.vaadin.flow.component.page.Page.ExtendedClientDetailsReceiver;
import com.vaadin.flow.router.BeforeEnterEvent;
+import com.vaadin.flow.server.RequestHandler;
import com.vaadin.flow.server.ServiceDestroyEvent;
import com.vaadin.flow.server.ServiceInitEvent;
import com.vaadin.flow.server.SessionDestroyEvent;
import com.vaadin.flow.server.SessionInitEvent;
import com.vaadin.flow.server.UIInitEvent;
+import com.vaadin.flow.server.VaadinRequest;
+import com.vaadin.flow.server.VaadinResponse;
import com.vaadin.flow.server.VaadinServiceInitListener;
+import com.vaadin.flow.server.VaadinSession;
import com.vaadin.flow.server.WrappedSession;
import com.vaadin.flow.spring.annotation.SpringComponent;
+import java.io.IOException;
import life.qbic.datamanager.exceptionhandling.UiExceptionHandler;
import life.qbic.datamanager.security.LogoutService;
import life.qbic.datamanager.views.AppRoutes;
diff --git a/user-interface/src/main/java/life/qbic/datamanager/security/FilterChainDebugger.java b/user-interface/src/main/java/life/qbic/datamanager/security/FilterChainDebugger.java
new file mode 100644
index 0000000000..2f35d8d4fe
--- /dev/null
+++ b/user-interface/src/main/java/life/qbic/datamanager/security/FilterChainDebugger.java
@@ -0,0 +1,30 @@
+package life.qbic.datamanager.security;
+
+/**
+ *
+ *
+ *
+ *
+ * @since
+ */
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.stereotype.Component;
+
+@Component
+public class FilterChainDebugger {
+
+ private final FilterChainProxy filterChainProxy;
+
+ public FilterChainDebugger(FilterChainProxy filterChainProxy) {
+ this.filterChainProxy = filterChainProxy;
+ }
+
+ @Bean
+ public void printFilterChains() {
+ filterChainProxy.getFilterChains().forEach(chain -> {
+ System.out.println("Filter Chain for: " + chain.getFilters());
+ chain.getFilters().forEach(filter -> System.out.println(" " + filter.getClass().getName()));
+ });
+ }
+}
diff --git a/user-interface/src/main/java/life/qbic/datamanager/security/SecurityConfiguration.java b/user-interface/src/main/java/life/qbic/datamanager/security/SecurityConfiguration.java
index 308105e73b..b34c1edcca 100644
--- a/user-interface/src/main/java/life/qbic/datamanager/security/SecurityConfiguration.java
+++ b/user-interface/src/main/java/life/qbic/datamanager/security/SecurityConfiguration.java
@@ -50,19 +50,33 @@ private AuthenticationSuccessHandler authenticationSuccessHandler() {
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.authorizeHttpRequests(v -> v.requestMatchers(
+ /*http.authorizeHttpRequests(v -> v.requestMatchers(
new AntPathRequestMatcher("/oauth2/authorization/orcid"),
+ new AntPathRequestMatcher("/oauth2/authorization/zenodo"),
+ new AntPathRequestMatcher("/oauth2/callback/zenodo2"),
new AntPathRequestMatcher("/oauth2/code/**"), new AntPathRequestMatcher("images/*.png"))
.permitAll());
http.oauth2Login(oAuth2Login -> {
oAuth2Login.loginPage("/login").permitAll();
oAuth2Login.defaultSuccessUrl("/");
+ oAuth2Login.failureHandler((request, response, e) -> {
+ System.out.println(e.getMessage());
+ });
oAuth2Login.successHandler(
authenticationSuccessHandler());
oAuth2Login.failureUrl("/login?errorOauth2=true&error");
});
super.configure(http);
- setLoginView(http, LoginLayout.class);
+ setLoginView(http, LoginLayout.class);*/
+ http.authorizeHttpRequests(v ->
+ v.requestMatchers("/", "/login", "/oauth2/authorization/zenodo2").permitAll() // Public paths
+ .requestMatchers("/oauth2/code/**").permitAll()
+ )
+ .oauth2Login(oauth2 -> oauth2
+ .defaultSuccessUrl("/login2", true) // Redirect after login
+ );
+
+ super.configure(http);
}
}
diff --git a/user-interface/src/main/java/life/qbic/datamanager/security/ZenodoSecurityConfiguration.java b/user-interface/src/main/java/life/qbic/datamanager/security/ZenodoSecurityConfiguration.java
index 7289c522af..701a250272 100644
--- a/user-interface/src/main/java/life/qbic/datamanager/security/ZenodoSecurityConfiguration.java
+++ b/user-interface/src/main/java/life/qbic/datamanager/security/ZenodoSecurityConfiguration.java
@@ -4,7 +4,6 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
/**
*
@@ -18,18 +17,15 @@ public class ZenodoSecurityConfiguration {
@Bean
public SecurityFilterChain secondarySecurityChain(HttpSecurity http) throws Exception {
- http
- .securityMatcher("/oauth2/code**") // Only handle routes related to Zenodo OAuth2 flow
- .authorizeHttpRequests(auth -> auth
- .requestMatchers(new AntPathRequestMatcher("/oauth2/code*"),
- new AntPathRequestMatcher("/oauth2/callback")).permitAll() // Allow the callback
- .anyRequest().authenticated()
- )
- .oauth2Login(oauth2 -> oauth2
- .loginPage("/whoami").permitAll()
- .defaultSuccessUrl("/whoami/zenodo/success", true).failureUrl("/zenodo/failure")
- // Redirect after successful login
- );
+// http
+// .authorizeHttpRequests(auth -> auth
+// .requestMatchers("/", "/login", "/oauth2/authorization/zenodo2").permitAll() // Public paths
+// .requestMatchers("/oauth2/code/**").permitAll()
+// .anyRequest().authenticated() // Protect all other paths
+// )
+// .oauth2Login(oauth2 -> oauth2
+// .defaultSuccessUrl("/login2", true) // Redirect after login
+// );
return http.build();
}
diff --git a/user-interface/src/main/java/life/qbic/datamanager/views/demo/AuthTest.java b/user-interface/src/main/java/life/qbic/datamanager/views/demo/AuthTest.java
index c6d8b68ba8..57c2d5b391 100644
--- a/user-interface/src/main/java/life/qbic/datamanager/views/demo/AuthTest.java
+++ b/user-interface/src/main/java/life/qbic/datamanager/views/demo/AuthTest.java
@@ -6,9 +6,11 @@
import com.vaadin.flow.router.BeforeEnterEvent;
import com.vaadin.flow.router.BeforeEnterObserver;
import com.vaadin.flow.router.Route;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
import com.vaadin.flow.spring.annotation.UIScope;
import jakarta.annotation.security.PermitAll;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
@@ -28,8 +30,8 @@
* @since
*/
@Profile("test-ui") // This view will only be available when the "test-ui" profile is active
-@Route("whoami")
-@PermitAll
+@Route("login2")
+@AnonymousAllowed
@UIScope
@Component
public class AuthTest extends Div implements BeforeEnterObserver {
@@ -37,7 +39,7 @@ public class AuthTest extends Div implements BeforeEnterObserver {
@Autowired
private OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager;
- public AuthTest() {
+ public AuthTest(@Autowired ApplicationContext app) {
Button button = new Button("Authorize Zenodo");
button.addClickListener(e -> {
String authorizationUrl = ServletUriComponentsBuilder
diff --git a/user-interface/src/main/resources/application.properties b/user-interface/src/main/resources/application.properties
index 8c1b8b5fcd..2f1b13e5a9 100644
--- a/user-interface/src/main/resources/application.properties
+++ b/user-interface/src/main/resources/application.properties
@@ -112,16 +112,15 @@ spring.security.oauth2.client.registration.zenodo.client-name=zenodo
spring.security.oauth2.client.registration.zenodo.client-id=XOLzn76ndm5ZCRMa8157l44fqMLw3Tz743nLQz3i
spring.security.oauth2.client.registration.zenodo.client-secret=zSwZKoh6aA0zuFUL4nCxpo53lKpuqK6X8cYIEpaIivcl8mNf95XWqDGrByw3
spring.security.oauth2.client.registration.zenodo.authorization-grant-type=authorization_code
-spring.security.oauth2.client.registration.zenodo.redirect-uri={baseUrl}/whoami/oauth2/code/zenodo
+spring.security.oauth2.client.registration.zenodo.redirect-uri={baseUrl}/login/oauth2/code/zenodo2
spring.security.oauth2.client.registration.zenodo.scope=user:email
spring.security.oauth2.client.provider.zenodo.authorization-uri=https://zenodo.org/oauth/authorize
spring.security.oauth2.client.provider.zenodo.token-uri=https://zenodo.org/oauth/token
spring.security.oauth2.client.provider.zenodo.user-info-uri=https://zenodo.org/api/me
-spring.security.oauth2.client.provider.zenodo.jwk-set-uri=""
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.security.oauth2=DEBUG
-
-#logging.level.org.springframework.security.web=DEBUG
+logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
+logging.level.org.springframework.security.web=DEBUG
###############################################################################
################### ActiveMQ Artemis ##########################################
# ActiveMQ Artemis is used as a global message broker handling
diff --git a/user-interface/src/main/resources/templates/login.html b/user-interface/src/main/resources/templates/login.html
new file mode 100644
index 0000000000..04e75bc585
--- /dev/null
+++ b/user-interface/src/main/resources/templates/login.html
@@ -0,0 +1,10 @@
+
+
+
+
+ Title
+
+
+
+
+