Closed TomasKulhanek closed 6 years ago
I you want to manage this exception on spring security is quite simple in spring-wp6/src/main/java/org/cirmmp/spring/security/SecurityConfiguration.java add in configure method http // ... .and() .exceptionHandling().accessDeniedPage("/accessDenied.jsp");
On 24 Nov 2017, at 10:40, Tomas Kulhanek notifications@github.com wrote:
create user if authenticated by West-Life SSO and not exists in Repository. REST to return HTTP 403 unauthorized if no West-Life SSO or Spring authentication is not provided, currently subsequent exception thrown. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/11, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWidsxQtBzlJhsRUh-yL6GnL-feuX_ks5s5o8XgaJpZM4QplDa.
I thought that it may be addressed by AOP.
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
@Aspect
public class CheckAuth {
@Before("execution(* org.cirmmp.spring.controller.RestCon.*(xusername, xname))")
public void checkAuthentication(String xusername,String xname){
String ssoId = (xusername.length()>0)? xusername: SecurityContextHolder.getContext().getAuthentication().getName();
if (ssoId=="") {
throw new UnauthorizedUserException("authorization required");
//new ResponseEntity("authorization required", HttpStatus.UNAUTHORIZED);
} else {
//LOG.info("checkAuthentication: OK");
}
}
}
Seems additional configuration needs to be done, for this purpose bit overkill.
I think is better to leave the security exception managed by spring security if they are addressed
Agree - added spring security to return 401 instead of redirect as proposed at https://stackoverflow.com/a/30935622/1374834
Going to /login?next=http://localhost:9000 should redirect after succesful login to the url after next. How to achieve it in Spring? Modified appcontroller.java seems not to do that.
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String loginPage(@RequestParam(name="next",defaultValue="") String redirecturl) {
LOG.info("loginPage(), redirect next "+redirecturl);
if (isCurrentAuthenticationAnonymous()) {
return "login";
} else {
if (redirecturl.length()>0 )
return "redirect:"+redirecturl;
else
return "redirect:/list";
}
}
try to add this
http. ///// .defaultSuccessUrl("/success.html", true)
after formLogin()
On 24 Nov 2017, at 13:15, Tomas Kulhanek notifications@github.com wrote:
Going to /login?next=http://localhost:9000 http://localhost:9000/ should redirect after succesful login to the url after next. How to achieve it in Spring? Modified appcontroller.java seems not to do that.
@RequestMapping(value = "/login", method = RequestMethod.GET) public String loginPage(@RequestParam(name="next",defaultValue="") String redirecturl) { LOG.info("loginPage(), redirect next "+redirecturl); if (isCurrentAuthenticationAnonymous()) { return "login"; } else { if (redirecturl.length()>0 ) return "redirect:"+redirecturl; else return "redirect:/list";
} } — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/11#issuecomment-346815923, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWicxFu_g5PbbhFGFY1VCHPVPJ-mhYks5s5rNjgaJpZM4QplDa.
in SecurityConfiguration.java
On 24 Nov 2017, at 14:51, Andrea Giachetti andreagia71@gmail.com wrote:
try to add this
http. ///// .defaultSuccessUrl("/success.html", true)
after formLogin()
On 24 Nov 2017, at 13:15, Tomas Kulhanek <notifications@github.com mailto:notifications@github.com> wrote:
Going to /login?next=http://localhost:9000 http://localhost:9000/ should redirect after succesful login to the url after next. How to achieve it in Spring? Modified appcontroller.java seems not to do that.
@RequestMapping(value = "/login", method = RequestMethod.GET) public String loginPage(@RequestParam(name="next",defaultValue="") String redirecturl) { LOG.info("loginPage(), redirect next "+redirecturl); if (isCurrentAuthenticationAnonymous()) { return "login"; } else { if (redirecturl.length()>0 ) return "redirect:"+redirecturl; else return "redirect:/list";
} } — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/11#issuecomment-346815923, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWicxFu_g5PbbhFGFY1VCHPVPJ-mhYks5s5rNjgaJpZM4QplDa.
December review and tasks:
repositorytest/index.html#/dashboard/project/1
dataset:repositorytest/index.html#/dashboard/dataset/1
January tasks: