Updated SAML config

2024-10-17 19:39:25 -07:00
parent 863e2db68d
commit 07498ce1ef
4 changed files with 94 additions and 35 deletions
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -15,6 +15,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
@@ -109,23 +110,19 @@ public class SecurityConfig {
                .requestMatchers("/v1/user/reset-password/initiate").permitAll()
                .requestMatchers("/v1/user/reset-password").permitAll()
                .anyRequest().authenticated())
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
-                .exceptionHandling(exceptionHandling -> exceptionHandling
-                        .authenticationEntryPoint((request, response, authException) -> {
-                            // Send 403 Forbidden when there is no JWT token provided
-                            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Forbidden: Authentication token is missing or invalid");
-                        })
-                    )
-                .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
-                // Add SAML2 login configuration (for BENEFICIARI)
-                /*
-                 * .saml2Login(saml -> saml.loginPage("/saml/login") // Entry point for SAML
-                 * login .defaultSuccessUrl("/") // Redirect after successful SAML login );
-                 */
-				.saml2Login(saml -> saml.defaultSuccessUrl("/").successHandler(samlSuccessHandler)
-						.failureHandler(samlFailureHandler));
-
+            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
+            .exceptionHandling(exceptionHandling -> exceptionHandling
+                .authenticationEntryPoint((request, response, authException) -> {
+                    // Send 403 Forbidden when there is no JWT token provided
+                    response.sendError(HttpServletResponse.SC_FORBIDDEN, "Forbidden: Authentication token is missing or invalid");
+                })
+            )
+            .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
+            .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
+            .addFilterBefore(new SamlRequestFilter(), Saml2WebSsoAuthenticationRequestFilter.class) // Add the custom SAML filter
+            .saml2Login(saml -> saml.defaultSuccessUrl("/")
+                    .successHandler(samlSuccessHandler)
+                    .failureHandler(samlFailureHandler));

        return http.build();
    }