diff --git a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java index 3b8f79b4..c83cc513 100644 --- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java +++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java @@ -11,8 +11,11 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.PKCS8EncodedKeySpec; import java.time.Instant; +import java.util.List; +import java.util.Map; import java.util.UUID; +import org.apache.xml.security.Init; import org.bouncycastle.util.io.pem.PemReader; import org.opensaml.core.config.InitializationService; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; @@ -47,6 +50,8 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.saml2.core.Saml2X509Credential; +import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; +import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication; import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; @@ -65,7 +70,7 @@ import org.springframework.web.filter.CorsFilter; import org.springframework.web.servlet.handler.HandlerMappingIntrospector; import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.xml.security.Init; + import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.security.SecurityRequirement; @@ -184,70 +189,54 @@ public class SecurityConfig { .saml2Login(saml -> saml.defaultSuccessUrl("/") .successHandler((request, response, authentication) -> { - logger.error("SAML success login"); - SamlResponseLogEntity samlResponseLogEntity = new SamlResponseLogEntity(); - samlResponseLogEntity.setRequest(request.toString()); - samlResponseLogEntity.setResponse(response.toString()); - samlResponseLogEntity.setAuthenticationObject(authentication.toString()); - samlResponseLogRepository.save(samlResponseLogEntity); - try { - ObjectMapper objectMapper = new ObjectMapper(); - // Create a new SAML log entity - SamlResponseLogEntity samlResponseLogEntity1 = new SamlResponseLogEntity(); + try { + // Cast the authentication object to Saml2Authentication + Saml2Authentication samlAuth = (Saml2Authentication) authentication; + Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) samlAuth.getPrincipal(); - // Convert request, response, and authentication to JSON format - String requestJson = objectMapper.writeValueAsString(request.getParameterMap()); // Assuming request params to JSON - String responseJson = objectMapper.writeValueAsString(response); // This may need to be adapted based on your response object - String authenticationJson = objectMapper.writeValueAsString(authentication); // Authentication object to JSON + // Extract the user attributes from the principal + Map> userAttributes = principal.getAttributes(); - // Set the JSON strings in the entity - samlResponseLogEntity1.setRequest(requestJson); - samlResponseLogEntity1.setResponse(responseJson); - samlResponseLogEntity1.setAuthenticationObject(authenticationJson); - samlResponseLogRepository.save(samlResponseLogEntity1); - - logger.info("SAML Request: " + requestJson); - logger.info("SAML Response: " + responseJson); - logger.info("Authentication Details: " + authenticationJson); - }catch(Exception e) { - logger.info("Exception object" + e); - } -// samlResponseLogRepository - logger.info("SAML login successful for user: " + authentication.getName()); - response.sendRedirect("http://gepafin-staging-fe.s3-website.eu-central-1.amazonaws.com/"); - }).failureHandler((request, response, exception) -> { - logger.error("SAML login failed: " + exception.getMessage()); + // Log the user attributes for debugging purposes + logger.info("SAML User Attributes: " + userAttributes); - SamlResponseLogEntity samlResponseLogEntity = new SamlResponseLogEntity(); - samlResponseLogEntity.setRequest(request.toString()); - samlResponseLogEntity.setResponse(response.toString()); - samlResponseLogEntity.setExceptionObject(exception.toString()); - samlResponseLogRepository.save(samlResponseLogEntity); - try { - ObjectMapper objectMapper = new ObjectMapper(); + // Save the authentication details in the database (Optional) + SamlResponseLogEntity samlResponseLogEntity = new SamlResponseLogEntity(); + samlResponseLogEntity.setAuthenticationObject(authentication.toString()); - // Create a new SAML log entity - SamlResponseLogEntity samlResponseLogEntity1 = new SamlResponseLogEntity(); + // Convert user attributes to JSON and save in DB + ObjectMapper objectMapper = new ObjectMapper(); + String userAttributesJson = objectMapper.writeValueAsString(userAttributes); + samlResponseLogEntity.setAuthenticationObject(userAttributesJson); + samlResponseLogRepository.save(samlResponseLogEntity); + + // Successful login logic + logger.info("SAML login successful for user: " + principal.getName()); + response.sendRedirect("http://gepafin-staging-fe.s3-website.eu-central-1.amazonaws.com/login"); + } catch (Exception e) { + logger.error("Error processing SAML success handler", e); + } + }) + .failureHandler((request, response, exception) -> { + try { + logger.error("SAML login failed: " + exception.getMessage()); + + // Log the failure details to the database (Optional) + SamlResponseLogEntity samlResponseLogEntity = new SamlResponseLogEntity(); + samlResponseLogEntity.setRequest(request.toString()); + samlResponseLogEntity.setResponse(response.toString()); + samlResponseLogEntity.setExceptionObject(exception.toString()); + samlResponseLogRepository.save(samlResponseLogEntity); + + // Handle failure redirection + response.sendRedirect("http://gepafin-staging-fe.s3-website.eu-central-1.amazonaws.com/login"); + } catch (Exception e) { + logger.error("Error processing SAML failure handler", e); + } + }) + ); - // Convert request, response, and authentication to JSON format - String requestJson = objectMapper.writeValueAsString(request.getParameterMap()); // Assuming request params to JSON - String responseJson = objectMapper.writeValueAsString(response); // This may need to be adapted based on your response object - String exceptionJson = objectMapper.writeValueAsString(exception); // Authentication object to JSON - // Set the JSON strings in the entity - samlResponseLogEntity1.setRequest(requestJson); - samlResponseLogEntity1.setResponse(responseJson); - samlResponseLogEntity1.setAuthenticationObject(exceptionJson); - samlResponseLogRepository.save(samlResponseLogEntity1); - - logger.info("SAML Request: " + requestJson); - logger.info("SAML Response: " + responseJson); - logger.info("exception Details: " + exceptionJson); - }catch(Exception e) { - logger.info("Exception object" + e); - } - response.sendRedirect("http://gepafin-staging-fe.s3-website.eu-central-1.amazonaws.com/login"); - })); return http.build(); }