From 4a68348a7bc6ab0704cad11bbc97c852099d9f23 Mon Sep 17 00:00:00 2001 From: rajesh Date: Wed, 9 Oct 2024 13:22:06 +0530 Subject: [PATCH] updated security config --- .../config/SecurityConfig.java | 49 ++++++------------- 1 file changed, 14 insertions(+), 35 deletions(-) diff --git a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java index 59132951..91424195 100644 --- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java +++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java @@ -96,53 +96,32 @@ public class SecurityConfig { } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - // Apply stateless session management globally - http.csrf(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(auth -> auth - // Public endpoints + http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests(auth -> auth + // Allow public access to the login endpoints .requestMatchers("/v1/user/login").permitAll() // JWT-based login .requestMatchers("/v1/user").permitAll() // User registration .requestMatchers("/v1/user/sso/validate/existing-user/{token}").permitAll() .requestMatchers("/v1/user/sso/validate/new-user/{token}").permitAll() + .requestMatchers("/v1/saml/**").permitAll() // JWT-based login + .requestMatchers("/saml2/**").permitAll() // SAML login initiation .requestMatchers("/swagger-ui/**").permitAll() // Swagger docs .requestMatchers("/v1/api-docs/**").permitAll() // API docs - - // SAML-related endpoints - .requestMatchers("/v1/saml/**", "/saml2/**").permitAll() - - // Other authenticated requests .anyRequest().authenticated()) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class) + .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class) + // Add SAML2 login configuration (for BENEFICIARI) + /* + * .saml2Login(saml -> saml.loginPage("/saml/login") // Entry point for SAML + * login .defaultSuccessUrl("/") // Redirect after successful SAML login ); + */ + .saml2Login(saml -> saml.defaultSuccessUrl("/").successHandler(samlSuccessHandler) + .failureHandler(samlFailureHandler)); - // Globally use stateless session management for most requests - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - - // SAML2 login configuration - .saml2Login(saml -> saml - .defaultSuccessUrl("/") - .successHandler(samlSuccessHandler) - .failureHandler(samlFailureHandler)); return http.build(); } - // Add another SecurityFilterChain for SAML requests with stateful session management - @Bean - public SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception { - // Apply stateful session management for SAML-related endpoints - http - .securityMatcher("/v1/saml/**", "/saml2/**") // Match SAML requests - .authorizeHttpRequests(auth -> auth - .requestMatchers("/v1/saml/**", "/saml2/**").permitAll() - .anyRequest().authenticated()) - - // Use stateful session management for SAML requests - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)); - - return http.build(); - } - - - @Bean public OpenAPI customOpenAPI() { return new OpenAPI()