Relocate /required and /lazy handlers to sample

Previous presence on ProfileController resulted in those APIs leaking to downstream consumers of uw-spring-security-web. Also adds an HttpSecurityAmender for configuring auth for /profile. Bump to version 1.0.0-SNAPSHOT.

Relocate /required and /lazy handlers to sample
04cae550 · Nicholas Blair · 34cc344c · 04cae550 · 04cae550 · 04cae550
Commit 04cae550 authored 9 years ago by Nicholas Blair
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>edu.wisc.uwss</groupId>
 	<artifactId>uw-spring-security</artifactId>
-	<version>0.5.1-SNAPSHOT</version>
+	<version>1.0.0-SNAPSHOT</version>
 	<packaging>pom</packaging>
 	<name>UW Spring Security Parent</name>
 	<description>Parent project for module to integrate Spring Security with UW authentication mechanism.</description>
@@ -74,6 +74,11 @@
    				</exclusion>
    			</exclusions>
 			</dependency>
+			<dependency>
+				<groupId>edu.wisc.uwss</groupId>
+				<artifactId>uw-spring-security-config</artifactId>
+				<version>${project.version}</version>
+			</dependency>
 			<dependency>
 				<groupId>javax.annotation</groupId>
  				<artifactId>jsr250-api</artifactId>

--- a/uw-spring-security-config/pom.xml
+++ b/uw-spring-security-config/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>0.5.1-SNAPSHOT</version>
+		<version>1.0.0-SNAPSHOT</version>
 	</parent>
 	<artifactId>uw-spring-security-config</artifactId>
 	<name>UW Spring Security Configuration</name>

--- a/uw-spring-security-core/pom.xml
+++ b/uw-spring-security-core/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>0.5.1-SNAPSHOT</version>
+		<version>1.0.0-SNAPSHOT</version>
 	</parent>
 	<artifactId>uw-spring-security-core</artifactId>
 	<name>UW Spring Security Core</name>

--- a/uw-spring-security-sample-war/pom.xml
+++ b/uw-spring-security-sample-war/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>0.5.1-SNAPSHOT</version>
+		<version>1.0.0-SNAPSHOT</version>
 	</parent>
 	<artifactId>uw-spring-security-sample-war</artifactId>
 	<name>UW Spring Security Sample War</name>

--- a/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/configuration/SampleWebSecurityConfiguration.java
+++ b/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/configuration/SampleWebSecurityConfiguration.java
@@ -12,6 +12,7 @@ import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import edu.wisc.uwss.configuration.HttpSecurityAmender;
+import edu.wisc.uwss.web.ProfileRequiresAuthenticationHttpSecurityAmender;
 /**
 * This {@link Configuration} class for the "local-users" {@link Profile} provides an example of how one would 
@@ -38,11 +39,18 @@ public class SampleWebSecurityConfiguration {
                .antMatchers("/favicon.ico").permitAll()
                .antMatchers("/index.html").permitAll()
                .antMatchers("/lazy").permitAll()
-                .antMatchers("/required").authenticated()
+                .antMatchers("/required").authenticated();
-                .antMatchers("/profile").authenticated();
      }
    };
  }
+  /**
+   *
+   * @return {@link HttpSecurityAmender} that requires auth on /profile
+   */
+  @Bean
+  public HttpSecurityAmender profileAuthentication() {
+    return new ProfileRequiresAuthenticationHttpSecurityAmender();
+  }
 }
--- a/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/web/TestController.java
+++ b/uw-spring-security-sample-war/src/main/java/edu/wisc/uwss/sample/web/TestController.java
+package edu.wisc.uwss.sample.web;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+/**
+ * {@link Controller} providing test cases regarding required vs lazy authentication.
+ *
+ * @author Nicholas Blair
+ */
+@Controller
+public class TestController {
+  private static final Logger logger = LoggerFactory.getLogger(TestController.class);
+  /**
+   * This method is bound to a URL that requires authentication.
+   *
+   * @return the {@link #currentPrincipal()}
+   */
+  @RequestMapping(value="/required", method= RequestMethod.GET)
+  public @ResponseBody Object authenticationRequired() {
+    return currentPrincipal();
+  }
+  /**
+   * This method is bound to a URL that does not require authentication.
+   *
+   * @return the {@link #currentPrincipal()}
+   */
+  @RequestMapping(value="/lazy", method=RequestMethod.GET)
+  public @ResponseBody Object authenticationNotRequired() {
+    return currentPrincipal();
+  }
+  /**
+   *
+   * @return the current value for {@link Authentication#getPrincipal()}, or null
+   */
+  protected Object currentPrincipal() {
+    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+    if(authentication == null) {
+      return null;
+    }
+    Object principal = authentication.getPrincipal();
+    logger.debug("Authentication#getPrincipal observed {}", principal);
+    return principal;
+  }
+}
--- a/uw-spring-security-web/pom.xml
+++ b/uw-spring-security-web/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>edu.wisc.uwss</groupId>
 		<artifactId>uw-spring-security</artifactId>
-		<version>0.5.1-SNAPSHOT</version>
+		<version>1.0.0-SNAPSHOT</version>
 	</parent>
 	<artifactId>uw-spring-security-web</artifactId>
 	<name>UW Spring Security Web</name>
@@ -34,5 +34,10 @@
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-webmvc</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>edu.wisc.uwss</groupId>
+			<artifactId>uw-spring-security-config</artifactId>
+			<version>1.0.0-SNAPSHOT</version>
+		</dependency>
 	</dependencies>
 </project>
\ No newline at end of file
--- a/uw-spring-security-web/src/main/java/edu/wisc/uwss/web/ProfileController.java
+++ b/uw-spring-security-web/src/main/java/edu/wisc/uwss/web/ProfileController.java
@@ -6,6 +6,7 @@ package edu.wisc.uwss.web;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -14,50 +15,21 @@ import org.springframework.web.bind.annotation.ResponseBody;
 /**
 * {@link Controller} useful for returning the current authenticated principal.
- * 
+ *
+ * @see ProfileRequiresAuthenticationHttpSecurityAmender
 * @author Nicholas Blair
 */
 @Controller
 public class ProfileController {
-  private static final Logger logger = LoggerFactory.getLogger(ProfileController.class);
-  /**
-   * This method is bound to a URL that requires authentication.
-   * 
-   * @return the {@link #currentPrincipal()}
-   */
-  @RequestMapping(value="/required", method=RequestMethod.GET)
-  public @ResponseBody Object authenticationRequired() {
-    return currentPrincipal();
-  }
-  /**
-   * This method is bound to a URL that does not require authentication.
-   * 
-   * @return the {@link #currentPrincipal()} 
-   */
-  @RequestMapping(value="/lazy", method=RequestMethod.GET)
-  public @ResponseBody Object authenticationNotRequired() {
-    return currentPrincipal();
-  }
  /**
-   * 
+   * This method intentionally avoids using {@link edu.wisc.uwss.UWUserDetails} for the argument and
-   * @return the {@link #currentPrincipal()} 
+   * return type. Configurations exist that may result authentication not being required for this URL.
+   *
+   * @return the current authenticated principal
   */
  @RequestMapping(value="/profile", method=RequestMethod.GET)
-  public @ResponseBody Object profile() {
+  public @ResponseBody Object profile(@AuthenticationPrincipal Object principal) {
-    return authenticationRequired();
-  }
-  /**
-   * 
-   * @return the current value for {@link Authentication#getPrincipal()}, or null
-   */
-  protected Object currentPrincipal() {
-    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-    if(authentication == null) {
-      return null;
-    }
-    Object principal = authentication.getPrincipal();
-    logger.debug("Authentication#getPrincipal observed {}", principal);
    return principal;
  }
 }
--- a/uw-spring-security-web/src/main/java/edu/wisc/uwss/web/ProfileRequiresAuthenticationHttpSecurityAmender.java
+++ b/uw-spring-security-web/src/main/java/edu/wisc/uwss/web/ProfileRequiresAuthenticationHttpSecurityAmender.java
+package edu.wisc.uwss.web;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.stereotype.Component;
+import edu.wisc.uwss.configuration.HttpSecurityAmender;
+/**
+ * {@link HttpSecurityAmender} to make sure requests to /profile are authenticated.
+ *
+ * @see ProfileController
+ * @author Nicholas Blair
+ */
+public class ProfileRequiresAuthenticationHttpSecurityAmender implements HttpSecurityAmender {
+  static final Logger logger = LoggerFactory.getLogger(ProfileRequiresAuthenticationHttpSecurityAmender.class);
+  @Override
+  public void amend(HttpSecurity httpSecurity) throws Exception {
+    httpSecurity
+            .authorizeRequests()
+              .antMatchers("/profile").authenticated();
+    logger.info("url '/profile' requires authentication");
+  }
+}