Add user filter to groups

mraible · mraible · commit 0c6311621ecf · 2018-07-18T16:54:10.000-06:00
diff --git a/app/src/GroupList.js b/app/src/GroupList.js
@@ -76,7 +76,7 @@ class GroupList extends Component {
           <div className="float-right">
             <Button color="success" tag={Link} to="/groups/new">Add Group</Button>
           </div>
-          <h3>Java User Groups</h3>
+          <h3>My JUG Tour</h3>
           <Table className="mt-4">
             <thead>
             <tr>
diff --git a/src/main/java/com/okta/developer/jugtours/config/OAuth2AuthenticationSuccessHandler.java b/src/main/java/com/okta/developer/jugtours/config/OAuth2AuthenticationSuccessHandler.java
@@ -0,0 +1,68 @@
+package com.okta.developer.jugtours.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.WebAttributes;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+
+import static com.okta.developer.jugtours.config.OAuth2Configuration.SAVED_LOGIN_ORIGIN_URI;
+
+/**
+ * AuthenticationSuccessHandler that looks for a saved login origin and redirects to it if it exists.
+ */
+public class OAuth2AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    private final Logger log = LoggerFactory.getLogger(OAuth2AuthenticationSuccessHandler.class);
+
+    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication)
+        throws IOException {
+
+        handle(request, response);
+        clearAuthenticationAttributes(request);
+    }
+
+    private void handle(HttpServletRequest request, HttpServletResponse response)
+        throws IOException {
+
+        String targetUrl = determineTargetUrl(request);
+
+        if (response.isCommitted()) {
+            log.error("Response has already been committed. Unable to redirect to " + targetUrl);
+            return;
+        }
+
+        redirectStrategy.sendRedirect(request, response, targetUrl);
+    }
+
+    private String determineTargetUrl(HttpServletRequest request) {
+        Object savedReferrer = request.getSession().getAttribute(SAVED_LOGIN_ORIGIN_URI);
+        if (savedReferrer != null) {
+            String savedLoginOrigin = request.getSession().getAttribute(SAVED_LOGIN_ORIGIN_URI).toString();
+            log.info("Redirecting to saved login origin URI: {}", savedLoginOrigin);
+            request.getSession().removeAttribute(SAVED_LOGIN_ORIGIN_URI);
+            return savedLoginOrigin;
+        } else {
+            return "/";
+        }
+    }
+
+    private void clearAuthenticationAttributes(HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+        if (session == null) {
+            return;
+        }
+        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
+    }
+}
diff --git a/src/main/java/com/okta/developer/jugtours/config/OAuth2Configuration.java b/src/main/java/com/okta/developer/jugtours/config/OAuth2Configuration.java
@@ -0,0 +1,98 @@
+package com.okta.developer.jugtours.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+import org.springframework.core.PriorityOrdered;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Development only configuration that is Browsersync-aware and redirects to the origin you clicked "login" from.
+ * If you split your application into client and server into separate domains, you might want to enable this for prod
+ * mode too.
+ */
+@Configuration
+@Profile("dev")
+public class OAuth2Configuration {
+    public static final String SAVED_LOGIN_ORIGIN_URI = OAuth2Configuration.class.getName() + "_SAVED_ORIGIN";
+
+    private final Logger log = LoggerFactory.getLogger(OAuth2Configuration.class);
+
+    @Bean
+    public FilterRegistrationBean<OncePerRequestFilter> saveLoginOriginFilter() {
+        OncePerRequestFilter filter = new OncePerRequestFilter() {
+            @Override
+            protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                            FilterChain filterChain)
+                throws ServletException, IOException {
+                if (request.getRemoteUser() == null && request.getRequestURI().endsWith("/login")) {
+                    String referrer = request.getHeader("referer");
+                    if (!StringUtils.isEmpty(referrer) &&
+                        request.getSession().getAttribute(SAVED_LOGIN_ORIGIN_URI) == null) {
+                        log.info("Saving login origin URI: {}", referrer);
+                        request.getSession().setAttribute(SAVED_LOGIN_ORIGIN_URI, referrer);
+                    }
+                }
+                filterChain.doFilter(request, response);
+            }
+        };
+        FilterRegistrationBean<OncePerRequestFilter> bean = new FilterRegistrationBean<>(filter);
+        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return bean;
+    }
+
+    @Bean
+    public static DefaultRolesPrefixPostProcessor defaultRolesPrefixPostProcessor() {
+        return new DefaultRolesPrefixPostProcessor();
+    }
+
+    public static class DefaultRolesPrefixPostProcessor implements BeanPostProcessor, PriorityOrdered {
+
+        @Override
+        public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
+            if (bean instanceof FilterChainProxy) {
+
+                FilterChainProxy chains = (FilterChainProxy) bean;
+
+                for (SecurityFilterChain chain : chains.getFilterChains()) {
+                    for (Filter filter : chain.getFilters()) {
+                        if (filter instanceof OAuth2ClientAuthenticationProcessingFilter) {
+                            OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter =
+                                (OAuth2ClientAuthenticationProcessingFilter) filter;
+                            oAuth2ClientAuthenticationProcessingFilter
+                                .setAuthenticationSuccessHandler(new OAuth2AuthenticationSuccessHandler());
+                        }
+                    }
+                }
+            }
+            return bean;
+        }
+
+        @Override
+        public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
+            return bean;
+        }
+
+        @Override
+        public int getOrder() {
+            return PriorityOrdered.HIGHEST_PRECEDENCE;
+        }
+    }
+}
diff --git a/src/main/java/com/okta/developer/jugtours/config/SecurityConfiguration.java b/src/main/java/com/okta/developer/jugtours/config/SecurityConfiguration.java
@@ -1,142 +1,23 @@
 package com.okta.developer.jugtours.config;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
-import org.springframework.security.web.savedrequest.RequestCache;
-import org.springframework.security.web.savedrequest.SavedRequest;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.util.Collection;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
 
 @Configuration
 @EnableOAuth2Sso
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
-    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
-
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/**/*.{js,html,css}");
-    }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        RequestCache requestCache = refererRequestCache();
-        SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
-        handler.setRequestCache(requestCache);
         http
                 .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-            .and()
-                .oauth2Login()
-                .successHandler(handler)
             .and()
                 .authorizeRequests()
                 .antMatchers("/**/*.{js,html,css}").permitAll()
                 .antMatchers("/", "/api/user").permitAll()
-                .anyRequest().authenticated();/*
-            .and()
-                .requiresChannel()
-                .requestMatchers(r -> r.getHeader("x-forwarded-proto") != null)
-                .requiresSecure();*/
-    }
-
-    @Bean
-    @Profile("dev")
-    public RequestCache refererRequestCache() {
-        return new RequestCache() {
-            private String savedAttrName = getClass().getName().concat(".SAVED");
-
-            @Override
-            public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
-                String referrer = request.getHeader("referer");
-                if (referrer != null) {
-                    request.getSession().setAttribute(this.savedAttrName, referrerRequest(referrer));
-                }
-            }
-
-            @Override
-            public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response) {
-                HttpSession session = request.getSession(false);
-
-                if (session != null) {
-                    return (SavedRequest) session.getAttribute(this.savedAttrName);
-                }
-
-                return null;
-            }
-
-            @Override
-            public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
-                return request;
-            }
-
-            @Override
-            public void removeRequest(HttpServletRequest request, HttpServletResponse response) {
-                HttpSession session = request.getSession(false);
-
-                if (session != null) {
-                    log.debug("Removing SavedRequest from session if present");
-                    session.removeAttribute(this.savedAttrName);
-                }
-            }
-        };
-    }
-
-    private SavedRequest referrerRequest(final String referrer) {
-        return new SavedRequest() {
-            @Override
-            public String getRedirectUrl() {
-                return referrer;
-            }
-
-            @Override
-            public List<Cookie> getCookies() {
-                return null;
-            }
-
-            @Override
-            public String getMethod() {
-                return null;
-            }
-
-            @Override
-            public List<String> getHeaderValues(String name) {
-                return null;
-            }
-
-            @Override
-            public Collection<String> getHeaderNames() {
-                return null;
-            }
-
-            @Override
-            public List<Locale> getLocales() {
-                return null;
-            }
-
-            @Override
-            public String[] getParameterValues(String name) {
-                return new String[0];
-            }
-
-            @Override
-            public Map<String, String[]> getParameterMap() {
-                return null;
-            }
-        };
+                .anyRequest().authenticated();
     }
 }
diff --git a/src/main/java/com/okta/developer/jugtours/model/Group.java b/src/main/java/com/okta/developer/jugtours/model/Group.java
@@ -25,7 +25,7 @@ public class Group {
     private String stateOrProvince;
     private String country;
     private String postalCode;
-    @ManyToOne
+    @ManyToOne(cascade=CascadeType.ALL)
     private User user;
 
     @OneToMany(fetch = FetchType.EAGER, cascade=CascadeType.ALL)
diff --git a/src/main/java/com/okta/developer/jugtours/model/GroupEventHandler.java b/src/main/java/com/okta/developer/jugtours/model/GroupEventHandler.java
diff --git a/src/main/java/com/okta/developer/jugtours/web/GroupController.java b/src/main/java/com/okta/developer/jugtours/web/GroupController.java
@@ -2,17 +2,21 @@
 
 import com.okta.developer.jugtours.model.Group;
 import com.okta.developer.jugtours.model.GroupRepository;
+import com.okta.developer.jugtours.model.User;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.Principal;
 import java.util.Collection;
+import java.util.Map;
 import java.util.Optional;
 
 @RestController
@@ -39,8 +43,13 @@ ResponseEntity<?> getGroup(@PathVariable Long id) {
     }
 
 	@PostMapping("/group")
-    ResponseEntity<Group> createGroup(@Valid @RequestBody Group group) throws URISyntaxException {
+    ResponseEntity<Group> createGroup(@Valid @RequestBody Group group, Principal principal) throws URISyntaxException {
         log.info("Request to create group: {}", group);
+        OAuth2Authentication authentication = (OAuth2Authentication) principal;
+        Map<String, Object> details = (Map<String, Object>) authentication.getUserAuthentication().getDetails();
+        User user = new User(details.get("sub").toString(),
+                details.get("name").toString(), details.get("email").toString());
+        group.setUser(user);
         Group result = repository.save(group);
         return ResponseEntity.created(new URI("/api/group/" + result.getId()))
                 .body(result);
