Code cleanup

sample/pom.xml

@@ -9,9 +9,9 @@
  <relativePath/> <!-- lookup parent from repository -->
  </parent>
  <groupId>com.rnavagamuwa</groupId>
- <artifactId>spring-security-abac</artifactId>
+ <artifactId>spring-security-abac-sample</artifactId>
  <version>0.0.1-SNAPSHOT</version>
- <name>spring-security-abac</name>
+ <name>spring-security-abac-sample</name>
  <description>Demo project for Spring Boot</description>
 
  <properties>
@@ -49,35 +49,19 @@
  <groupId>xalan</groupId>
  <artifactId>xalan</artifactId>
  </exclusion>
- <exclusion>
- <groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
- </exclusion>
  </exclusions>
  </dependency>
+
  <dependency>
  <groupId>org.opensaml</groupId>
  <artifactId>opensaml</artifactId>
  <version>2.6.4</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
- </exclusion>
- </exclusions>
  </dependency>
 
-
  <dependency>
  <groupId>org.wso2.spring.security</groupId>
  <artifactId>abac</artifactId>
  <version>1.0-SNAPSHOT</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
- </exclusion>
- </exclusions>
  </dependency>
 
  </dependencies>

sample/src/main/java/com/rnavagamuwa/springsecurity/CurrentUserHandlerMethodArgumentResolver.java

@@ -1,19 +1,3 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License. 
- */
-
 package com.rnavagamuwa.springsecurity;
 
 import com.rnavagamuwa.springsecurity.stereotypes.CurrentUser;
@@ -29,23 +13,26 @@
 
 import java.security.Principal;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Component
 public class CurrentUserHandlerMethodArgumentResolver implements
- HandlerMethodArgumentResolver {
+ HandlerMethodArgumentResolver {
 
- public boolean supportsParameter(MethodParameter methodParameter) {
- return methodParameter.getParameterAnnotation(CurrentUser.class) != null
- && methodParameter.getParameterType().equals(User.class);
- }
+ public boolean supportsParameter(MethodParameter methodParameter) {
+ return methodParameter.getParameterAnnotation(CurrentUser.class) != null
+ && methodParameter.getParameterType().equals(User.class);
+ }
 
- public Object resolveArgument(MethodParameter methodParameter,
- ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
- WebDataBinderFactory binderFactory) throws Exception {
- if (this.supportsParameter(methodParameter)) {
- Principal principal = (Principal) webRequest.getUserPrincipal();
- return (User) ((Authentication) principal).getPrincipal();
- } else {
- return WebArgumentResolver.UNRESOLVED;
- }
- }
+ public Object resolveArgument(MethodParameter methodParameter,
+ ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
+ WebDataBinderFactory binderFactory) throws Exception {
+ if (this.supportsParameter(methodParameter)) {
+ Principal principal = (Principal) webRequest.getUserPrincipal();
+ return (User) ((Authentication) principal).getPrincipal();
+ } else {
+ return WebArgumentResolver.UNRESOLVED;
+ }
+ }
 }

sample/src/main/java/com/rnavagamuwa/springsecurity/SAMLUserDetailsServiceImpl.java

@@ -1,19 +1,3 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License. 
- */
-
 package com.rnavagamuwa.springsecurity;
 
 import org.slf4j.Logger;

sample/src/main/java/com/rnavagamuwa/springsecurity/security/MethodSecurityConfig.java → sample/src/main/java/com/rnavagamuwa/springsecurity/config/MethodSecurityConfig.java

@@ -1,4 +1,4 @@
-package com.rnavagamuwa.springsecurity.security;
+package com.rnavagamuwa.springsecurity.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;

sample/src/main/java/com/rnavagamuwa/springsecurity/security/MvcConfig.java → sample/src/main/java/com/rnavagamuwa/springsecurity/config/MvcConfig.java

@@ -1,20 +1,4 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.rnavagamuwa.springsecurity.security;
+package com.rnavagamuwa.springsecurity.config;
 
 import com.rnavagamuwa.springsecurity.CurrentUserHandlerMethodArgumentResolver;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -26,6 +10,9 @@
 
 import java.util.List;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Configuration
 public class MvcConfig implements WebMvcConfigurer {
 

sample/src/main/java/com/rnavagamuwa/springsecurity/security/WebSecurityConfig.java → sample/src/main/java/com/rnavagamuwa/springsecurity/config/WebSecurityConfig.java

@@ -1,20 +1,4 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.rnavagamuwa.springsecurity.security;
+package com.rnavagamuwa.springsecurity.config;
 
 import com.rnavagamuwa.springsecurity.SAMLUserDetailsServiceImpl;
 import org.apache.commons.httpclient.HttpClient;
@@ -66,6 +50,9 @@
 import java.io.IOException;
 import java.util.*;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements InitializingBean, DisposableBean {
@@ -426,7 +413,7 @@ public SAMLProcessorImpl processor() {
  }
 
  /**
- * Define the security filter chain in order to support SSO Auth by using SAML 2.0
+ * Define the config filter chain in order to support SSO Auth by using SAML 2.0
  *
  * @return Filter chain proxy
  * @throws Exception
@@ -465,9 +452,9 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
  }
 
  /**
- * Defines the web based security configuration.
+ * Defines the web based config configuration.
  *
- * @param http It allows configuring web based security for specific http requests.
+ * @param http It allows configuring web based config for specific http requests.
  * @throws Exception
  */
  @Override

sample/src/main/java/com/rnavagamuwa/springsecurity/controller/HelloController.java

@@ -6,6 +6,9 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Controller
 public class HelloController {
 

sample/src/main/java/com/rnavagamuwa/springsecurity/controller/LandingController.java

@@ -1,19 +1,3 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 package com.rnavagamuwa.springsecurity.controller;
 
 import com.rnavagamuwa.springsecurity.stereotypes.CurrentUser;
@@ -26,6 +10,9 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Controller
 public class LandingController {
 
@@ -37,9 +24,9 @@ public class LandingController {
  public String landing(@CurrentUser User user, Model model) {
  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  if (auth == null)
- LOG.debug("Current authentication instance from security context is null");
+ LOG.debug("Current authentication instance from config context is null");
  else
- LOG.debug("Current authentication instance from security context: "
+ LOG.debug("Current authentication instance from config context: "
  + this.getClass().getSimpleName());
  model.addAttribute("username", user.getUsername());
  return "pages/landing";

sample/src/main/java/com/rnavagamuwa/springsecurity/controller/SSOController.java

@@ -1,19 +1,3 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License. 
- */
-
 package com.rnavagamuwa.springsecurity.controller;
 
 import org.slf4j.Logger;
@@ -31,35 +15,38 @@
 import javax.servlet.http.HttpServletRequest;
 import java.util.Set;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Controller
 @RequestMapping("/saml")
 public class SSOController {
 
- // Logger
- private static final Logger LOG = LoggerFactory
- .getLogger(SSOController.class);
-
- @Autowired
- private MetadataManager metadata;
-
- @RequestMapping(value = "/discovery", method = RequestMethod.GET)
- public String idpSelection(HttpServletRequest request, Model model) {
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
- if (auth == null)
- LOG.debug("Current authentication instance from security context is null");
- else
- LOG.debug("Current authentication instance from security context: "
- + this.getClass().getSimpleName());
- if (auth == null || (auth instanceof AnonymousAuthenticationToken)) {
- Set<String> idps = metadata.getIDPEntityNames();
- for (String idp : idps)
- LOG.info("Configured Identity Provider for SSO: " + idp);
- model.addAttribute("idps", idps);
- return "pages/discovery";
- } else {
- LOG.warn("The current user is already logged.");
- return "redirect:/landing";
- }
- }
+ // Logger
+ private static final Logger LOG = LoggerFactory
+ .getLogger(SSOController.class);
+
+ @Autowired
+ private MetadataManager metadata;
+
+ @RequestMapping(value = "/discovery", method = RequestMethod.GET)
+ public String idpSelection(HttpServletRequest request, Model model) {
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+ if (auth == null)
+ LOG.debug("Current authentication instance from config context is null");
+ else
+ LOG.debug("Current authentication instance from config context: "
+ + this.getClass().getSimpleName());
+ if (auth == null || (auth instanceof AnonymousAuthenticationToken)) {
+ Set<String> idps = metadata.getIDPEntityNames();
+ for (String idp : idps)
+ LOG.info("Configured Identity Provider for SSO: " + idp);
+ model.addAttribute("idps", idps);
+ return "pages/discovery";
+ } else {
+ LOG.warn("The current user is already logged.");
+ return "redirect:/landing";
+ }
+ }
 
 }

sample/src/main/java/com/rnavagamuwa/springsecurity/controller/rest/AuthController.java

@@ -9,6 +9,9 @@
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Controller
 public class AuthController {
 

sample/src/main/java/com/rnavagamuwa/springsecurity/stereotypes/CurrentUser.java

@@ -1,23 +1,10 @@
-/*
- * Copyright 2019 Vincenzo De Notaris
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http:https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License. 
- */
-
 package com.rnavagamuwa.springsecurity.stereotypes;
 
 import java.lang.annotation.*;
 
+/**
+ * @author Randika Navagamuwa
+ */
 @Target(ElementType.PARAMETER)
 @Retention(RetentionPolicy.RUNTIME)
 @Documented