diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
index 7b3120c..14becab 100644
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@@ -7,19 +7,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: zulu
- java-version: 11
+ java-version: 17
- name: Cache Maven packages
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: ~/.m2
- key: ${{ runner.os }}-m2-v11-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-m2-v11-${{ secrets.CACHE_VERSION }}
+ key: ${{ runner.os }}-m2-v17-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }}
+ restore-keys: ${{ runner.os }}-m2-v17-${{ secrets.CACHE_VERSION }}
- name: Build
run: mvn --batch-mode compile
diff --git a/README.md b/README.md
index 55049e7..008357d 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ You can specify the profile as a command-line argument to the Maven wrapper comm
### 5. Run the application
-Spring Boot web applications can be run from the command-line. You need to have the Java Development Kit 8 installed for building the application package and running the application.
+Spring Boot web applications can be run from the command-line. You need to have the Java Development Kit 17 installed for building the application package and running the application.
Build and run the application with the following command in a terminal window:
diff --git a/pom.xml b/pom.xml
index 3568a9c..49761fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.springframework.boot
spring-boot-starter-parent
- 2.7.15
+ 3.1.9
org.webeid.example
@@ -17,10 +17,10 @@
- 11
+ 17
2.22.1
3.0.0
- 5.2.0
+ 5.3.0
1.44
diff --git a/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java
index 9fba315..5e974e4 100644
--- a/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java
+++ b/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java
@@ -24,53 +24,52 @@
import eu.webeid.example.security.AuthTokenDTOAuthenticationProvider;
import eu.webeid.example.security.WebEidAjaxLoginProcessingFilter;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
-public class ApplicationConfiguration extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
+@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
+public class ApplicationConfiguration implements WebMvcConfigurer {
final AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider;
+ final SecurityContextRepository securityContextRepository;
public ApplicationConfiguration(AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider) {
this.authTokenDTOAuthenticationProvider = authTokenDTOAuthenticationProvider;
+ this.securityContextRepository = new HttpSessionSecurityContextRepository();
}
- @Override
- protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
- authenticationManagerBuilder.authenticationProvider(authTokenDTOAuthenticationProvider);
+ @Bean
+ public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+ return authenticationConfiguration.getAuthenticationManager();
}
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // @formatter:off
- http
- .addFilterBefore(
- new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager()),
- UsernamePasswordAuthenticationFilter.class)
- .authorizeRequests()
- .antMatchers("/auth/challenge", "/auth/login", "/")
- .permitAll()
- .antMatchers("/welcome")
- .authenticated()
- .and()
- .logout()
- .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
- .and()
- .headers()
- .frameOptions().sameOrigin();
- // @formatter:on
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ AuthenticationManager manager = authenticationManager(http.getSharedObject(AuthenticationConfiguration.class));
+
+ return http
+ .authenticationProvider(authTokenDTOAuthenticationProvider)
+ .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", manager, securityContextRepository),
+ UsernamePasswordAuthenticationFilter.class)
+ .logout(logout -> logout.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()))
+ .headers(headers -> headers.frameOptions(options -> options.sameOrigin()))
+ .build();
}
+ @Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
registry.addViewController("/welcome").setViewName("welcome");
diff --git a/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java b/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java
index c94a324..cb4654d 100644
--- a/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java
+++ b/src/main/java/eu/webeid/example/config/SessionBackedChallengeNonceStore.java
@@ -26,7 +26,7 @@
import eu.webeid.security.challenge.ChallengeNonce;
import eu.webeid.security.challenge.ChallengeNonceStore;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
public class SessionBackedChallengeNonceStore implements ChallengeNonceStore {
diff --git a/src/main/java/eu/webeid/example/config/ValidationConfiguration.java b/src/main/java/eu/webeid/example/config/ValidationConfiguration.java
index 83f0f47..dbe21ee 100644
--- a/src/main/java/eu/webeid/example/config/ValidationConfiguration.java
+++ b/src/main/java/eu/webeid/example/config/ValidationConfiguration.java
@@ -37,7 +37,7 @@
import eu.webeid.security.validator.AuthTokenValidator;
import eu.webeid.security.validator.AuthTokenValidatorBuilder;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
diff --git a/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java
index ac43205..eb690d8 100644
--- a/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java
+++ b/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java
@@ -24,12 +24,14 @@
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import eu.webeid.example.security.ajax.AjaxAuthenticationFailureHandler;
import eu.webeid.example.security.ajax.AjaxAuthenticationSuccessHandler;
import eu.webeid.example.security.dto.AuthTokenDTO;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
@@ -37,22 +39,27 @@
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
+import org.springframework.security.web.context.SecurityContextRepository;
public class WebEidAjaxLoginProcessingFilter extends AbstractAuthenticationProcessingFilter {
private static final Logger LOG = LoggerFactory.getLogger(WebEidAjaxLoginProcessingFilter.class);
+ private final SecurityContextRepository securityContextRepository;
public WebEidAjaxLoginProcessingFilter(
String defaultFilterProcessesUrl,
- AuthenticationManager authenticationManager
+ AuthenticationManager authenticationManager,
+ SecurityContextRepository securityContextRepository
) {
super(defaultFilterProcessesUrl);
this.setAuthenticationManager(authenticationManager);
this.setAuthenticationSuccessHandler(new AjaxAuthenticationSuccessHandler());
this.setAuthenticationFailureHandler(new AjaxAuthenticationFailureHandler());
setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy());
+ this.securityContextRepository = securityContextRepository;
}
@Override
@@ -76,4 +83,10 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
LOG.info("attemptAuthentication(): Calling authentication manager");
return getAuthenticationManager().authenticate(token);
}
+
+ @Override
+ protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
+ super.successfulAuthentication(request, response, chain, authResult); // Generated from nbfs://nbhost/SystemFileSystem/Templates/Classes/Code/OverriddenMethodBody
+ securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
+ }
}
diff --git a/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java b/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java
index 8580bca..647698f 100644
--- a/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java
+++ b/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationFailureHandler.java
@@ -27,9 +27,9 @@
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
import java.io.IOException;
public class AjaxAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
diff --git a/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java b/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java
index 19d0410..b7b70b9 100644
--- a/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java
+++ b/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java
@@ -29,8 +29,8 @@
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
diff --git a/src/main/java/eu/webeid/example/service/SigningService.java b/src/main/java/eu/webeid/example/service/SigningService.java
index a7d71b4..69adc1c 100644
--- a/src/main/java/eu/webeid/example/service/SigningService.java
+++ b/src/main/java/eu/webeid/example/service/SigningService.java
@@ -46,8 +46,8 @@
import org.springframework.core.io.ByteArrayResource;
import org.springframework.stereotype.Service;
-import javax.servlet.http.HttpSession;
-import javax.xml.bind.DatatypeConverter;
+import jakarta.servlet.http.HttpSession;
+import jakarta.xml.bind.DatatypeConverter;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
diff --git a/src/main/java/eu/webeid/example/web/IndexController.java b/src/main/java/eu/webeid/example/web/IndexController.java
new file mode 100644
index 0000000..e464a50
--- /dev/null
+++ b/src/main/java/eu/webeid/example/web/IndexController.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2020-2024 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.example.web;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class IndexController {
+ @GetMapping("/")
+ public String welcome(Model model, HttpServletRequest request) {
+ model.addAttribute("serverName", request.getServerName());
+ return "index";
+ }
+}
diff --git a/src/main/java/eu/webeid/example/web/WelcomeController.java b/src/main/java/eu/webeid/example/web/WelcomeController.java
index deb7ab8..e61fcc2 100644
--- a/src/main/java/eu/webeid/example/web/WelcomeController.java
+++ b/src/main/java/eu/webeid/example/web/WelcomeController.java
@@ -29,7 +29,7 @@
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.NotNull;
import java.security.Principal;
import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER;
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index 429b6b3..759d337 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -57,7 +57,7 @@ Usage
on Ubuntu Linux, for Firefox and Chrome, download and execute the
download-install-web-eid.sh
script from the console with
- wget -O - https:///scripts/download-install-web-eid.sh
+ wget -O - https:///scripts/download-install-web-eid.sh
| bash
Note that Firefox is installed with Snap in Ubuntu 22.04 or later by default and as the
Snap sandbox does not allow communication with the external native messaging host, Web
diff --git a/src/test/java/eu/webeid/example/WebApplicationTest.java b/src/test/java/eu/webeid/example/WebApplicationTest.java
index 4d95f43..d6e343b 100644
--- a/src/test/java/eu/webeid/example/WebApplicationTest.java
+++ b/src/test/java/eu/webeid/example/WebApplicationTest.java
@@ -59,7 +59,7 @@ public class WebApplicationTest {
private WebApplicationContext context;
@Autowired
- private javax.servlet.Filter[] springSecurityFilterChain;
+ private jakarta.servlet.Filter[] springSecurityFilterChain;
private static DefaultMockMvcBuilder mvcBuilder;
diff --git a/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java b/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java
index 0640a4d..adbaff5 100644
--- a/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java
+++ b/src/test/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilterTest.java
@@ -4,14 +4,15 @@
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.StringReader;
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import org.springframework.security.web.context.SecurityContextRepository;
class WebEidAjaxLoginProcessingFilterTest {
@@ -31,9 +32,10 @@ void testAttemptAuthentication() throws Exception {
when(request.getReader()).thenReturn(new BufferedReader(new StringReader(AUTH_TOKEN)));
final AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
+ final SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class);
assertDoesNotThrow(() ->
- new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager)
+ new WebEidAjaxLoginProcessingFilter("/auth/login", authenticationManager, securityContextRepository)
.attemptAuthentication(request, response));
}
}
\ No newline at end of file
diff --git a/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/src/test/java/eu/webeid/example/testutil/ObjectMother.java
index ad048fd..f6103d5 100644
--- a/src/test/java/eu/webeid/example/testutil/ObjectMother.java
+++ b/src/test/java/eu/webeid/example/testutil/ObjectMother.java
@@ -33,7 +33,7 @@
import eu.webeid.example.service.dto.CertificateDTO;
import eu.webeid.example.service.dto.SignatureDTO;
-import javax.xml.bind.DatatypeConverter;
+import jakarta.xml.bind.DatatypeConverter;
import java.io.FileInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;