This commit is contained in:
Michael Hoennig 2025-03-11 14:50:02 +01:00
parent 1685221567
commit 1f3ae1ddd7
3 changed files with 20 additions and 6 deletions

View File

@ -14,6 +14,7 @@ import jakarta.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
import java.util.function.Supplier;
public class CasAuthenticator implements Authenticator {
@ -52,7 +53,7 @@ public class CasAuthenticator implements Authenticator {
System.err.println("CasAuthenticator.casValidation using URL: " + url);
final var response = restTemplate.getForObject(url, String.class);
final var response = tryTo( () -> restTemplate.getForObject(url, String.class));
final var doc = DocumentBuilderFactory.newInstance().newDocumentBuilder()
.parse(new java.io.ByteArrayInputStream(response.getBytes()));
@ -68,4 +69,13 @@ public class CasAuthenticator implements Authenticator {
System.err.println("CAS-user: " + userName);
return userName;
}
private <T> T tryTo(final Supplier<T> code) {
try {
final T resultValue = code.get();
return resultValue;
} catch (final Exception e) {
throw e;
}
}
}

View File

@ -17,11 +17,14 @@ public class WebSecurityConfig {
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/api/**").permitAll() // TODO.impl: implement authentication
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/v3/api-docs/**").permitAll()
.requestMatchers("/actuator/**").permitAll()
.anyRequest().authenticated()
// TODO.impl: implement CAS authentication via Spring Security
.anyRequest().permitAll()
// .requestMatchers("/swagger-ui/**").permitAll()
// .requestMatchers("/v3/api-docs/**").permitAll()
// .requestMatchers("/actuator/**").permitAll()
// .requestMatchers("/api/ping").permitAll()
// .requestMatchers("/api/**").authenticated()
//.anyRequest().denyAll()
)
.csrf(AbstractHttpConfigurer::disable)
.build();

View File

@ -39,6 +39,7 @@ spring:
data:
rest:
# do NOT implicilty expose SpringData repositories as REST-controllers
detection-strategy: annotated
sql: