Allow to log in with basic auth in the API

ddd0de0c · Hamza Remmal · b95e2309 · ddd0de0c · ddd0de0c
Commit ddd0de0c authored 2 months ago by Hamza Remmal
--- a/autograde-service/src/main/java/ch/epfl/autograde/auth/token/SharedSecretConfigurer.java
+++ b/autograde-service/src/main/java/ch/epfl/autograde/auth/token/SharedSecretConfigurer.java
 package ch.epfl.autograde.auth.token;

+import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -9,10 +10,11 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;

+@RequiredArgsConstructor
+public final class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<HttpBasicConfigurer<B>, B> {

-public class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<HttpBasicConfigurer<B>, B> {
+    private final AuthenticationManager manager;

    private final AuthenticationEntryPoint authenticationEntryPoint = new SharedSecretEntryPoint();

@@ -27,7 +29,6 @@ public class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends Ab

    @Override
    public void configure(B http) {
-        final var manager = http.getSharedObject(AuthenticationManager.class);
        final var filter  = new ShareSecretFilter(manager, this.authenticationEntryPoint);
        final var rememberMe = http.getSharedObject(RememberMeServices.class);
        if (rememberMe != null)
@@ -36,13 +37,5 @@ public class SharedSecretConfigurer<B extends HttpSecurityBuilder<B>> extends Ab
        http.addFilterBefore(postProcess(filter), BasicAuthenticationFilter.class);
    }

-    private void registerDefaultEntryPoint(B http, RequestMatcher preferredMatcher) {
-		final var exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
-		if (exceptionHandling == null) {
-			return;
-		}
-		exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(this.authenticationEntryPoint), preferredMatcher);
-	}
-
 }

--- a/autograde-service/src/main/java/ch/epfl/autograde/config/SecurityConfig.java
+++ b/autograde-service/src/main/java/ch/epfl/autograde/config/SecurityConfig.java
@@ -13,6 +13,7 @@ import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -45,14 +46,17 @@ public class SecurityConfig {
     */
    @Bean
    @Order(1)
-    public SecurityFilterChain filterChain(HttpSecurity http, ShareSecretAuthenticationProvider provider) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http,
+                                           ShareSecretAuthenticationProvider provider,
+                                           @Qualifier("ldapAuthenticationManager") AuthenticationManager manager
+    ) throws Exception {
        return http
                .securityMatcher("/api/**")
-                .with(new SharedSecretConfigurer<>(), withDefaults())
-                .authenticationProvider(provider)
+                .with(new SharedSecretConfigurer<>(new ProviderManager(provider)), withDefaults())
+                .httpBasic(withDefaults())
+                .authenticationManager(manager)
                .csrf(AbstractHttpConfigurer::disable)
                .anonymous(AbstractHttpConfigurer::disable)
-                .httpBasic(AbstractHttpConfigurer::disable)
                .formLogin(AbstractHttpConfigurer::disable)
                .sessionManagement(AbstractHttpConfigurer::disable)
                .requestCache(RequestCacheConfigurer::disable)