Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Adding default principal for anonymous Users in SecurityConfig

Browse Source 
Also, hard-coding the document fields in BaseRepositoryImpl criteria queries.
This commit is contained in:
Arpit Mohan 2020-03-04 16:53:22 +05:30
parent 7019bae082
commit 0914acdca6
6 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/server/appsmith-interfaces/pom.xml
View File

@ -80,6 +80,7 @@
<groupId>com.querydsl</groupId>
<artifactId>querydsl-apt</artifactId>
<version>4.2.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.querydsl</groupId>

2
app/server/appsmith-interfaces/src/main/java/com/appsmith/external/models/BaseDomain.java vendored
View File

@ -26,7 +26,6 @@ import java.util.Set;
@Getter
@Setter
@ToString
@QueryEntity
public abstract class BaseDomain implements Persistable<String> {
private static final long serialVersionUID = 7459916000501322517L;
@ -55,6 +54,7 @@ public abstract class BaseDomain implements Persistable<String> {
@Version
protected Long documentVersion;
@JsonIgnore
protected Set<Policy> policies;
@JsonIgnore

19
app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
View File

@ -4,17 +4,13 @@ package com.appsmith.server.configurations;
import com.appsmith.server.authentication.handlers.CustomServerOAuth2AuthorizationRequestResolver;
import com.appsmith.server.authentication.handlers.LogoutSuccessHandler;
import com.appsmith.server.constants.Url;
import com.appsmith.server.domains.User;
import com.appsmith.server.services.UserService;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
@ -32,6 +28,7 @@ import org.springframework.web.reactive.function.server.RouterFunctions;
import org.springframework.web.reactive.function.server.ServerResponse;
import java.util.Arrays;
import java.util.HashSet;
import static com.appsmith.server.constants.Url.USER_URL;
@ -103,7 +100,8 @@ public class SecurityConfig {
// This picks up the configurationSource from the bean corsConfigurationSource()
.cors().and()
.csrf().disable()
.anonymous().and()
.anonymous().principal(createAnonymousUser())
.and()
// This returns 401 unauthorized for all requests that are not authenticated but authentication is required
// The client will redirect to the login page if we return 401 as Http status response
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
@ -138,4 +136,13 @@ public class SecurityConfig {
.logoutSuccessHandler(new LogoutSuccessHandler(objectMapper))
.and().build();
}
private User createAnonymousUser() {
User user = new User();
user.setName("anonymousUser");
user.setEmail("anonymousUser");
user.setCurrentOrganizationId("");
user.setOrganizationIds(new HashSet<>());
return user;
}
}

4
app/server/appsmith-server/src/main/java/com/appsmith/server/domains/User.java
View File

@ -64,9 +64,7 @@ public class User extends BaseDomain implements UserDetails {
@Override
public Collection<GrantedAuthority> getAuthorities() {
return permissions.stream().map(permission -> new SimpleGrantedAuthority(permission))
.collect(Collectors.toSet());
// return Set.of(new SimpleGrantedAuthority("ROLE_USER"));
return null;
}
@Override

21
app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/BaseRepositoryImpl.java
View File

@ -2,7 +2,6 @@ package com.appsmith.server.repositories;
import com.appsmith.external.models.BaseDomain;
import com.appsmith.external.models.QBaseDomain;
import com.appsmith.external.models.QPolicy;
import com.appsmith.server.constants.FieldName;
import com.appsmith.server.domains.User;
import lombok.NonNull;
@ -11,7 +10,6 @@ import org.springframework.data.domain.Example;
import org.springframework.data.domain.Sort;
import org.springframework.data.mongodb.core.ReactiveMongoOperations;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.CriteriaDefinition;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.data.mongodb.core.query.Update;
import org.springframework.data.mongodb.repository.query.MongoEntityInformation;
@ -64,15 +62,22 @@ public class BaseRepositoryImpl<T extends BaseDomain, ID extends Serializable> e
protected Criteria userAcl(User user, String permission) {
log.debug("Going to add userAcl");
Criteria userCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
.elemMatch(Criteria.where(fieldName(QPolicy.policy.users)).all(user.getUsername())
.and(fieldName(QPolicy.policy.permissions)).all(permission)
// Criteria userCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
// .elemMatch(Criteria.where(fieldName(QPolicy.policy.users)).all(user.getUsername())
// .and(fieldName(QPolicy.policy.permissions)).all(permission)
// );
Criteria userCriteria = Criteria.where("policies")
.elemMatch(Criteria.where("users").all(user.getUsername())
.and("permissions").all(permission)
);
log.debug("Got the userCriteria: {}", userCriteria);
Criteria groupCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
.elemMatch(Criteria.where(fieldName(QPolicy.policy.groups)).all(user.getGroupIds())
.and(fieldName(QPolicy.policy.permissions)).all(permission));
// Criteria groupCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
// .elemMatch(Criteria.where(fieldName(QPolicy.policy.groups)).all(user.getGroupIds())
// .and(fieldName(QPolicy.policy.permissions)).all(permission));
Criteria groupCriteria = Criteria.where("policies")
.elemMatch(Criteria.where("groups").all(user.getGroupIds())
.and("permissions").all(permission));
log.debug("Got the groupCriteria: {}", groupCriteria);
return new Criteria().orOperator(userCriteria, groupCriteria);

4
app/server/appsmith-server/src/main/java/com/appsmith/server/services/SessionUserServiceImpl.java
View File

@ -20,7 +20,6 @@ public class SessionUserServiceImpl implements SessionUserService {
this.repository = userRepository;
}
@Override
public Mono<User> getCurrentUser() {
return ReactiveSecurityContextHolder.getContext()
@ -29,8 +28,7 @@ public class SessionUserServiceImpl implements SessionUserService {
.flatMap(principal -> {
String email = "";
if (principal instanceof User) {
//Assumption that the user has inputted an email as username during user creation and not english passport name
email = ((User) principal).getUsername();
return Mono.just((User) principal);
} else if (principal instanceof DefaultOAuth2User) {
DefaultOAuth2User defaultOAuth2User = (DefaultOAuth2User) principal;
email = defaultOAuth2User.getName();