Last active
July 22, 2016 11:24
-
-
Save scorchio/07b6c6e03ec04a9da70791a0e0478f5f to your computer and use it in GitHub Desktop.
IEFixerFilter: workaround to get Waffle + Spring Security working in Internet Explorer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // package | |
| import org.slf4j.Logger; | |
| import org.slf4j.LoggerFactory; | |
| import org.springframework.stereotype.Component; | |
| import org.springframework.web.filter.GenericFilterBean; | |
| import javax.servlet.FilterChain; | |
| import javax.servlet.ServletException; | |
| import javax.servlet.ServletRequest; | |
| import javax.servlet.ServletResponse; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletRequestWrapper; | |
| import java.io.IOException; | |
| import java.util.ArrayList; | |
| import java.util.Collections; | |
| import java.util.Enumeration; | |
| import java.util.List; | |
| @Component | |
| public final class IEFixerFilter extends GenericFilterBean { | |
| private final Logger log = LoggerFactory.getLogger(this.getClass()); | |
| private class IEFixerRequestWrapper extends HttpServletRequestWrapper { | |
| private IEFixerRequestWrapper(HttpServletRequest request) { | |
| super(request); | |
| } | |
| @Override | |
| public String getHeader(String name) { | |
| if (name.toLowerCase().equals("authorization")) { | |
| return null; | |
| } | |
| return super.getHeader(name); | |
| } | |
| @Override | |
| public Enumeration<String> getHeaderNames() { | |
| List<String> list = new ArrayList<>(); | |
| HttpServletRequest request = (HttpServletRequest)getRequest(); | |
| Enumeration e = request.getHeaderNames(); | |
| while (e.hasMoreElements()) { | |
| String n = (String)e.nextElement(); | |
| if (!n.equals("authorization") && !n.equals("Authorization")) { | |
| list.add(n); | |
| } | |
| } | |
| return Collections.enumeration(list); | |
| } | |
| } | |
| @Override | |
| public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { | |
| if (request instanceof HttpServletRequest) { | |
| HttpServletRequest req = (HttpServletRequest) request; | |
| if (req.getCookies() != null && | |
| (req.getHeader("authorization") != null || req.getHeader("Authorization") != null)) { | |
| IEFixerRequestWrapper alteredReq = new IEFixerRequestWrapper(req); | |
| chain.doFilter(alteredReq, response); | |
| } | |
| else { | |
| chain.doFilter(req, response); | |
| } | |
| } | |
| else { | |
| chain.doFilter(request, response); | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // package | |
| import org.slf4j.Logger; | |
| import org.slf4j.LoggerFactory; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
| import org.springframework.security.config.annotation.web.builders.WebSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | |
| import org.springframework.security.config.http.SessionCreationPolicy; | |
| import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; | |
| import waffle.servlet.spi.BasicSecurityFilterProvider; | |
| import waffle.servlet.spi.NegotiateSecurityFilterProvider; | |
| import waffle.servlet.spi.SecurityFilterProvider; | |
| import waffle.servlet.spi.SecurityFilterProviderCollection; | |
| import waffle.spring.NegotiateSecurityFilter; | |
| import waffle.spring.NegotiateSecurityFilterEntryPoint; | |
| import waffle.windows.auth.impl.WindowsAuthProviderImpl; | |
| @EnableWebSecurity | |
| public class SecurityConfig extends WebSecurityConfigurerAdapter { | |
| private final Logger log = LoggerFactory.getLogger(this.getClass()); | |
| @Bean | |
| public WindowsAuthProviderImpl windowsAuthProvider() { | |
| return new WindowsAuthProviderImpl(); | |
| } | |
| @Bean | |
| @Autowired | |
| public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(WindowsAuthProviderImpl authProvider) { | |
| return new NegotiateSecurityFilterProvider(authProvider); | |
| } | |
| @Bean | |
| @Autowired | |
| public BasicSecurityFilterProvider basicSecurityFilterProvider(WindowsAuthProviderImpl authProvider) { | |
| return new BasicSecurityFilterProvider(authProvider); | |
| } | |
| @Bean | |
| @Autowired | |
| public SecurityFilterProviderCollection filterProviderCollection( | |
| NegotiateSecurityFilterProvider negotiateSecurityFilterProvider, | |
| BasicSecurityFilterProvider basicSecurityFilterProvider) { | |
| return new SecurityFilterProviderCollection(new SecurityFilterProvider[]{ | |
| negotiateSecurityFilterProvider, basicSecurityFilterProvider | |
| }); | |
| } | |
| private NegotiateSecurityFilter negotiateFilter; | |
| @Bean | |
| @Autowired | |
| public NegotiateSecurityFilter negotiateSecurityFilter(SecurityFilterProviderCollection filterProviderCollection) { | |
| negotiateFilter = new NegotiateSecurityFilter(); | |
| negotiateFilter.setProvider(filterProviderCollection); | |
| negotiateFilter.setImpersonate(true); | |
| negotiateFilter.setAllowGuestLogin(false); | |
| negotiateFilter.setPrincipalFormat("fqn"); | |
| negotiateFilter.setRoleFormat("both"); | |
| return negotiateFilter; | |
| } | |
| @Autowired | |
| private NegotiateSecurityFilterEntryPoint entryPoint; | |
| @Bean | |
| @Autowired | |
| public NegotiateSecurityFilterEntryPoint filterEntryPoint(SecurityFilterProviderCollection filterProviderCollection) { | |
| entryPoint = new NegotiateSecurityFilterEntryPoint(); | |
| entryPoint.setProvider(filterProviderCollection); | |
| return entryPoint; | |
| } | |
| @Bean | |
| public IEFixerFilter ieFilter() { | |
| return new IEFixerFilter(); | |
| } | |
| @Override | |
| protected void configure(HttpSecurity http) throws Exception { | |
| http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS) | |
| .and() | |
| .httpBasic().disable() | |
| .authorizeRequests() | |
| .antMatchers("/**").authenticated() | |
| .and() | |
| .addFilterBefore(negotiateFilter, BasicAuthenticationFilter.class) | |
| .addFilterAfter(ieFilter(), waffle.spring.NegotiateSecurityFilter.class) | |
| .exceptionHandling().authenticationEntryPoint(entryPoint); | |
| } | |
| @Override | |
| public void configure(WebSecurity web) throws Exception { | |
| web | |
| .ignoring() | |
| .antMatchers("/static/**"); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is sample code for a discussion on the Waffle mailing list.