Allow everyone to register clients

2025-04-24 16:35:03 +02:00 · 2025-04-24 16:35:03 +02:00 · c48eee489b
commit c48eee489b
parent 29924e6d42
6 changed files with 9 additions and 26 deletions
--- a/src/main/java/se/su/dsv/oauth2/AuthorizationServer.java
+++ b/src/main/java/se/su/dsv/oauth2/AuthorizationServer.java
@ -175,14 +175,11 @@ public class AuthorizationServer extends SpringBootServletInitializer {
     */
    @Bean
    @Order(2)
-    public SecurityFilterChain defaultSecurityFilterChain(
-            HttpSecurity http,
-            Config config)
+    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
            throws Exception
    {

        http.authorizeHttpRequests(authorize -> authorize
-                .requestMatchers("/admin/**").hasAuthority(Entitlement.asAuthority(config.adminEntitlement()))
                .anyRequest().authenticated());

        http.exceptionHandling(exceptions -> exceptions
--- a/src/main/java/se/su/dsv/oauth2/Config.java
+++ b/src/main/java/se/su/dsv/oauth2/Config.java
@ -3,7 +3,7 @@ package se.su.dsv.oauth2;
 import org.springframework.boot.context.properties.ConfigurationProperties;

@ConfigurationProperties("se.su.dsv.oauth2")
-public record Config(String adminEntitlement, String developerEntitlement, RSAKeyPair rsaKeyPair) {
+public record Config(String developerEntitlement, RSAKeyPair rsaKeyPair) {
    record RSAKeyPair(String kid, String modulus, String privateExponent, String publicExponent) {
    }
 }
--- a/src/main/java/se/su/dsv/oauth2/dev/DevConfiguration.java
+++ b/src/main/java/se/su/dsv/oauth2/dev/DevConfiguration.java
@ -13,7 +13,7 @@ import se.su.dsv.oauth2.Config;
 public class DevConfiguration {
    @Bean
    public FilterRegistrationBean<HttpFilter> fakeSSO(SecurityProperties securityProperties, Config config) {
-        var filter = new FilterRegistrationBean<HttpFilter>(new FakeSSOFilter(config.adminEntitlement(), config.developerEntitlement()));
+        var filter = new FilterRegistrationBean<HttpFilter>(new FakeSSOFilter(config.developerEntitlement()));
        filter.setOrder(securityProperties.getFilter().getOrder() - 1);
        return filter;
    }
--- a/src/main/resources/application-dev.properties
+++ b/src/main/resources/application-dev.properties
@ -1,4 +1,3 @@
-se.su.dsv.oauth2.admin-entitlement=oauth2-admin
 se.su.dsv.oauth2.developer-entitlement=oauth2-developer
 gg.jte.templateLocation=src/main/resources/templates
 gg.jte.developmentMode=true
--- a/src/test/java/se/su/dsv/oauth2/web/AdminControllerTest.java
+++ b/src/test/java/se/su/dsv/oauth2/web/AdminControllerTest.java
@ -9,22 +9,15 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.testcontainers.containers.MariaDBContainer;
 import org.testcontainers.junit.jupiter.Container;
 import org.testcontainers.junit.jupiter.Testcontainers;
-import se.su.dsv.oauth2.shibboleth.Entitlement;

 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;

-@SpringBootTest(
-        properties = {
-                "se.su.dsv.oauth2.admin-entitlement=" + AdminControllerTest.ADMIN_ENTITLEMENT
-        }
-)
+@SpringBootTest
@Testcontainers
@AutoConfigureMockMvc
 class AdminControllerTest {
-    static final String ADMIN_ENTITLEMENT = "ADMIN";
-
    @Container
    @ServiceConnection
    static MariaDBContainer<?> mariaDBContainer = new MariaDBContainer<>("mariadb:10.11");
@ -39,9 +32,9 @@ class AdminControllerTest {
    }

    @Test
-    void is_accessible_with_admin_authority() throws Exception {
+    void is_accessible_when_logged_in() throws Exception {
        mockMvc.perform(get("/admin")
-                        .with(user("admin").authorities(new Entitlement(ADMIN_ENTITLEMENT))))
+                        .with(user("admin")))
                .andExpect(status().isOk());
    }
 }
--- a/src/test/java/se/su/dsv/oauth2/web/client/ClientAdminControllerTest.java
+++ b/src/test/java/se/su/dsv/oauth2/web/client/ClientAdminControllerTest.java
@ -26,14 +26,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static se.su.dsv.oauth2.ShibbolethRequestProcessor.remoteUser;

@SpringBootTest(properties = {
-        "se.su.dsv.oauth2.admin-entitlement=" + ClientAdminControllerTest.ADMIN_ENTITLEMENT,
        "se.su.dsv.oauth2.developer-entitlement=" + ClientAdminControllerTest.DEVELOPER_ENTITLEMENT
 })
@AutoConfigureMockMvc
@Transactional
@Rollback
 public class ClientAdminControllerTest {
-    public static final String ADMIN_ENTITLEMENT = "admin";
    public static final String DEVELOPER_ENTITLEMENT = "developer";

    @ServiceConnection
@ -54,8 +52,7 @@ public class ClientAdminControllerTest {

        MvcResult creationResult = mockMvc.perform(post("/admin/client/new")
                        .with(csrf())
-                        .with(remoteUser("admin")
-                                .entitlement(ADMIN_ENTITLEMENT))
+                        .with(remoteUser("admin"))
                        .formField("name", name)
                        .formField("contact", contactEmail)
                        .formField("redirectUri", redirectUri)
@ -68,8 +65,7 @@ public class ClientAdminControllerTest {
        assertNotNull(viewClientUrl);

        mockMvc.perform(get(viewClientUrl)
-                .with(remoteUser("admin")
-                        .entitlement(ADMIN_ENTITLEMENT)))
+                .with(remoteUser("admin")))
                .andExpect(content().string(containsString(name)))
                .andExpect(content().string(containsString(contactEmail)))
                .andExpect(content().string(containsString(redirectUri)))
@ -85,8 +81,7 @@ public class ClientAdminControllerTest {

        MvcResult creationResult = mockMvc.perform(post("/admin/client/new")
                        .with(csrf())
-                        .with(remoteUser(principal)
-                                .entitlement(ADMIN_ENTITLEMENT))
+                        .with(remoteUser(principal))
                        .formField("name", name)
                        .formField("contact", contactEmail)
                        .formField("redirectUri", redirectUri))
@ -114,7 +109,6 @@ public class ClientAdminControllerTest {
        MvcResult creationResult = mockMvc.perform(post("/admin/client/new")
                        .with(csrf())
                        .with(remoteUser(principal)
-                                .entitlement(ADMIN_ENTITLEMENT)
                                .entitlement(DEVELOPER_ENTITLEMENT))
                        .formField("name", name)
                        .formField("contact", contactEmail)