[#9885] Apply ConditionalOnProperties to BasicLogin module

pinpoint-apm · emeroad · Apr 20, 2023 · Apr 20, 2023 · Apr 20, 2023 · ff6ba5c2d9a9054911690e495d8a7015e0ef8020
commit ff6ba5c2d9a9054911690e495d8a7015e0ef8020
diff --git a/basic-login/README.md b/basic-login/README.md
@@ -1 +1,3 @@
 # pinpoint-basic-login
+
+Use `-Dpinpoint.modules.web.login=basicLogin` to enable basic login.
diff --git a/basic-login/pom.xml b/basic-login/pom.xml
@@ -39,6 +39,10 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-config</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-autoconfigure</artifactId>
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
@@ -77,7 +81,7 @@
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
         </dependency>
-     </dependencies>
+    </dependencies>
 
     <build>
         <plugins>

diff --git a/basic-login/src/main/java/com/navercorp/pinpoint/login/basic/PinpointBasicLoginConfig.java b/basic-login/src/main/java/com/navercorp/pinpoint/login/basic/PinpointBasicLoginConfig.java
@@ -22,46 +22,56 @@
 import com.navercorp.pinpoint.login.basic.service.JwtRequestFilter;
 import com.navercorp.pinpoint.login.basic.service.PreAuthenticationCheckFilter;
 import com.navercorp.pinpoint.login.basic.service.SaveJwtTokenAuthenticationSuccessHandler;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
-import org.springframework.context.annotation.Profile;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 
 import java.util.Objects;
 
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
+
 /**
  * @author Taejin Koo
  */
 @Configuration
 @EnableWebSecurity
 @Import(BasicLoginConfiguration.class)
-@Profile("basicLogin")
-public class PinpointBasicLoginConfig extends WebSecurityConfigurerAdapter {
+@ConditionalOnProperty(name = "pinpoint.modules.web.login", havingValue = "basicLogin")
+public class PinpointBasicLoginConfig {
 
     private final BasicLoginService basicLoginService;
 
     public PinpointBasicLoginConfig(BasicLoginService basicLoginService) {
         this.basicLoginService = Objects.requireNonNull(basicLoginService, "basicLoginService");
     }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+
+    @Bean
+    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
+        AuthenticationManagerBuilder auth = http.getSharedObject(AuthenticationManagerBuilder.class);
+
         auth.eraseCredentials(false);
         auth.userDetailsService(basicLoginService.getUserDetailsService());
+        return auth.build();
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain configure(HttpSecurity http) throws Exception {
         // for common
         http
                 .csrf().disable()
@@ -76,28 +86,23 @@ protected void configure(HttpSecurity http) throws Exception {
                 .deleteCookies(BasicLoginConstants.PINPOINT_JWT_COOKIE_NAME);
 
         // for admin
-        http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN")
+        http.authorizeHttpRequests().requestMatchers(antMatcher("/admin/**")).hasRole("ADMIN")
                 .and()
                 .exceptionHandling()
                 .accessDeniedPage(BasicLoginConstants.URI_NOT_AUTHORIZED);
 
         // for user
-        http.authorizeRequests().anyRequest().authenticated();
+        http.authorizeHttpRequests().anyRequest().authenticated();
 
         http.addFilterBefore(new JwtRequestFilter(basicLoginService), UsernamePasswordAuthenticationFilter.class);
 
         http.addFilterBefore(new PreAuthenticationCheckFilter(), DefaultLoginPageGeneratingFilter.class);
+        return http.build();
     }
 
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
-    @Override
-    @Bean
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
-    }
-
-} 
+}
diff --git a/web/src/main/resources/application.yml b/web/src/main/resources/application.yml
@@ -14,5 +14,10 @@ server:
     whitelabel:
       enabled: true
 
-# github or url
-pinpoint.modules.web.install.type: github
+pinpoint.modules.web:
+    # github or url
+    install.type: github
+    # basicLogin
+    login:
+
+