wip: test ../ticket endpoint with X509 only

Signed-off-by: Richard Salac <[email protected]>
zowe · Feb 3, 2025 · b4f2f59 · b4f2f59
1 parent e645fa8
commit b4f2f59
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/zaas-service/src/main/java/org/zowe/apiml/zaas/security/config/NewSecurityConfiguration.java b/zaas-service/src/main/java/org/zowe/apiml/zaas/security/config/NewSecurityConfiguration.java
@@ -34,7 +34,6 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
-import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.zowe.apiml.filter.AttlsFilter;
 import org.zowe.apiml.filter.SecureConnectionFilter;
@@ -48,7 +47,6 @@
 import org.zowe.apiml.security.common.error.AuthExceptionHandler;
 import org.zowe.apiml.security.common.filter.CategorizeCertsFilter;
 import org.zowe.apiml.security.common.filter.StoreAccessTokenInfoFilter;
-import org.zowe.apiml.security.common.filter.X509ClientRejectIfMissingFilter;
 import org.zowe.apiml.security.common.handler.FailedAccessTokenHandler;
 import org.zowe.apiml.security.common.handler.FailedAuthenticationHandler;
 import org.zowe.apiml.security.common.handler.SuccessfulAccessTokenHandler;
@@ -371,6 +369,10 @@ public SecurityFilterChain ticketFilterChain(HttpSecurity http) throws Exception
                 ))).authorizeHttpRequests(requests -> requests.anyRequest().authenticated())
                     .authenticationProvider(tokenAuthenticationProvider)
                     .logout(AbstractHttpConfigurer::disable) // logout filter in this chain not needed
+                    //Todo: validate
+                    .x509(x509 -> x509 //default x509 filter, authenticates trusted cert, ticketFilter(..) depends on this
+                        .userDetailsService(new SimpleUserDetailService())
+                    )
                     .with(new CustomSecurityFilters(), withDefaults())
                     .build();
             }
@@ -380,7 +382,8 @@ private class CustomSecurityFilters extends AbstractHttpConfigurer<CustomSecurit
                 public void configure(HttpSecurity http) throws Exception {
                     AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
                     //TODO: check only there is some certificate in SSL context, X509 can remain here
-                    http.addFilterAfter(new X509ClientRejectIfMissingFilter(certificateValidator, authExceptionHandler), X509AuthenticationFilter.class)
+                    http
+                        //.addFilterAfter(new X509ClientRejectIfMissingFilter(certificateValidator, authExceptionHandler), X509AuthenticationFilter.class)
                         .addFilterBefore(ticketFilter("/**", authenticationManager), UsernamePasswordAuthenticationFilter.class);
                 }