refactor: remove spring security (#1962)

pom.xml

@@ -13,7 +13,6 @@
         <hibernate.version>5.6.15.Final</hibernate.version>
         <jetty.version>10.0.22</jetty.version>
         <spring.version>5.3.18</spring.version>
-        <spring.security.version>5.6.2</spring.security.version>
         <surefire-plugin.version>3.1.2</surefire-plugin.version>
     </properties>
 
@@ -335,23 +334,6 @@
             <version>${spring.version}</version>
         </dependency>
 
-        <!-- Spring Security -->
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-web</artifactId>
-            <version>${spring.security.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-config</artifactId>
-            <version>${spring.security.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-taglibs</artifactId>
-            <version>${spring.security.version}</version>
-        </dependency>
-
         <!-- Log4j 2 -->
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>

src/main/java/ai/elimu/web/SignOnController.java

@@ -46,9 +46,6 @@ public String handleOfflineSignOnRequest(HttpServletRequest request) {
             // Fetch the test user that was created in DbContentImportHelper during application launch
             Contributor contributor = contributorDao.read("[email protected]");
 
-            // Authenticate
-            new CustomAuthenticationManager().authenticateUser(contributor);
-
             // Add Contributor object to session
             request.getSession().setAttribute("contributor", contributor);
 

src/main/java/ai/elimu/web/SignOnControllerDiscord.java

@@ -159,7 +159,6 @@ public String handleCallback(HttpServletRequest request) throws IOException, Int
                 if (contributor.getEmail() == null) {
                     // Ask the Contributor to add their e-mail manually
                     request.getSession().setAttribute("contributor", contributor);
-                    new CustomAuthenticationManager().authenticateUser(contributor);
                     return "redirect:/content/contributor/add-email";
                 }
                 contributorDao.create(contributor);
@@ -180,7 +179,6 @@ public String handleCallback(HttpServletRequest request) throws IOException, Int
 
                 contributor = existingContributor;
             }
-            new CustomAuthenticationManager().authenticateUser(contributor);
 
             // Add Contributor object to session
             request.getSession().setAttribute("contributor", contributor);

src/main/java/ai/elimu/web/SignOnControllerGitHub.java

@@ -165,7 +165,6 @@ public String handleCallback(HttpServletRequest request, Model model) {
                 if (contributor.getEmail() == null) {
                     // Ask the Contributor to add her e-mail manually
                     request.getSession().setAttribute("contributor", contributor);
-                    new CustomAuthenticationManager().authenticateUser(contributor);
                     return "redirect:/content/contributor/add-email";
                 }
                 contributorDao.create(contributor);
@@ -193,9 +192,6 @@ public String handleCallback(HttpServletRequest request, Model model) {
                 contributor = existingContributor;
             }
 
-            // Authenticate
-            new CustomAuthenticationManager().authenticateUser(contributor);
-
             // Add Contributor object to session
             request.getSession().setAttribute("contributor", contributor);
 

src/main/java/ai/elimu/web/SignOnControllerSelenium.java

@@ -59,9 +59,6 @@ public String handleRequest(
             logger.info("Contributor " + contributor.getEmail() + " was created at " + request.getServerName());
         }
 
-        // Authenticate
-        new CustomAuthenticationManager().authenticateUser(contributor);
-
         // Add Contributor object to session
         request.getSession().setAttribute("contributor", contributor);
 

src/main/java/ai/elimu/web/SignOnControllerWeb3.java

@@ -101,9 +101,6 @@ public String handleAuthorization(
         } else {
             contributor = existingContributor;
         }
-
-         // Authenticate
-        new CustomAuthenticationManager().authenticateUser(contributor);
 
         // Add Contributor object to session
         request.getSession().setAttribute("contributor", contributor);

src/main/java/ai/elimu/web/SignOutController.java

@@ -0,0 +1,26 @@
+package ai.elimu.web;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+@Controller
+@RequestMapping("/sign-out")
+public class SignOutController {
+
+    private Logger logger = LogManager.getLogger();
+
+    @RequestMapping(method = RequestMethod.GET)
+    public String handleRequest(HttpServletRequest request) {
+        logger.debug("handleRequest");
+
+        // Remove Contributor object from session
+        request.getSession().removeAttribute("contributor");
+
+        return "redirect:/sign-on?signed_out";
+    }
+}

src/main/java/ai/elimu/web/content/MainContentController.java

@@ -5,8 +5,6 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import org.apache.commons.lang.StringUtils;
-
 import org.apache.logging.log4j.Logger;
 import ai.elimu.dao.AudioDao;
 import ai.elimu.dao.ContributorDao;
@@ -23,14 +21,11 @@
 import ai.elimu.dao.WordContributionEventDao;
 import ai.elimu.dao.WordDao;
 import ai.elimu.model.contributor.Contributor;
-import ai.elimu.model.v2.enums.Environment;
-import ai.elimu.web.context.EnvironmentContextLoaderListener;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -99,24 +94,6 @@ public String handleRequest(
             Model model) {
         logger.info("handleRequest");
 
-        // Check if the Contributor has not yet provided all required details
-        Contributor contributor = (Contributor) session.getAttribute("contributor");
-        if (StringUtils.isBlank(contributor.getEmail())) {
-            return "redirect:/content/contributor/add-email";
-        } else if (StringUtils.isBlank(contributor.getFirstName()) || StringUtils.isBlank(contributor.getLastName())) {
-            return "redirect:/content/contributor/edit-name";
-        } else if (StringUtils.isBlank(contributor.getMotivation()) && (EnvironmentContextLoaderListener.env != Environment.DEV)) {
-            return "redirect:/content/contributor/edit-motivation";
-        } else {
-            // Redirect to originally requested URL
-            DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
-            logger.info("defaultSavedRequest: " + defaultSavedRequest);
-            if (defaultSavedRequest != null) {
-                logger.info("Redirecting to " + defaultSavedRequest.getServletPath());
-                return "redirect:" + defaultSavedRequest.getServletPath();
-            }
-        }
-
         model.addAttribute("letterCount", letterDao.readCount());
         model.addAttribute("soundCount", soundDao.readCount());
         model.addAttribute("letterSoundCount", letterSoundDao.readCount());

src/main/webapp/WEB-INF/jsp/admin/layout.jsp

@@ -98,16 +98,16 @@
                             <li><a href="<spring:url value='/contributor/edit-name' />"><i class="material-icons left">mode_edit</i><fmt:message key="edit.name" /></a></li>
                             <%--<li class="divider"></li>
                             <li><a href="<spring:url value='/content/contributor/edit-email' />"><i class="material-icons left">mail</i><fmt:message key="edit.email" /></a></li>--%>
-                            <sec:authorize access="hasRole('ROLE_ADMIN')">
+                            <c:if test="${fn:contains(contributor.roles, 'ADMIN')}">
                                 <li class="divider"></li>
                                 <li><a href="<spring:url value='/admin' />"><i class="material-icons left">build</i><fmt:message key="administration" /></a></li>
-                            </sec:authorize>
-                            <sec:authorize access="hasRole('ROLE_ANALYST')">
+                            </c:if>
+                            <c:if test="${fn:contains(contributor.roles, 'ANALYST')}">
                                 <li class="divider"></li>
                                 <li><a href="<spring:url value='/analytics' />"><i class="material-icons left">timeline</i><fmt:message key="analytics" /></a></li>
-                            </sec:authorize>
+                            </c:if>
                             <li class="divider"></li>
-                            <li><a id="logout" href="<spring:url value='/logout' />"><i class="material-icons left">power_settings_new</i><fmt:message key="sign.out" /></a></li>
+                            <li><a id="logout" href="<spring:url value='/sign-out' />"><i class="material-icons left">power_settings_new</i><fmt:message key="sign.out" /></a></li>
                         </ul>
                     </ul>
 

src/main/webapp/WEB-INF/jsp/content/layout.jsp

@@ -204,16 +204,16 @@
                             <li><a href="<spring:url value='/content/contributor/edit-name' />"><i class="material-icons left">mode_edit</i><fmt:message key="edit.name" /></a></li>
                             <%--<li class="divider"></li>
                             <li><a href="<spring:url value='/content/contributor/edit-email' />"><i class="material-icons left">mail</i><fmt:message key="edit.email" /></a></li>--%>
-                            <sec:authorize access="hasRole('ROLE_ADMIN')">
+                            <c:if test="${fn:contains(contributor.roles, 'ADMIN')}">
                                 <li class="divider"></li>
                                 <li><a href="<spring:url value='/admin' />"><i class="material-icons left">build</i><fmt:message key="administration" /></a></li>
-                            </sec:authorize>
-                            <sec:authorize access="hasRole('ROLE_ANALYST')">
+                            </c:if>
+                            <c:if test="${fn:contains(contributor.roles, 'ANALYST')}">
                                 <li class="divider"></li>
                                 <li><a href="<spring:url value='/analytics' />"><i class="material-icons left">timeline</i><fmt:message key="analytics" /></a></li>
-                            </sec:authorize>
+                            </c:if>
                             <li class="divider"></li>
-                            <li><a  id="logout" href="<spring:url value='/logout' />"><i class="material-icons left">power_settings_new</i><fmt:message key="sign.out" /></a></li>
+                            <li><a id="logout" href="<spring:url value='/sign-out' />"><i class="material-icons left">power_settings_new</i><fmt:message key="sign.out" /></a></li>
                         </ul>
                     </ul>
 

src/main/webapp/WEB-INF/jsp/content/multimedia/image/edit.jsp

@@ -95,9 +95,9 @@
             <button id="submitButton" class="btn-large waves-effect waves-light" type="submit">
                 <fmt:message key="edit" /> <i class="material-icons right">send</i>
             </button>
-            <sec:authorize access="hasRole('ROLE_EDITOR')">
+            <c:if test="${fn:contains(contributor.roles, 'EDITOR')}">
                 <a href="<spring:url value='/content/multimedia/image/delete/${image.id}' />" class="waves-effect waves-red red-text btn-flat right"><fmt:message key="delete" /></a>
-            </sec:authorize>
+            </c:if>
         </form:form>
     </div>
 

src/main/webapp/WEB-INF/jsp/content/storybook/edit.jsp

@@ -96,9 +96,9 @@
 
     <c:forEach var="storyBookChapter" items="${storyBookChapters}" varStatus="status">
         <a name="ch-id-${storyBookChapter.id}"></a>
-        <sec:authorize access="hasRole('ROLE_EDITOR')">
+        <c:if test="${fn:contains(contributor.roles, 'EDITOR')}">
             <a class="storyBookChapterDeleteLink right red-text" style="margin-top: 1em;" href="<spring:url value='/content/storybook/edit/${storyBook.id}/chapter/delete/${storyBookChapter.id}' />"><i class="material-icons" title="<fmt:message key='delete' />">delete</i></a>
-        </sec:authorize>
+        </c:if>
         <h5 style="margin-top: 1em;" class="grey-text"><fmt:message key="chapter" />&nbsp;${storyBookChapter.sortOrder + 1}/${fn:length(storyBookChapters)}</h5>
         <div class="card-panel storyBookChapter">
             <c:if test="${not empty storyBookChapter.image}">

src/main/webapp/WEB-INF/jsp/content/storybook/paragraph/edit.jsp

@@ -31,9 +31,9 @@
             <button id="submitButton" class="btn-large waves-effect waves-light" type="submit">
                 <fmt:message key="edit" /> <i class="material-icons right">send</i>
             </button>
-            <sec:authorize access="hasRole('ROLE_EDITOR')">
+            <c:if test="${fn:contains(contributor.roles, 'EDITOR')}">
                 <a href="<spring:url value='/content/storybook/paragraph/delete/${storyBookParagraph.id}' />" class="waves-effect waves-red red-text btn-flat right"><fmt:message key="delete" /></a>
-            </sec:authorize>
+            </c:if>
         </form:form>
     </div>
 </content:section>

src/main/webapp/WEB-INF/jsp/content/word/edit.jsp

@@ -166,9 +166,9 @@
             <button id="submitButton" class="btn-large waves-effect waves-light" type="submit">
                 <fmt:message key="edit" /> <i class="material-icons right">send</i>
             </button>
-            <sec:authorize access="hasRole('ROLE_EDITOR')">
+            <c:if test="${fn:contains(contributor.roles, 'EDITOR')}">
                 <a href="<spring:url value='/content/word/delete/${word.id}' />" class="waves-effect waves-red red-text btn-flat right"><fmt:message key="delete" /></a>
-            </sec:authorize>
+            </c:if>
         </form:form>
     </div>
 

src/main/webapp/WEB-INF/jsp/layout.jsp

@@ -59,7 +59,7 @@
                         <a id="logo-container" href="<spring:url value='/' />" class="brand-logo">
                             <img src="<spring:url value='/static/img/logo-text-256x77.png' />" alt="elimu.ai" />
                         </a>
-                        <sec:authorize access="!hasAnyRole('ROLE_ADMIN','ROLE_CONTRIBUTOR')">
+                        <c:if test="${empty contributor}">
                             <ul class="right hide-on-med-and-down">
                                 <li><a href="<spring:url value='/sign-on' />"><fmt:message key="sign.on" /></a></li>
                             </ul>
@@ -111,8 +111,8 @@
                                 </c:choose>
                                 <li><a class="btn signOnBtn" href="<spring:url value='/sign-on' />"><fmt:message key="sign.on" /></a></li>
                             </ul>
-                        </sec:authorize>
-                        <sec:authorize access="hasAnyRole('ROLE_ADMIN','ROLE_CONTRIBUTOR')">
+                        </c:if>
+                        <c:if test="${not empty contributor}">
                             <ul id="nav-mobile" class="side-nav">
                                 <li>
                                     <a class="btn tokenButtonSideNav" href="<spring:url value='/sign-on/web3' />">
@@ -157,7 +157,7 @@
                                     </div>
                                 </a>
                             </ul>
-                        </sec:authorize>
+                        </c:if>
 
                         <ul class="right">
                             <script>

src/main/webapp/WEB-INF/jsp/taglibs.jsp

@@ -1,7 +1,6 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
-<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@ taglib prefix="content" uri="/WEB-INF/tlds/content" %>

src/main/webapp/WEB-INF/web.xml

@@ -48,14 +48,6 @@
         <servlet-name>dispatcher</servlet-name>
         <url-pattern>/</url-pattern>
     </servlet-mapping>
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-    <filter-mapping>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <servlet-name>dispatcher</servlet-name>
-    </filter-mapping>
     <filter>
         <filter-name>httpMethodFilter</filter-name>
         <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>