Merge tag 'v0.8.9' into develop

LEDfan · LEDfan · commit 0a670904228c · 2021-11-03T16:24:04.000+01:00
0.8.9
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 
 	<groupId>eu.openanalytics</groupId>
 	<artifactId>containerproxy</artifactId>
-	<version>0.8.9-SNAPSHOT</version>
+	<version>0.8.10-SNAPSHOT</version>
 	<name>ContainerProxy</name>
 	<packaging>jar</packaging>
 
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/KeycloakAuthenticationBackend.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/KeycloakAuthenticationBackend.java
@@ -21,6 +21,7 @@
 package eu.openanalytics.containerproxy.auth.impl;
 
 import java.io.Serializable;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
@@ -65,6 +66,8 @@
 import org.springframework.security.core.session.SessionRegistryImpl;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -169,7 +172,10 @@ protected HttpSessionManager httpSessionManager() {
 	@Bean
 	@ConditionalOnProperty(name="proxy.authentication", havingValue="keycloak")
 	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+		return new CompositeSessionAuthenticationStrategy(Arrays.asList(
+			new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()),
+			new ChangeSessionIdAuthenticationStrategy()
+		));
 	}
 
 	@Bean
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java
@@ -70,6 +70,7 @@
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import javax.inject.Inject;
@@ -337,6 +338,7 @@ public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
 		samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager);
 		samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
 		samlWebSSOProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
+		samlWebSSOProcessingFilter.setSessionAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
 		return samlWebSSOProcessingFilter;
 	}
 
