WIP for removing GUI related functionality

src/main/java/pdp/PdpApplication.java

@@ -12,17 +12,13 @@
 import org.springframework.boot.autoconfigure.freemarker.FreeMarkerAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import pdp.policies.PolicyLoader;
 import pdp.repositories.PdpPolicyRepository;
 import pdp.sab.SabClient;
 import pdp.stats.StatsContextHolder;
 import pdp.teams.VootClient;
-import pdp.web.SessionAliveInterceptor;
 import pdp.xacml.PDPEngineHolder;
 
 import java.io.IOException;
@@ -66,13 +62,4 @@ public PDPEngineHolder pdpEngine(
         return new PDPEngineHolder(pdpPolicyRepository, vootClient, sabClient);
     }
 
-    @Configuration
-    public static class WebMvcConfig implements WebMvcConfigurer {
-
-    @Override
-        public void addInterceptors(InterceptorRegistry registry) {
-            registry.addInterceptor(new SessionAliveInterceptor());
-        }
-    }
-
 }

src/main/java/pdp/WebSecurityConfig.java

@@ -4,23 +4,14 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
-import org.springframework.core.env.Environment;
-import org.springframework.core.env.Profiles;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
-import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import org.springframework.security.web.csrf.CsrfFilter;
 import pdp.access.BasicAuthenticationProvider;
-import pdp.access.PolicyIdpAccessEnforcerFilter;
 import pdp.manage.Manage;
-import pdp.web.CsrfProtectionMatcher;
-import pdp.web.CsrfTokenResponseHeaderBindingFilter;
 
 @Configuration
 @EnableWebSecurity
@@ -38,7 +29,6 @@ public void configureGlobal(AuthenticationManagerBuilder auth) {
         BasicAuthenticationProvider basicAuthenticationProvider =
                 new BasicAuthenticationProvider(policyEnforcementPointUserName, policyEnforcementPointPassword);
         auth.authenticationProvider(basicAuthenticationProvider);
-
     }
 
     @Configuration
@@ -62,10 +52,6 @@ protected void configure(HttpSecurity http) throws Exception {
                     .and()
                     .csrf()
                     .disable()
-                    .addFilterBefore(
-                            new PolicyIdpAccessEnforcerFilter(authenticationManager(), manage),
-                            BasicAuthenticationFilter.class
-                    )
                     .authorizeRequests()
                     .antMatchers("/protected/**", "/decide/policy", "/manage/**")
                     .hasAnyRole("PEP", "ADMIN");

src/main/java/pdp/access/BasicAuthenticationProvider.java

@@ -5,17 +5,23 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import java.util.Collection;
+
+import static org.springframework.security.core.authority.AuthorityUtils.createAuthorityList;
 import static org.springframework.util.Assert.notNull;
-import static pdp.access.FederatedUserBuilder.apiAuthorities;
 
 /**
  * EngineBlock and Dashboard call the PDP and we don't want to use OAuth for this as
  * they are trusted clients
  */
 public class BasicAuthenticationProvider implements AuthenticationProvider {
 
+    private static final Collection<? extends GrantedAuthority> API_AUTHORITIES = createAuthorityList("ROLE_USER", "ROLE_PEP");
+
+
     private final String userName;
     private final String password;
 
@@ -37,9 +43,9 @@ public Authentication authenticate(Authentication authentication) throws Authent
             throw new BadCredentialsException("Bad credentials");
         }
         return new UsernamePasswordAuthenticationToken(
-            authentication.getPrincipal(),
-            authentication.getCredentials(),
-            apiAuthorities);
+                authentication.getPrincipal(),
+                authentication.getCredentials(),
+                API_AUTHORITIES);
     }
 
     @Override

src/main/java/pdp/access/FederatedUserBuilder.java

@@ -21,7 +21,6 @@ public class FederatedUserBuilder {
 
     private static final Collection<? extends GrantedAuthority> shibAuthorities = createAuthorityList("ROLE_USER", "ROLE_ADMIN");
 
-    public static final Collection<? extends GrantedAuthority> apiAuthorities = createAuthorityList("ROLE_USER", "ROLE_PEP");
 
     //shib headers
     public static final String UID_HEADER_NAME = "uid";