LMSA-9652 - added event authorization event publisher and removed the…

pom.xml

@@ -62,8 +62,8 @@
         <java.version>21</java.version>
         <jquery.version>3.7.1</jquery.version>
         <lms-canvas-rivet.version>6.2.8.1_1</lms-canvas-rivet.version>
-        <lms-embedded-services.version>6.0.9</lms-embedded-services.version>
-        <lms-team-spring-boot-it12>6.5.0</lms-team-spring-boot-it12>
+        <lms-embedded-services.version>6.1.4-SNAPSHOT</lms-embedded-services.version>
+        <lms-team-spring-boot-it12>6.5.1-SNAPSHOT</lms-team-spring-boot-it12>
         <opencsv.version>5.10</opencsv.version>
         <spring-cloud-starter-parent.version>2023.0.5</spring-cloud-starter-parent.version>
         <springdoc-openapi-ui.version>2.5.0</springdoc-openapi-ui.version>

src/main/java/edu/iu/uits/lms/canvasnotifier/config/LmsAuthorizationEventPublisher.java

@@ -0,0 +1,29 @@
+package edu.iu.uits.lms.canvasnotifier.config;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationEventPublisher;
+import org.springframework.security.authorization.event.AuthorizationEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import java.util.function.Supplier;
+
+@Profile("it12")
+@Component
+@Slf4j
+public class LmsAuthorizationEventPublisher implements AuthorizationEventPublisher {
+    private ApplicationEventPublisher applicationEventPublisher;
+
+    public LmsAuthorizationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+        this.applicationEventPublisher = applicationEventPublisher;
+    }
+
+    @Override
+    public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication,
+                                              T object, AuthorizationDecision decision) {
+        applicationEventPublisher.publishEvent(new AuthorizationEvent(authentication, object, decision));
+    }
+}

src/main/java/edu/iu/uits/lms/canvasnotifier/config/SecurityConfig.java

@@ -34,8 +34,6 @@
  */
 
 import edu.iu.uits.lms.canvasnotifier.repository.UserRepository;
-import edu.iu.uits.lms.common.it12logging.LmsFilterSecurityInterceptorObjectPostProcessor;
-import edu.iu.uits.lms.common.it12logging.RestSecurityLoggingConfig;
 import edu.iu.uits.lms.common.oauth.CustomJwtAuthenticationConverter;
 import edu.iu.uits.lms.lti.repository.DefaultInstructorRoleRepository;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -71,9 +69,7 @@ public SecurityFilterChain restFilterChain(HttpSecurity http) throws Exception {
                 )
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .oauth2ResourceServer(oauth -> oauth
-                        .jwt(jwt -> jwt.jwtAuthenticationConverter(new CustomJwtAuthenticationConverter())))
-                .with(new RestSecurityLoggingConfig(), log -> {
-                });
+                        .jwt(jwt -> jwt.jwtAuthenticationConverter(new CustomJwtAuthenticationConverter())));
         return http.build();
     }
 
@@ -83,9 +79,7 @@ public SecurityFilterChain appFilterChain(HttpSecurity http) throws Exception {
         http.securityMatcher(WELL_KNOWN_ALL, "/error", "/app/**")
                 .authorizeHttpRequests(authz -> authz
                         .requestMatchers(WELL_KNOWN_ALL, "/error").permitAll()
-                        .requestMatchers("/**").hasAuthority(BASE_USER_AUTHORITY)
-                        .withObjectPostProcessor(new LmsFilterSecurityInterceptorObjectPostProcessor())
-                )
+                        .requestMatchers("/**").hasAuthority(BASE_USER_AUTHORITY))
                 .headers(headers -> headers
                         .contentSecurityPolicy(csp -> csp.policyDirectives("style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' https://*.instructure.com"))
                         .referrerPolicy(referrer -> referrer
@@ -116,8 +110,7 @@ public SecurityFilterChain catchallFilterChain(HttpSecurity http) throws Excepti
                         .grantedAuthoritiesMapper(new CustomRoleMapper(defaultInstructorRoleRepository, userRepository)));
 
         http.securityMatcher("/**")
-                .authorizeHttpRequests((authz) -> authz.anyRequest().authenticated()
-                        .withObjectPostProcessor(new LmsFilterSecurityInterceptorObjectPostProcessor()))
+                .authorizeHttpRequests((authz) -> authz.anyRequest().authenticated())
                 .headers(headers -> headers
                         .contentSecurityPolicy(csp ->
                                 csp.policyDirectives("style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' https://*.instructure.com"))

src/main/resources/templates/main.html

@@ -66,14 +66,14 @@
     <h1 id="cnTitle" class="rvt-ts-32 rvt-m-bottom-xs">Canvas Notifier</h1>
 
     <form id="createNotifyForm" th:object="${canvasNotifierFormModel}" th:action="@{|/app/preview|}" method="post" enctype="multipart/form-data">
-        <p aria-hidden="true" class="req-instruction">All fields marked with <span th:replace="fragments :: reqAsterisk" /> are required</p>
+        <p aria-hidden="true" class="req-instruction">All fields marked with <span th:replace="~{fragments :: reqAsterisk}" /> are required</p>
         <div class="rvt-grid">
             <div class="rvt-grid__item" th:with="senderError=${canvasNotifierFormModel.fieldErrorsMap != null && canvasNotifierFormModel.fieldErrorsMap.containsKey('sender')},
                 subjectError=${canvasNotifierFormModel.fieldErrorsMap != null && canvasNotifierFormModel.fieldErrorsMap.containsKey('subject')},
                 bodyError=${canvasNotifierFormModel.fieldErrorsMap != null && canvasNotifierFormModel.fieldErrorsMap.containsKey('body')},
                 attachError=${canvasNotifierFormModel.fieldErrorsMap != null && canvasNotifierFormModel.fieldErrorsMap.containsKey('attachment')}">
 
-                <label class="cnLabel" for="senderUserId">Sender's Username <span th:replace="fragments :: reqAsterisk"></span></label>
+                <label class="cnLabel" for="senderUserId">Sender's Username <span th:replace="~{fragments :: reqAsterisk}"></span></label>
                 <div>
                     <select id="senderUserId" th:field="*{selectedSenderCanvasId}" class="rvt-select"
                             th:classappend="${senderError} ? rvt-validation-danger" 
@@ -86,7 +86,7 @@ <h1 id="cnTitle" class="rvt-ts-32 rvt-m-bottom-xs">Canvas Notifier</h1>
                     <div th:replace="fragments :: field-error('state-message', 'You must choose a sender.')" />
                 </div>
 
-                <label for="msgSubject" class="cnLabel rvt-m-top-md rvt-label">Message Subject <span th:replace="fragments :: reqAsterisk"></span></label>
+                <label for="msgSubject" class="cnLabel rvt-m-top-md rvt-label">Message Subject <span th:replace="~{fragments :: reqAsterisk}"></span></label>
                 <input id="msgSubject" th:field="*{subject}" type="text" class="rvt-text-input"
                        th:classappend="${subjectError} ? rvt-validation-danger"
                        th:attr="aria-required='true', aria-describedby=${subjectError} ? 'messageSubject', aria-invalid=${subjectError} ? 'true'" />
@@ -95,7 +95,7 @@ <h1 id="cnTitle" class="rvt-ts-32 rvt-m-bottom-xs">Canvas Notifier</h1>
                     <div th:replace="fragments :: field-error('messageSubject', 'You must enter a subject.')" />
                 </div>
 
-                <label for="msgBody" class="cnLabel rvt-m-top-md rvt-label">Message Body <span th:replace="fragments :: reqAsterisk"></span></label>
+                <label for="msgBody" class="cnLabel rvt-m-top-md rvt-label">Message Body <span th:replace="~{fragments :: reqAsterisk}"></span></label>
                 <textarea type="text" id="msgBody" th:field="*{body}" class="rvt-textarea"
                            th:classappend="${bodyError} ? rvt-validation-danger"
                           th:attr="aria-required='true', aria-describedby=${bodyError} ? 'description-message', aria-invalid=${bodyError} ? 'true'"></textarea>
@@ -104,7 +104,7 @@ <h1 id="cnTitle" class="rvt-ts-32 rvt-m-bottom-xs">Canvas Notifier</h1>
                     <div th:replace="fragments :: field-error('description-message', 'You must enter a message.')" />
                 </div>
 
-                <p class="recipients">Recipients <span th:replace="fragments :: reqAsterisk"></span></p>
+                <p class="recipients">Recipients <span th:replace="~{fragments :: reqAsterisk}"></span></p>
                 <div class="rvt-file" data-rvt-file-input="cnAttachment">
                     <input type="file" data-rvt-file-input-button="cnAttachment" id="cnAttachment" name="cnAttachment" aria-required="true"
                            aria-describedby="cnAttachmentDescription" th:attrappend="aria-describedby=${attachError} ? ' ' + csvMessage"