Fix access even when logged in

README.md

@@ -1,9 +1,7 @@
 # KickerELO
 
 KickerELO is a web application for displaying Elo ratings for foosball (table soccer) games.  
-It uses **Spring Boot** for the backend, **Vaadin** for the frontend, and **MariaDB** as the database.
+It uses **Spring Boot** for the backend, **Vaadin** for the frontend, and **MariaDB** as the database. It is compatible with any OpenID Connect (OIDC) provider.
-
-This fork implements a single sign-on implementation for Authentik using (OIDC).
 
 ## Requirements
 

src/main/java/org/kickerelo/kickerelo/config/SecurityConfig.java

@@ -1,27 +1,25 @@
 package org.kickerelo.kickerelo.config;
 
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.web.SecurityFilterChain;
+
+import com.vaadin.flow.spring.security.VaadinWebSecurity;
 
 @Configuration
-public class SecurityConfig {
+class SecurityConfiguration extends VaadinWebSecurity {
-    @Bean
+
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        // super.configure(http);
+
         http
             .authorizeHttpRequests(auth -> auth
-            .requestMatchers("/app/admin/**").authenticated() // Nur authentifizierte User
+                .requestMatchers("/app/admin/**", "/app/admin", "/app/app/admin/**", "/app/app/admin").hasAuthority("Kicker Admin")
                 .anyRequest().permitAll()
             )
             .oauth2Login(org.springframework.security.config.Customizer.withDefaults())
-            // .oauth2Login(oauth -> oauth
-            //     .defaultSuccessUrl("/app/app/admin", true)
-            // )
-            //.and()
             .logout(logout -> logout.logoutSuccessUrl("/"))
             .csrf(csrf -> csrf.disable());
-
-        return http.build();
     }
 }

src/main/java/org/kickerelo/kickerelo/util/RedirectController.java

@@ -7,6 +7,6 @@ import org.springframework.web.bind.annotation.GetMapping;
 public class RedirectController {
     @GetMapping("/")
     public String redirectToApp() {
-        return "redirect:/app/app";
+        return "redirect:/app";
     }
 }

src/main/java/org/kickerelo/kickerelo/views/AdminView.java

@@ -1,5 +1,7 @@
 package org.kickerelo.kickerelo.views;
 
+import java.util.List;
+
 import org.kickerelo.kickerelo.exception.DuplicatePlayerException;
 import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
@@ -7,19 +9,32 @@ import org.kickerelo.kickerelo.service.KickerEloService;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import java.util.List;
 
 import com.vaadin.flow.component.button.Button;
-import com.vaadin.flow.component.html.H2;
 import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.component.textfield.TextField;
+import com.vaadin.flow.router.BeforeEnterEvent;
 import com.vaadin.flow.router.Route;
 
-@Route("app/admin")
+@Route("admin")
 public class AdminView extends VerticalLayout {
+
+    public void beforeEnter(BeforeEnterEvent event) {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth == null || !(auth.getPrincipal() instanceof OidcUser oidcUser)) {
+            event.rerouteTo("");
+            return;
+        }
+
+        var groups = oidcUser.getClaimAsStringList("groups");
+        if (groups == null || !groups.contains("Kicker Admin")) {
+            event.rerouteTo("");
+        }
+    }
+
     public AdminView(KickerEloService service) {
         // Zeige den aktuell authentifizierten Benutzer
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
@@ -36,19 +51,19 @@ public class AdminView extends VerticalLayout {
                 listOfGroups = List.of();
             }
             add(new Paragraph("Angemeldet als: " + username));
-            add(new Paragraph("Gruppen: " + listOfGroups.toString()));
 
-            if (listOfGroups.contains("Kicker Admin")) {
+            if (!listOfGroups.contains("Kicker Admin")) {
-                add(new Paragraph("Du bist Admin!"));
+                add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
+                getUI().ifPresent(ui -> ui.navigate(""));
+                return;
             } else {
-                if (listOfGroups.contains("Kicker User")) {
+                add(new Paragraph("Willkommen im Admin-Bereich!"));
-                    add(new Paragraph("Du bist kein Admin, aber ein kickerelo User!"));
-                } else {
-                    add(new Paragraph("Du bist gar nichts!"));
-                }
             }
         } else {
             add(new Paragraph("Niemand ist angemeldet"));
+            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
+            getUI().ifPresent(ui -> ui.navigate(""));
+            return;
         }
 
         TextField spielername = new TextField("Spielername");

src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java

@@ -16,7 +16,7 @@ import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.component.textfield.IntegerField;
 import com.vaadin.flow.router.Route;
 
-@Route(value = "app/enter1vs1")
+@Route("enter1vs1")
 public class Enter1vs1View extends VerticalLayout {
 
     public Enter1vs1View(KickerEloService eloService) {

src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java

@@ -16,7 +16,7 @@ import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.component.textfield.IntegerField;
 import com.vaadin.flow.router.Route;
 
-@Route(value = "app/enter2vs2")
+@Route("enter2vs2")
 public class Enter2vs2View extends VerticalLayout {
     public Enter2vs2View(KickerEloService eloService) {
         H2 subheading = new H2("2 vs 2 Ergebnis");

src/main/java/org/kickerelo/kickerelo/views/Graph1vs1View.java

@@ -10,7 +10,7 @@ import com.vaadin.flow.component.html.H2;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.Route;
 
-@Route("app/graph1vs1")
+@Route("graph1vs1")
 public class Graph1vs1View extends VerticalLayout {
 
     public Graph1vs1View(SpielerRepository repo) {

src/main/java/org/kickerelo/kickerelo/views/Graph2vs2View.java

@@ -10,7 +10,7 @@ import com.vaadin.flow.component.html.H2;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.Route;
 
-@Route("app/graph2vs2")
+@Route("graph2vs2")
 public class Graph2vs2View extends VerticalLayout {
 
     public Graph2vs2View(SpielerRepository repo) {

src/main/java/org/kickerelo/kickerelo/views/History1vs1View.java

@@ -19,7 +19,7 @@ import com.vaadin.flow.data.renderer.LocalDateTimeRenderer;
 import com.vaadin.flow.data.value.ValueChangeMode;
 import com.vaadin.flow.router.Route;
 
-@Route("app/history1vs1")
+@Route("history1vs1")
 public class History1vs1View extends HistoryView {
 
     private final Ergebnis1vs1Repository repo;

src/main/java/org/kickerelo/kickerelo/views/History2vs2View.java

@@ -21,7 +21,7 @@ import com.vaadin.flow.data.value.ValueChangeMode;
 import com.vaadin.flow.router.Route;
 
 
-@Route("app/history2vs2")
+@Route("history2vs2")
 public class History2vs2View extends HistoryView {
 
     private final Ergebnis2vs2Repository repo;

src/main/java/org/kickerelo/kickerelo/views/PlayerListView.java

@@ -12,7 +12,7 @@ import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.data.provider.SortDirection;
 import com.vaadin.flow.router.Route;
 
-@Route("app")
+@Route("/")
 public class PlayerListView extends VerticalLayout {
     public PlayerListView(KickerEloService eloService) {
         setSizeFull();

src/main/java/org/kickerelo/kickerelo/views/Stat2vs2View.java

@@ -15,7 +15,7 @@ import com.vaadin.flow.component.progressbar.ProgressBar;
 import com.vaadin.flow.component.progressbar.ProgressBarVariant;
 import com.vaadin.flow.router.Route;
 
-@Route("app/stat2vs2")
+@Route("stat2vs2")
 public class Stat2vs2View extends VerticalLayout {
     Stat2vs2Service stat2vs2Service;
     KickerEloService kickerEloService;