Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lmsa 7710 q1 upgrade #24

Merged
merged 4 commits into from
Jan 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ They can be set in a properties file, or overridden as environment variables.
| Property | Default Value | Description |
|----------------------|-----------------------------|-----------------------------------------------------------|
| `canvas.host` | | Hostname of the Canvas instance |
| `canvas.sso.host` | | Hostname of the Canvas OIDC auth domain |
| `canvas.baseUrl` | https://`${canvas.host}` | Base URL of the Canvas instance |
| `canvas.baseApiUrl` | `${canvas.baseUrl}`/api/v1 | Base URL for the Canvas API |
| `canvas.token` | | Token for access to Canvas instance |
Expand Down Expand Up @@ -91,6 +92,15 @@ They can be set in a security.properties file, or overridden as environment vari
| `lti.errorcontact.name` | Display name for your support organization |
| `lti.errorcontact.link` | Contact mechanism - URL or mailto:email (e.g. `http://support.school.edu` or `mailto:[email protected]`) |

### LTI issuer configuration
Be sure to configure an environment appropriate issuer for the Canvas instance that is launching the tool.

See https://canvas.instructure.com/doc/api/file.lti_dev_key_config.html#overview-of-an-lti-launch for details.

| Property | Description |
|-------------------|----------------------------------------------------------|
| `canvas.issuer` | Issuer for the Canvas instance doing the LTI tool launch |

### Redis Configuration (optional)
If you would like to use Redis for session storage, you will need to enable it by including the value `redis-session` into the `SPRING_PROFILES_ACTIVE` environment variable. Be aware that if the tool requires multiple values, that there could be more than one profile value in there.

Expand Down
22 changes: 11 additions & 11 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.10</version>
<version>2.7.18</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>

Expand Down Expand Up @@ -55,26 +55,26 @@
<properties>
<app.version>${project.version}</app.version>
<commons-fileupload.version>1.5</commons-fileupload.version>
<commons-io.version>2.11.0</commons-io.version>
<commons-io.version>2.15.1</commons-io.version>
<git-commit-id-maven-plugin.version>5.0.0</git-commit-id-maven-plugin.version>
<hibernate5-ddl-maven-plugin.version>2.5.0</hibernate5-ddl-maven-plugin.version>
<java.version>17</java.version>
<jdk.source>17</jdk.source>
<jdk.target>17</jdk.target>
<jquery.version>3.5.1</jquery.version>
<lms-canvas-rivet.version>5.2.3.1</lms-canvas-rivet.version>
<lms-embedded-services.version>5.2.5</lms-embedded-services.version>
<jquery.version>3.7.1</jquery.version>
<lms-canvas-rivet.version>5.2.5.2_2</lms-canvas-rivet.version>
<lms-embedded-services.version>5.2.30</lms-embedded-services.version>

<lms-team-spring-boot-it12>4.8</lms-team-spring-boot-it12>

<opencsv.version>5.7.1</opencsv.version>
<springdoc-openapi-ui.version>1.6.15</springdoc-openapi-ui.version>
<spring-cloud.version>2021.0.5</spring-cloud.version>
<webjars-locator.version>0.46</webjars-locator.version>
<opencsv.version>5.9</opencsv.version>
<springdoc-openapi-ui.version>1.7.0</springdoc-openapi-ui.version>
<spring-cloud.version>2021.0.9</spring-cloud.version>
<webjars-locator.version>0.50</webjars-locator.version>

<plugins.compiler.version>3.10.1</plugins.compiler.version>
<plugins.compiler.version>3.11.0</plugins.compiler.version>
<plugins.license.version>2.0.0</plugins.license.version>
<plugins.release.version>2.5.3</plugins.release.version>
<plugins.release.version>3.0.0</plugins.release.version>
</properties>

<dependencyManagement>
Expand Down
1 change: 0 additions & 1 deletion src/main/java/edu/iu/uits/lms/viewem/WebApplication.java
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,6 @@ public class WebApplication {
private ToolConfig toolConfig;

public static void main(String[] args) {
// SpringApplication.run(WebApplication.class, args);
SpringApplication app = new SpringApplication(WebApplication.class);
BufferingApplicationStartup startup = new BufferingApplicationStartup(2048);
startup.addFilter(startupStep -> startupStep.getName().matches("spring.boot.application.ready"));
Expand Down
21 changes: 18 additions & 3 deletions src/main/java/edu/iu/uits/lms/viewem/config/SecurityConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
import uk.ac.ox.ctl.lti13.Lti13Configurer;

import static edu.iu.uits.lms.lti.LTIConstants.BASE_USER_ROLE;
Expand All @@ -62,7 +63,9 @@ public static class RestSecurityConfigurationAdapter extends WebSecurityConfigur

@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/rest/**", "/api/**")
http
.cors().and()
.requestMatchers().antMatchers("/rest/**", "/api/**")
.and()
.authorizeRequests()
// In order to allow CORS preflight requests to succeed, we need to allow OPTIONS requests to the token endpoint
Expand Down Expand Up @@ -96,7 +99,13 @@ protected void configure(HttpSecurity http) throws Exception {
.authorizeRequests()
.antMatchers(WELL_KNOWN_ALL, "/error").permitAll()
.antMatchers("/**").hasRole(BASE_USER_ROLE)
.withObjectPostProcessor(new LmsFilterSecurityInterceptorObjectPostProcessor());
.withObjectPostProcessor(new LmsFilterSecurityInterceptorObjectPostProcessor())
.and()
.headers()
.contentSecurityPolicy("style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' https://*.instructure.com")
.and()
.referrerPolicy(referrer -> referrer
.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN));

//Setup the LTI handshake
Lti13Configurer lti13Configurer = new Lti13Configurer()
Expand All @@ -109,7 +118,13 @@ protected void configure(HttpSecurity http) throws Exception {
.and()
.authorizeRequests()
.anyRequest().authenticated()
.withObjectPostProcessor(new LmsFilterSecurityInterceptorObjectPostProcessor());
.withObjectPostProcessor(new LmsFilterSecurityInterceptorObjectPostProcessor())
.and()
.headers()
.contentSecurityPolicy("style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' https://*.instructure.com")
.and()
.referrerPolicy(referrer -> referrer
.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN));
}

@Override
Expand Down
Loading