Compare commits
No commits in common. "ead0bccfe7f42c257700b013d378ff332ab81618" and "701c2b7cd3d9426fafdef7c9c7361db397ed8ca3" have entirely different histories.
ead0bccfe7
...
701c2b7cd3
5 changed files with 1 additions and 151 deletions
|
@ -48,11 +48,6 @@ dependencies {
|
||||||
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
|
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
|
||||||
implementation("org.springframework.boot:spring-boot-starter-validation")
|
implementation("org.springframework.boot:spring-boot-starter-validation")
|
||||||
implementation("org.springframework.boot:spring-boot-starter-web")
|
implementation("org.springframework.boot:spring-boot-starter-web")
|
||||||
implementation("org.springframework.boot:spring-boot-starter-security")
|
|
||||||
implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
|
|
||||||
implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
|
|
||||||
|
|
||||||
// Postgres
|
|
||||||
runtimeOnly("org.postgresql:postgresql")
|
runtimeOnly("org.postgresql:postgresql")
|
||||||
|
|
||||||
// Lombok
|
// Lombok
|
||||||
|
@ -62,7 +57,6 @@ dependencies {
|
||||||
// Test
|
// Test
|
||||||
testImplementation("org.springframework.boot:spring-boot-starter-test")
|
testImplementation("org.springframework.boot:spring-boot-starter-test")
|
||||||
testImplementation("org.springframework.boot:spring-boot-testcontainers")
|
testImplementation("org.springframework.boot:spring-boot-testcontainers")
|
||||||
testImplementation("org.springframework.security:spring-security-test")
|
|
||||||
testImplementation("org.testcontainers:junit-jupiter")
|
testImplementation("org.testcontainers:junit-jupiter")
|
||||||
testImplementation("org.testcontainers:postgresql")
|
testImplementation("org.testcontainers:postgresql")
|
||||||
testRuntimeOnly("org.junit.platform:junit-platform-launcher")
|
testRuntimeOnly("org.junit.platform:junit-platform-launcher")
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
package de.hmmh.pmt.auth;
|
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
||||||
import org.springframework.security.core.session.SessionRegistry;
|
|
||||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
|
||||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
|
||||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
|
||||||
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
@EnableWebSecurity
|
|
||||||
@EnableMethodSecurity
|
|
||||||
public class AuthConfig {
|
|
||||||
|
|
||||||
private final JWT jwt;
|
|
||||||
|
|
||||||
AuthConfig(JWT jwt) {
|
|
||||||
this.jwt = jwt;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public SessionRegistry sessionRegistry() {
|
|
||||||
return new SessionRegistryImpl();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
|
||||||
return new RegisterSessionAuthenticationStrategy(sessionRegistry());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public HttpSessionEventPublisher httpSessionEventPublisher() {
|
|
||||||
return new HttpSessionEventPublisher();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
||||||
http
|
|
||||||
.authorizeHttpRequests(auth -> auth
|
|
||||||
.anyRequest()
|
|
||||||
.authenticated()
|
|
||||||
)
|
|
||||||
.oauth2ResourceServer(resourceServer -> resourceServer
|
|
||||||
.jwt(jwt -> jwt
|
|
||||||
.jwtAuthenticationConverter(this.jwt.jwtAuthenticationConverter())
|
|
||||||
)
|
|
||||||
);
|
|
||||||
return http.build();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,69 +0,0 @@
|
||||||
package de.hmmh.pmt.auth;
|
|
||||||
|
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
|
||||||
import jakarta.servlet.http.HttpServletResponse;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
||||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
|
||||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
|
|
||||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
|
||||||
import org.springframework.stereotype.Component;
|
|
||||||
import org.springframework.web.client.RestTemplate;
|
|
||||||
import org.springframework.web.util.UriComponentsBuilder;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
@Component
|
|
||||||
public class JWT implements LogoutHandler {
|
|
||||||
private static final String REALM_ACCESS_CLAIM = "realm_access";
|
|
||||||
private static final String ROLES_CLAIM = "roles";
|
|
||||||
private static final String ROLE_PREFIX = "ROLE_";
|
|
||||||
private static final String OIDC_LOGOUT_ROUTE = "/protocol/openid-connect/logout";
|
|
||||||
private static final String OIDC_TOKEN_HINT_QUERY_PARAMETER = "id_token_hin";
|
|
||||||
|
|
||||||
private final RestTemplate template = new RestTemplate();
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
|
|
||||||
OidcUser user = (OidcUser) authentication.getPrincipal();
|
|
||||||
String endSessionEndpoint = user.getIssuer() + OIDC_LOGOUT_ROUTE;
|
|
||||||
UriComponentsBuilder builder = UriComponentsBuilder
|
|
||||||
.fromUriString(endSessionEndpoint)
|
|
||||||
.queryParam(OIDC_TOKEN_HINT_QUERY_PARAMETER, user.getIdToken().getTokenValue());
|
|
||||||
|
|
||||||
ResponseEntity<String> logoutResponse = template.getForEntity(builder.toUriString(), String.class);
|
|
||||||
if (logoutResponse.getStatusCode().is2xxSuccessful()) {
|
|
||||||
System.out.println("Logged out successfully");
|
|
||||||
} else {
|
|
||||||
System.out.println("Failed to logout");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public JwtAuthenticationConverter jwtAuthenticationConverter() {
|
|
||||||
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
|
|
||||||
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> {
|
|
||||||
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
|
|
||||||
|
|
||||||
Map<String, Object> realmAccess = jwt.getClaim(REALM_ACCESS_CLAIM);
|
|
||||||
if (realmAccess == null || !realmAccess.containsKey(ROLES_CLAIM)) {
|
|
||||||
return grantedAuthorities;
|
|
||||||
}
|
|
||||||
|
|
||||||
Object rolesClaim = realmAccess.get(ROLES_CLAIM);
|
|
||||||
if (!(rolesClaim instanceof List<?>)) {
|
|
||||||
return grantedAuthorities;
|
|
||||||
}
|
|
||||||
for (Object role : (List<?>) rolesClaim) {
|
|
||||||
assert role instanceof String;
|
|
||||||
grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
|
|
||||||
}
|
|
||||||
|
|
||||||
return grantedAuthorities;
|
|
||||||
});
|
|
||||||
return jwtAuthenticationConverter;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -5,15 +5,8 @@ info:
|
||||||
version: 1.0.0
|
version: 1.0.0
|
||||||
servers:
|
servers:
|
||||||
- url: /api/v1
|
- url: /api/v1
|
||||||
security:
|
|
||||||
- JWTAuth: []
|
|
||||||
|
|
||||||
components:
|
components:
|
||||||
securitySchemes:
|
|
||||||
JWTAuth:
|
|
||||||
type: http
|
|
||||||
scheme: bearer
|
|
||||||
bearerFormat: JWT
|
|
||||||
schemas:
|
schemas:
|
||||||
HelloOut:
|
HelloOut:
|
||||||
description: "A Test Schema"
|
description: "A Test Schema"
|
||||||
|
|
|
@ -7,14 +7,3 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/pmt
|
||||||
spring.datasource.username=pmt_user
|
spring.datasource.username=pmt_user
|
||||||
spring.datasource.password=pmt123
|
spring.datasource.password=pmt123
|
||||||
spring.jpa.hibernate.ddl-auto=create-drop
|
spring.jpa.hibernate.ddl-auto=create-drop
|
||||||
|
|
||||||
# JWT Auth
|
|
||||||
spring.security.oauth2.client.registration.keycloak.client-id=employee-management-service
|
|
||||||
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
|
|
||||||
spring.security.oauth2.client.registration.keycloak.scope=openid
|
|
||||||
spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
|
|
||||||
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
|
|
||||||
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
|
|
||||||
|
|
||||||
# Debugging
|
|
||||||
logging.level.org.springframework.security=DEBUG
|
|
Loading…
Reference in a new issue