build.gradle.kts

@@ -48,11 +48,6 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
     implementation("org.springframework.boot:spring-boot-starter-validation")
     implementation("org.springframework.boot:spring-boot-starter-web")
-    implementation("org.springframework.boot:spring-boot-starter-security")
-    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
-    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
-
-    // Postgres
     runtimeOnly("org.postgresql:postgresql")
 
     // Lombok
@@ -62,7 +57,6 @@ dependencies {
     // Test
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testImplementation("org.springframework.boot:spring-boot-testcontainers")
-    testImplementation("org.springframework.security:spring-security-test")
     testImplementation("org.testcontainers:junit-jupiter")
     testImplementation("org.testcontainers:postgresql")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")

src/main/java/de/hmmh/pmt/auth/AuthConfig.java

@@ -1,57 +0,0 @@
-package de.hmmh.pmt.auth;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.session.SessionRegistry;
-import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-import org.springframework.security.web.session.HttpSessionEventPublisher;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-
-@Configuration
-@EnableWebSecurity
-@EnableMethodSecurity
-public class AuthConfig {
-
-    private final JWT jwt;
-
-    AuthConfig(JWT jwt) {
-        this.jwt = jwt;
-    }
-
-    @Bean
-    public SessionRegistry sessionRegistry() {
-        return new SessionRegistryImpl();
-    }
-
-    @Bean
-    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-        return new RegisterSessionAuthenticationStrategy(sessionRegistry());
-    }
-
-    @Bean
-    public HttpSessionEventPublisher httpSessionEventPublisher() {
-        return new HttpSessionEventPublisher();
-    }
-
-
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http
-                .authorizeHttpRequests(auth -> auth
-                        .anyRequest()
-                        .authenticated()
-                )
-                .oauth2ResourceServer(resourceServer -> resourceServer
-                        .jwt(jwt -> jwt
-                                .jwtAuthenticationConverter(this.jwt.jwtAuthenticationConverter())
-                        )
-                );
-        return http.build();
-    }
-}

src/main/java/de/hmmh/pmt/auth/JWT.java

@@ -1,69 +0,0 @@
-package de.hmmh.pmt.auth;
-
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
-import org.springframework.security.web.authentication.logout.LogoutHandler;
-import org.springframework.stereotype.Component;
-import org.springframework.web.client.RestTemplate;
-import org.springframework.web.util.UriComponentsBuilder;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-@Component
-public class JWT implements LogoutHandler {
-    private static final String REALM_ACCESS_CLAIM = "realm_access";
-    private static final String ROLES_CLAIM = "roles";
-    private static final String ROLE_PREFIX = "ROLE_";
-    private static final String OIDC_LOGOUT_ROUTE = "/protocol/openid-connect/logout";
-    private static final String OIDC_TOKEN_HINT_QUERY_PARAMETER = "id_token_hin";
-
-    private final RestTemplate template = new RestTemplate();
-
-    @Override
-    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-        OidcUser user = (OidcUser) authentication.getPrincipal();
-        String endSessionEndpoint = user.getIssuer() + OIDC_LOGOUT_ROUTE;
-        UriComponentsBuilder builder = UriComponentsBuilder
-                .fromUriString(endSessionEndpoint)
-                .queryParam(OIDC_TOKEN_HINT_QUERY_PARAMETER, user.getIdToken().getTokenValue());
-
-        ResponseEntity<String> logoutResponse = template.getForEntity(builder.toUriString(), String.class);
-        if (logoutResponse.getStatusCode().is2xxSuccessful()) {
-            System.out.println("Logged out successfully");
-        } else {
-            System.out.println("Failed to logout");
-        }
-    }
-
-    public JwtAuthenticationConverter jwtAuthenticationConverter() {
-        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
-        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> {
-            List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
-            Map<String, Object> realmAccess = jwt.getClaim(REALM_ACCESS_CLAIM);
-            if (realmAccess == null || !realmAccess.containsKey(ROLES_CLAIM)) {
-                return grantedAuthorities;
-            }
-
-            Object rolesClaim = realmAccess.get(ROLES_CLAIM);
-            if (!(rolesClaim instanceof List<?>)) {
-                return grantedAuthorities;
-            }
-            for (Object role : (List<?>) rolesClaim) {
-                assert role instanceof String;
-                grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
-            }
-
-            return grantedAuthorities;
-        });
-        return jwtAuthenticationConverter;
-    }
-}

src/main/resources/api.yml

@@ -5,15 +5,8 @@ info:
   version: 1.0.0
 servers:
   - url: /api/v1
-security:
-  - JWTAuth: []
     
 components:
-  securitySchemes:
-    JWTAuth:
-      type: http
-      scheme: bearer
-      bearerFormat: JWT
   schemas: 
     HelloOut:
       description: "A Test Schema"

src/main/resources/application.properties

@@ -6,15 +6,4 @@ server.port=8080
 spring.datasource.url=jdbc:postgresql://localhost:5432/pmt
 spring.datasource.username=pmt_user
 spring.datasource.password=pmt123
-spring.jpa.hibernate.ddl-auto=create-drop
+spring.jpa.hibernate.ddl-auto=create-drop
-
-# JWT Auth
-spring.security.oauth2.client.registration.keycloak.client-id=employee-management-service
-spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
-spring.security.oauth2.client.registration.keycloak.scope=openid
-spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
-spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
-spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
-
-# Debugging
-logging.level.org.springframework.security=DEBUG