wip

backend/build.gradle.kts

@@ -47,8 +47,8 @@ dependencies {
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
     implementation("org.springframework.boot:spring-boot-starter-security")
-    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server:3.3.3")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
-    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
+    implementation("org.springframework.security:spring-security-oauth2-jose")
     runtimeOnly("org.postgresql:postgresql")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0")
 }

backend/src/main/java/de/szut/casino/security/CustomJwtAuthenticationConverter.java

@@ -0,0 +1,27 @@
+package de.szut.casino.security;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+
+public class CustomJwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
+    
+    @Override
+    public AbstractAuthenticationToken convert(Jwt source) {
+        JwtGrantedAuthoritiesConverter authoritiesConverter = new JwtGrantedAuthoritiesConverter();
+        authoritiesConverter.setAuthorityPrefix("ROLE_");  // Ensure roles have the prefix
+        authoritiesConverter.setAuthoritiesClaimName("roles"); // Use Authentik's claim for roles
+
+        JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
+        converter.setJwtGrantedAuthoritiesConverter(authoritiesConverter);
+
+        return converter.convert(source);
+    }
+
+    public <U> Converter<Jwt, U> andThen(Converter<? super AbstractAuthenticationToken, ? extends U> after) {
+        return Converter.super.andThen(after);
+    }
+}
+

backend/src/main/java/de/szut/casino/security/SecurityConfig.java

@@ -0,0 +1,25 @@
+package de.szut.casino.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests(auth -> {
+            auth.requestMatchers("/swagger/**", "/health").permitAll()
+                    .requestMatchers("/").authenticated();
+        })
+                .oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(new CustomJwtAuthenticationConverter())));
+
+        return http.build();
+    }
+}
+

backend/src/main/resources/application.properties

@@ -9,18 +9,9 @@ app.frontend-host=http://localhost:4200
 spring.application.name=lf12_starter
 #client registration configuration
 
-spring.security.oauth2.client.registration.authentik.provider=authentik
 spring.security.oauth2.client.registration.authentik.client-id=MDqjm1kcWKuZfqHJXjxwAV20i44aT7m4VhhTL3Nm
 spring.security.oauth2.client.registration.authentik.client-secret=GY2F8te6iAVYt1TNAUVLzWZEXb6JoMNp6chbjqaXNq4gS5xTDL54HqBiAlV1jFKarN28LQ7FUsYX4SbwjfEhZhgeoKuBnZKjR9eiu7RawnGgxIK9ffvUfMkjRxnmiGI5
-spring.security.oauth2.client.registration.authentik.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://oauth.simonis.lol/application/o/casino-dev/
-spring.security.oauth2.client.registration.authentik.scope=openid, profile, email
-spring.security.oauth2.client.registration.authentik.client-name=Authentik
-spring.security.oauth2.client.registration.authentik.authorization-grant-type=authorization_code
-spring.security.oauth2.client.provider.authentik.authorization-uri=https://oauth.simonis.lol/application/o/authorize/
-spring.security.oauth2.client.provider.authentik.issuer-uri=https://oauth.simonis.lol/
-spring.security.oauth2.client.provider.authentik.token-uri=https://oauth.simonis.lol/application/o/token/
-spring.security.oauth2.client.provider.authentik.user-info-uri=https://oauth.simonis.lol/application/o/userinfo/
-spring.security.oauth2.client.provider.authentik.jwk-set-uri=https://oauth.simonis.lol/application/o/jwks/
 
 #OIDC provider configuration:
 logging.level.org.springframework.security=DEBUG

frontend/src/app/feature/login-success/login-success.component.ts

@@ -15,6 +15,6 @@ export default class LoginSuccessComponent implements OnInit {
   private router: Router = inject(Router);
   private authService: AuthService = inject(AuthService);
   async ngOnInit() {
-    this.authService.getUserInfo()
+    console.log(this.authService.getAccessToken());
   }
 }

frontend/src/app/service/auth.service.ts

@@ -13,9 +13,6 @@ export class AuthService {
 
   private readonly authConfig: AuthConfig = {
     issuer: 'https://oauth.simonis.lol/application/o/casino-dev/',
-    loginUrl: 'https://oauth.simonis.lol/application/o/authorize/',
-    tokenEndpoint: 'https://oauth.simonis.lol/application/o/token/',
-    userinfoEndpoint: 'https://oauth.simonis.lol/application/o/userinfo/',
     clientId: 'MDqjm1kcWKuZfqHJXjxwAV20i44aT7m4VhhTL3Nm',
     dummyClientSecret: 'GY2F8te6iAVYt1TNAUVLzWZEXb6JoMNp6chbjqaXNq4gS5xTDL54HqBiAlV1jFKarN28LQ7FUsYX4SbwjfEhZhgeoKuBnZKjR9eiu7RawnGgxIK9ffvUfMkjRxnmiGI5',
     scope: 'openid profile email',
@@ -25,6 +22,8 @@ export class AuthService {
     requestAccessToken: true,
     strictDiscoveryDocumentValidation: false,
     showDebugInformation: true,
+    skipIssuerCheck: true,
+    disableAtHashCheck: true,
   };
 
   private isAuthenticated = new Subject<boolean>();
@@ -32,9 +31,11 @@ export class AuthService {
   private oauthService: OAuthService = inject(OAuthService);
 
   constructor() {
+    this.oauthService.setStorage(localStorage);
     this.oauthService.configure(this.authConfig);
     this.oauthService.events.subscribe((event) => {
       if (event.type === 'token_received') {
+        localStorage.setItem('jwt', this.getAccessToken());
         this.oauthService.loadUserProfile().then((profile) => {
           this.fromUserProfile(profile).subscribe((user) => {
             this.user = user;
@@ -56,10 +57,6 @@ export class AuthService {
     this.isAuthenticated.next(false);
   }
 
-  getUserInfo() {
-    return this.user;
-  }
-
   isLoggedIn() {
     return this.oauthService.hasValidAccessToken();
   }

frontend/src/app/shared/interceptor/http.interceptor.ts

@@ -1,9 +1,9 @@
 import { HttpInterceptorFn } from '@angular/common/http';
-import { inject } from '@angular/core';
-import { AuthService } from '../../service/auth.service';
 
 export const httpInterceptor: HttpInterceptorFn = (req, next) => {
-  return next(req.clone({
+  if (localStorage.getItem('jwt')) {
-    setHeaders: {'Authorization': 'Bearer '+inject(AuthService).getAccessToken()},
+    return next(req.clone({ setHeaders: { 'Authorization': 'Bearer ' + localStorage.getItem('jwt') } }));
-  }));
+  } else {
+    return next(req);
+  }
 };