wip
This commit is contained in:
parent
33683f565f
commit
f547d05f64
8 changed files with 78 additions and 104 deletions
|
|
@ -1,82 +0,0 @@
|
|||
package de.szut.casino.security;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.session.SessionRegistry;
|
||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class KeycloakSecurityConfig {
|
||||
|
||||
private final KeycloakLogoutHandler keycloakLogoutHandler;
|
||||
|
||||
KeycloakSecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) {
|
||||
this.keycloakLogoutHandler = keycloakLogoutHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SessionRegistry sessionRegistry() {
|
||||
return new SessionRegistryImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||
return new RegisterSessionAuthenticationStrategy(sessionRegistry());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public HttpSessionEventPublisher httpSessionEventPublisher() {
|
||||
return new HttpSessionEventPublisher();
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception {
|
||||
http.csrf(csrf -> csrf
|
||||
.ignoringRequestMatchers("/webhook")
|
||||
)
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers(HttpMethod.POST, "/webhook").permitAll()
|
||||
.requestMatchers("/swagger", "/swagger-ui/**", "/v3/api-docs/**", "/health").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(spec -> spec.jwt(Customizer.withDefaults()));
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JwtAuthenticationConverter jwtAuthenticationConverter() {
|
||||
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
|
||||
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> {
|
||||
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
|
||||
|
||||
Map<String, Object> realmAccess = jwt.getClaim("realm_access");
|
||||
if (realmAccess != null && realmAccess.containsKey("roles")) {
|
||||
List<String> roles = (List<String>) realmAccess.get("roles");
|
||||
for (String role : roles) {
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role));
|
||||
}
|
||||
}
|
||||
|
||||
return grantedAuthorities;
|
||||
});
|
||||
return jwtAuthenticationConverter;
|
||||
}
|
||||
}
|
||||
|
|
@ -9,16 +9,23 @@ app.frontend-host=http://localhost:4200
|
|||
|
||||
spring.application.name=lf12_starter
|
||||
#client registration configuration
|
||||
spring.security.oauth2.client.registration.keycloak.client-id=lf12
|
||||
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
|
||||
spring.security.oauth2.client.registration.keycloak.scope=openid
|
||||
|
||||
spring.security.oauth2.client.registration.authentik.provider=authentik
|
||||
spring.security.oauth2.client.registration.authentik.client-id=MDqjm1kcWKuZfqHJXjxwAV20i44aT7m4VhhTL3Nm
|
||||
spring.security.oauth2.client.registration.authentik.client-secret=GY2F8te6iAVYt1TNAUVLzWZEXb6JoMNp6chbjqaXNq4gS5xTDL54HqBiAlV1jFKarN28LQ7FUsYX4SbwjfEhZhgeoKuBnZKjR9eiu7RawnGgxIK9ffvUfMkjRxnmiGI5
|
||||
spring.security.oauth2.client.registration.authentik.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
|
||||
spring.security.oauth2.client.registration.authentik.scope=openid, profile, email
|
||||
spring.security.oauth2.client.registration.authentik.client-name=Authentik
|
||||
spring.security.oauth2.client.registration.authentik.authorization-grant-type=authorization_code
|
||||
spring.security.oauth2.client.provider.authentik.authorization-uri=https://oauth.simonis.lol/application/o/authorize/
|
||||
spring.security.oauth2.client.provider.authentik.issuer-uri=https://oauth.simonis.lol/
|
||||
spring.security.oauth2.client.provider.authentik.token-uri=https://oauth.simonis.lol/application/o/token/
|
||||
spring.security.oauth2.client.provider.authentik.user-info-uri=https://oauth.simonis.lol/application/o/userinfo/
|
||||
spring.security.oauth2.client.provider.authentik.jwk-set-uri=https://oauth.simonis.lol/application/o/jwks/
|
||||
|
||||
#OIDC provider configuration:
|
||||
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:9090/realms/LF12
|
||||
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
|
||||
logging.level.org.springframework.security=DEBUG
|
||||
#validating JWT token against our Keycloak server
|
||||
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:9090/realms/LF12
|
||||
|
||||
springdoc.swagger-ui.path=swagger
|
||||
springdoc.swagger-ui.try-it-out-enabled=true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue