diff --git a/backend/src/main/java/de/szut/casino/security/KeycloakLogoutHandler.java b/backend/src/main/java/de/szut/casino/security/KeycloakLogoutHandler.java deleted file mode 100644 index 5e08794..0000000 --- a/backend/src/main/java/de/szut/casino/security/KeycloakLogoutHandler.java +++ /dev/null @@ -1,48 +0,0 @@ -package de.szut.casino.security; - -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import lombok.extern.slf4j.Slf4j; -import org.springframework.http.ResponseEntity; -import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.core.oidc.user.OidcUser; -import org.springframework.security.web.authentication.logout.LogoutHandler; -import org.springframework.stereotype.Component; -import org.springframework.web.client.RestTemplate; -import org.springframework.web.util.UriComponentsBuilder; - -@Slf4j -@Component -public class KeycloakLogoutHandler implements LogoutHandler { - - - private final RestTemplate restTemplate; - - public KeycloakLogoutHandler(RestTemplate restTemplate) { - this.restTemplate = restTemplate; - } - - @Override - public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) { - logout(request, auth); - } - - public void logout(HttpServletRequest request, Authentication auth) { - logoutFromKeycloak((OidcUser) auth.getPrincipal()); - } - - private void logoutFromKeycloak(OidcUser user) { - String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout"; - UriComponentsBuilder builder = UriComponentsBuilder - .fromUriString(endSessionEndpoint) - .queryParam("id_token_hint", user.getIdToken().getTokenValue()); - - ResponseEntity logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class); - if (logoutResponse.getStatusCode().is2xxSuccessful()) { - log.info("Successfulley logged out from Keycloak"); - } else { - log.error("Could not propagate logout to Keycloak"); - } - } - -} diff --git a/backend/src/main/java/de/szut/casino/security/KeycloakSecurityConfig.java b/backend/src/main/java/de/szut/casino/security/KeycloakSecurityConfig.java index 8ddcbcb..0654bb6 100644 --- a/backend/src/main/java/de/szut/casino/security/KeycloakSecurityConfig.java +++ b/backend/src/main/java/de/szut/casino/security/KeycloakSecurityConfig.java @@ -14,7 +14,6 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; import org.springframework.security.web.session.HttpSessionEventPublisher; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import java.util.ArrayList; import java.util.List; @@ -24,16 +23,9 @@ import java.util.Map; @EnableWebSecurity class KeycloakSecurityConfig { - private static final String GROUPS = "groups"; private static final String REALM_ACCESS_CLAIM = "realm_access"; private static final String ROLES_CLAIM = "roles"; - private final KeycloakLogoutHandler keycloakLogoutHandler; - - KeycloakSecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) { - this.keycloakLogoutHandler = keycloakLogoutHandler; - } - @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); @@ -49,11 +41,10 @@ class KeycloakSecurityConfig { return new HttpSessionEventPublisher(); } - @Bean public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(auth -> auth - .requestMatchers("/swagger", "/swagger-ui/**", "/v3/api-docs/**", "/health").permitAll() + .requestMatchers("/swagger", "/swagger-ui/**", "/v3/api-docs/**", "health").permitAll() .anyRequest().authenticated() ) .oauth2ResourceServer(spec -> spec.jwt(Customizer.withDefaults())); @@ -67,9 +58,9 @@ class KeycloakSecurityConfig { jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> { List grantedAuthorities = new ArrayList<>(); - Map realmAccess = jwt.getClaim("realm_access"); - if (realmAccess != null && realmAccess.containsKey("roles")) { - List roles = (List) realmAccess.get("roles"); + Map realmAccess = jwt.getClaim(REALM_ACCESS_CLAIM); + if (realmAccess != null && realmAccess.containsKey(ROLES_CLAIM)) { + List roles = (List) realmAccess.get(ROLES_CLAIM); for (String role : roles) { grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role)); }