-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
25 changed files
with
257 additions
and
275 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FROM adoptopenjdk/openjdk11 | ||
FROM openjdk:17-oracle | ||
VOLUME ["/tmp","/log"] | ||
EXPOSE 8080 | ||
ARG JAR_FILE | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
src/main/java/de/caritas/cob/consultingtypeservice/api/auth/AuthorisationService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package de.caritas.cob.consultingtypeservice.api.auth; | ||
|
||
import com.google.common.collect.Lists; | ||
import java.util.Collection; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.stream.Collectors; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.security.oauth2.jwt.Jwt; | ||
import org.springframework.stereotype.Service; | ||
|
||
@Service | ||
public class AuthorisationService { | ||
|
||
private final RoleAuthorizationAuthorityMapper roleAuthorizationAuthorityMapper = | ||
new RoleAuthorizationAuthorityMapper(); | ||
|
||
public Object getUsername() { | ||
return getPrincipal().getClaims().get("username"); | ||
} | ||
|
||
private Authentication getAuthentication() { | ||
return SecurityContextHolder.getContext().getAuthentication(); | ||
} | ||
|
||
private Jwt getPrincipal() { | ||
return (Jwt) getAuthentication().getPrincipal(); | ||
} | ||
|
||
public Collection<GrantedAuthority> extractRealmAuthorities(Jwt jwt) { | ||
var roles = extractRealmRoles(jwt); | ||
return roleAuthorizationAuthorityMapper.mapAuthorities( | ||
roles.stream().collect(Collectors.toSet())); | ||
} | ||
|
||
public Collection<String> extractRealmRoles(Jwt jwt) { | ||
Map<String, Object> realmAccess = (Map<String, Object>) jwt.getClaims().get("realm_access"); | ||
if (realmAccess != null) { | ||
var roles = (List<String>) realmAccess.get("roles"); | ||
if (roles != null) { | ||
return roles; | ||
} | ||
} | ||
return Lists.newArrayList(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
src/main/java/de/caritas/cob/consultingtypeservice/api/auth/JwtAuthConverter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
package de.caritas.cob.consultingtypeservice.api.auth; | ||
|
||
import java.util.Collection; | ||
import java.util.stream.Collectors; | ||
import java.util.stream.Stream; | ||
import lombok.NonNull; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.core.convert.converter.Converter; | ||
import org.springframework.security.authentication.AbstractAuthenticationToken; | ||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.oauth2.jwt.Jwt; | ||
import org.springframework.security.oauth2.jwt.JwtClaimNames; | ||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; | ||
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; | ||
import org.springframework.stereotype.Component; | ||
|
||
@Component | ||
@RequiredArgsConstructor | ||
public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationToken> { | ||
|
||
private final @NonNull AuthorisationService authorisationService; | ||
|
||
private final JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = | ||
new JwtGrantedAuthoritiesConverter(); | ||
|
||
private final JwtAuthConverterProperties properties; | ||
|
||
|
||
@Override | ||
public AbstractAuthenticationToken convert(Jwt jwt) { | ||
var authorities = getGrantedAuthorities(jwt); | ||
return new JwtAuthenticationToken(jwt, authorities, getPrincipalClaimName(jwt)); | ||
} | ||
|
||
private Collection<GrantedAuthority> getGrantedAuthorities(Jwt jwt) { | ||
Collection<GrantedAuthority> convertedGrantedAuthorities = | ||
jwtGrantedAuthoritiesConverter.convert(jwt); | ||
if (convertedGrantedAuthorities != null) { | ||
return Stream.concat( | ||
convertedGrantedAuthorities.stream(), | ||
authorisationService.extractRealmAuthorities(jwt).stream()) | ||
.collect(Collectors.toSet()); | ||
} else { | ||
return authorisationService.extractRealmAuthorities(jwt); | ||
} | ||
} | ||
|
||
private String getPrincipalClaimName(Jwt jwt) { | ||
String claimName = JwtClaimNames.SUB; | ||
if (properties.getPrincipalAttribute() != null) { | ||
claimName = properties.getPrincipalAttribute(); | ||
} | ||
return jwt.getClaim(claimName); | ||
} | ||
} |
16 changes: 16 additions & 0 deletions
16
src/main/java/de/caritas/cob/consultingtypeservice/api/auth/JwtAuthConverterProperties.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package de.caritas.cob.consultingtypeservice.api.auth; | ||
|
||
import lombok.Data; | ||
import org.springframework.boot.context.properties.ConfigurationProperties; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.validation.annotation.Validated; | ||
|
||
@Data | ||
@Validated | ||
@Configuration | ||
@ConfigurationProperties(prefix = "jwt.auth.converter") | ||
public class JwtAuthConverterProperties { | ||
|
||
private String resourceId; | ||
private String principalAttribute; | ||
} |
Oops, something went wrong.