configure JwtAuthenticationConverter using properties

jhipster · May 21, 2024 · 87e381c · 87e381c
1 parent c53f00e
commit 87e381c
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 72 deletions.
diff --git a/...server/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs b/...server/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs
@@ -27,9 +27,6 @@ import static org.springframework.security.web.util.matcher.AntPathRequestMatche
 <%_ } _%>
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-<%_ if (authenticationTypeOauth2) { _%>
-import org.springframework.core.convert.converter.Converter;
-<%_ } _%>
 <%_ if (devDatabaseTypeH2Any) { _%>
 import org.springframework.core.env.Environment;
 import org.springframework.core.env.Profiles;
@@ -70,7 +67,6 @@ import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.P
 
 import <%= packageName %>.security.oauth2.AudienceValidator;
 import <%= packageName %>.security.SecurityUtils;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
@@ -79,7 +75,6 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.jwt.*;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.GrantedAuthority;
   <%_ if (!applicationTypeMicroservice) { _%>
@@ -103,9 +98,6 @@ import org.springframework.security.web.authentication.RememberMeServices;
 <%_ if (authenticationUsesCsrf && !applicationTypeMicroservice) { _%>
 import org.springframework.security.web.csrf.*;
 <%_ } _%>
-<%_ if (authenticationTypeOauth2) { _%>
-import <%= packageName %>.security.oauth2.JwtGrantedAuthorityConverter;
-<%_ } _%>
 <%_ if (authenticationTypeJwt) { _%>
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
 import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler;
@@ -292,9 +284,7 @@ public class SecurityConfiguration {
   <%_ } else { _%>
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
   <%_ } _%>
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .jwt(jwt -> jwt
-                    .jwtAuthenticationConverter(authenticationConverter())))
+            .oauth2ResourceServer(withDefaults())
             .oauth2Client(withDefaults());
 <%_ } _%>
 <%_ if (devDatabaseTypeH2Any) { _%>
@@ -315,13 +305,6 @@ public class SecurityConfiguration {
     }
 <%_ if (authenticationTypeOauth2) { _%>
 
-    Converter<Jwt, AbstractAuthenticationToken> authenticationConverter() {
-        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
-        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
-        jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
-        return jwtAuthenticationConverter;
-    }
-
     OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
         final OidcUserService delegate = new OidcUserService();
 

diff --git a/...s/server/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs b/...s/server/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs
@@ -24,9 +24,6 @@ import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.P
 
 import <%= packageName %>.security.SecurityUtils;
 import <%= packageName %>.security.oauth2.AudienceValidator;
-import <%= packageName %>.security.oauth2.JwtGrantedAuthorityConverter;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.beans.factory.annotation.Value;
 <%_ } _%>
 <%_ if (authenticationUsesCsrf) { _%>
@@ -42,7 +39,6 @@ import <%= packageName %>.web.filter.SpaWebFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 <%_ if (authenticationTypeOauth2) { _%>
-import org.springframework.core.convert.converter.Converter;
   <%_ if (!applicationTypeMicroservice) { _%>
 import org.springframework.core.ParameterizedTypeReference;
   <%_ } _%>
@@ -81,7 +77,6 @@ import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
 import org.springframework.security.oauth2.jwt.*;
-import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
 <%_ } _%>
 <%_ if (!authenticationTypeOauth2) { _%>
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
@@ -308,9 +303,7 @@ public class SecurityConfiguration {
             .oauth2Login(oauth2 -> oauth2.authorizationRequestResolver(authorizationRequestResolver(this.clientRegistrationRepository)))
   <%_ } _%>
             .oauth2Client(withDefaults())
-            .oauth2ResourceServer(oauth2 -> oauth2
-                .jwt(jwt -> jwt
-                    .jwtAuthenticationConverter(jwtAuthenticationConverter())));
+            .oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()));
 <%_ } else if (authenticationTypeJwt) { _%>
             .httpBasic(basic -> basic.disable())
             .oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()));
@@ -338,13 +331,6 @@ public class SecurityConfiguration {
     }
   <%_ } _%>
 
-    Converter<Jwt, Mono<AbstractAuthenticationToken>> jwtAuthenticationConverter() {
-        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
-        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
-        jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
-        return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
-    }
-
     /**
      * Map authorities from "groups" or "roles" claim in ID Token.
      *

diff --git a/generators/server/templates/src/main/java/_package_/config/SecurityJwtConfiguration.java.ejs b/generators/server/templates/src/main/java/_package_/config/SecurityJwtConfiguration.java.ejs
@@ -35,11 +35,6 @@ import org.springframework.security.oauth2.jwt.<%= reactive ? 'Reactive' : '' %>
 import org.springframework.security.oauth2.jwt.JwtEncoder;
 import org.springframework.security.oauth2.jwt.Nimbus<%= reactive ? 'Reactive' : '' %>JwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
-import org.springframework.security.oauth2.server.resource.authentication.<%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter;
-import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
-<%_ if (reactive) { _%>
-import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter;
-<%_ } _%>
 <%_ if (communicationSpringWebsocket) { %>
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
@@ -113,21 +108,6 @@ public class SecurityJwtConfiguration {
         return new NimbusJwtEncoder(new ImmutableSecret<>(getSecretKey()));
     }
 
-    @Bean
-    public <%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter jwtAuthenticationConverter() {
-        JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
-        grantedAuthoritiesConverter.setAuthorityPrefix("");
-        grantedAuthoritiesConverter.setAuthoritiesClaimName(AUTHORITIES_KEY);
-
-        <%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter jwtAuthenticationConverter = new <%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter();
-<%_ if (reactive) { %>
-        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new ReactiveJwtGrantedAuthoritiesConverterAdapter(grantedAuthoritiesConverter));
-<%_ } else { _%>
-        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
-<%_ } _%>
-        return jwtAuthenticationConverter;
-    }
-
 <%_ if (communicationSpringWebsocket) { %>
     @Bean
     public BearerTokenResolver bearerTokenResolver() {

diff --git a/generators/server/templates/src/main/resources/config/application.yml.ejs b/generators/server/templates/src/main/resources/config/application.yml.ejs
@@ -335,14 +335,43 @@ spring:
   <% if (reactive) { %>webflux<% } else { %>mvc<% } %>:
     problemdetails:
       enabled: true
-<%_ if (generateInMemoryUserCredentials) { _%>
+<%_ if (generateInMemoryUserCredentials || authenticationTypeOauth2 || authenticationTypeJwt) { _%>
   security:
+  <%_ if (generateInMemoryUserCredentials) { _%>
     user:
       name: admin
       password: admin
       roles:
         - ADMIN
         - USER
+  <%_ } _%>
+  <%_ if (authenticationTypeOauth2) { _%>
+    oauth2:
+      client:
+        provider:
+          oidc:
+            issuer-uri: http://localhost:9080/realms/jhipster
+        registration:
+          oidc:
+    <%_ if (applicationTypeMicroservice) { _%>
+            client-id: internal
+            client-secret: internal
+    <%_ } else { _%>
+            client-id: web_app
+            client-secret: web_app
+    <%_ } _%>
+            scope: openid, profile, email, offline_access # last one for refresh tokens
+      resourceserver:
+        jwt:
+          principal-claim-name: preferred_username
+  <%_ } _%>
+  <%_ if (authenticationTypeJwt) { _%>
+    oauth2:
+      resourceserver:
+        jwt:
+          authority-prefix: ''
+          authorities-claim-name: auth
+  <%_ } _%>
 <%_ } _%>
   task:
     execution:
@@ -360,24 +389,6 @@ spring:
   output:
     ansi:
       console-available: true
-<%_ if (authenticationTypeOauth2) { _%>
-  security:
-    oauth2:
-      client:
-        provider:
-          oidc:
-            issuer-uri: http://localhost:9080/realms/jhipster
-        registration:
-          oidc:
-  <%_ if (applicationTypeMicroservice) { _%>
-            client-id: internal
-            client-secret: internal
-  <%_ } else { _%>
-            client-id: web_app
-            client-secret: web_app
-  <%_ } _%>
-            scope: openid, profile, email, offline_access # last one for refresh tokens
-<%_ } _%>
 
 server:
   servlet: