Skip to content

Commit

Permalink
configure JwtAuthenticationConverter using properties
Browse files Browse the repository at this point in the history
  • Loading branch information
mshima committed May 21, 2024
1 parent c53f00e commit f0d3f2b
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 72 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,6 @@ import static org.springframework.security.web.util.matcher.AntPathRequestMatche
<%_ } _%>
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
<%_ if (authenticationTypeOauth2) { _%>
import org.springframework.core.convert.converter.Converter;
<%_ } _%>
<%_ if (devDatabaseTypeH2Any) { _%>
import org.springframework.core.env.Environment;
import org.springframework.core.env.Profiles;
Expand Down Expand Up @@ -70,7 +67,6 @@ import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.P
import <%= packageName %>.security.oauth2.AudienceValidator;
import <%= packageName %>.security.SecurityUtils;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
Expand All @@ -79,7 +75,6 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.jwt.*;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.GrantedAuthority;
<%_ if (!applicationTypeMicroservice) { _%>
Expand All @@ -103,9 +98,6 @@ import org.springframework.security.web.authentication.RememberMeServices;
<%_ if (authenticationUsesCsrf && !applicationTypeMicroservice) { _%>
import org.springframework.security.web.csrf.*;
<%_ } _%>
<%_ if (authenticationTypeOauth2) { _%>
import <%= packageName %>.security.oauth2.JwtGrantedAuthorityConverter;
<%_ } _%>
<%_ if (authenticationTypeJwt) { _%>
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler;
Expand Down Expand Up @@ -292,9 +284,7 @@ public class SecurityConfiguration {
<%_ } else { _%>
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
<%_ } _%>
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwtAuthenticationConverter(authenticationConverter())))
.oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()));
.oauth2Client(withDefaults());
<%_ } _%>
<%_ if (devDatabaseTypeH2Any) { _%>
Expand All @@ -315,13 +305,6 @@ public class SecurityConfiguration {
}
<%_ if (authenticationTypeOauth2) { _%>
Converter<Jwt, AbstractAuthenticationToken> authenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
return jwtAuthenticationConverter;
}
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
final OidcUserService delegate = new OidcUserService();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,6 @@ import static org.springframework.security.oauth2.core.oidc.StandardClaimNames.P
import <%= packageName %>.security.SecurityUtils;
import <%= packageName %>.security.oauth2.AudienceValidator;
import <%= packageName %>.security.oauth2.JwtGrantedAuthorityConverter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.beans.factory.annotation.Value;
<%_ } _%>
<%_ if (authenticationUsesCsrf) { _%>
Expand All @@ -42,7 +39,6 @@ import <%= packageName %>.web.filter.SpaWebFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
<%_ if (authenticationTypeOauth2) { _%>
import org.springframework.core.convert.converter.Converter;
<%_ if (!applicationTypeMicroservice) { _%>
import org.springframework.core.ParameterizedTypeReference;
<%_ } _%>
Expand Down Expand Up @@ -81,7 +77,6 @@ import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.jwt.*;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
<%_ } _%>
<%_ if (!authenticationTypeOauth2) { _%>
import org.springframework.security.authentication.ReactiveAuthenticationManager;
Expand Down Expand Up @@ -308,9 +303,7 @@ public class SecurityConfiguration {
.oauth2Login(oauth2 -> oauth2.authorizationRequestResolver(authorizationRequestResolver(this.clientRegistrationRepository)))
<%_ } _%>
.oauth2Client(withDefaults())
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwtAuthenticationConverter(jwtAuthenticationConverter())));
.oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()));
<%_ } else if (authenticationTypeJwt) { _%>
.httpBasic(basic -> basic.disable())
.oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()));
Expand Down Expand Up @@ -338,13 +331,6 @@ public class SecurityConfiguration {
}
<%_ } _%>
Converter<Jwt, Mono<AbstractAuthenticationToken>> jwtAuthenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
jwtAuthenticationConverter.setPrincipalClaimName(PREFERRED_USERNAME);
return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
}
/**
* Map authorities from "groups" or "roles" claim in ID Token.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,6 @@ import org.springframework.security.oauth2.jwt.<%= reactive ? 'Reactive' : '' %>
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.Nimbus<%= reactive ? 'Reactive' : '' %>JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
import org.springframework.security.oauth2.server.resource.authentication.<%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
<%_ if (reactive) { _%>
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter;
<%_ } _%>
<%_ if (communicationSpringWebsocket) { %>
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
Expand Down Expand Up @@ -113,21 +108,6 @@ public class SecurityJwtConfiguration {
return new NimbusJwtEncoder(new ImmutableSecret<>(getSecretKey()));
}

@Bean
public <%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
grantedAuthoritiesConverter.setAuthorityPrefix("");
grantedAuthoritiesConverter.setAuthoritiesClaimName(AUTHORITIES_KEY);

<%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter jwtAuthenticationConverter = new <%= reactive ? 'Reactive' : '' %>JwtAuthenticationConverter();
<%_ if (reactive) { %>
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new ReactiveJwtGrantedAuthoritiesConverterAdapter(grantedAuthoritiesConverter));
<%_ } else { _%>
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
<%_ } _%>
return jwtAuthenticationConverter;
}

<%_ if (communicationSpringWebsocket) { %>
@Bean
public BearerTokenResolver bearerTokenResolver() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -335,14 +335,43 @@ spring:
<% if (reactive) { %>webflux<% } else { %>mvc<% } %>:
problemdetails:
enabled: true
<%_ if (generateInMemoryUserCredentials) { _%>
<%_ if (generateInMemoryUserCredentials || authenticationTypeOauth2 || authenticationTypeJwt) { _%>
security:
<%_ if (generateInMemoryUserCredentials) { _%>
user:
name: admin
password: admin
roles:
- ADMIN
- USER
<%_ } _%>
<%_ if (authenticationTypeOauth2) { _%>
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/realms/jhipster
registration:
oidc:
<%_ if (applicationTypeMicroservice) { _%>
client-id: internal
client-secret: internal
<%_ } else { _%>
client-id: web_app
client-secret: web_app
<%_ } _%>
scope: openid, profile, email, offline_access # last one for refresh tokens
resourceserver:
jwt:
principal-claim-name: preferred_username
<%_ } _%>
<%_ if (authenticationTypeJwt) { _%>
oauth2:
resourceserver:
jwt:
authority-prefix: ''
authorities-claim-name: auth
<%_ } _%>
<%_ } _%>
task:
execution:
Expand All @@ -360,24 +389,6 @@ spring:
output:
ansi:
console-available: true
<%_ if (authenticationTypeOauth2) { _%>
security:
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/realms/jhipster
registration:
oidc:
<%_ if (applicationTypeMicroservice) { _%>
client-id: internal
client-secret: internal
<%_ } else { _%>
client-id: web_app
client-secret: web_app
<%_ } _%>
scope: openid, profile, email, offline_access # last one for refresh tokens
<%_ } _%>

server:
servlet:
Expand Down

0 comments on commit f0d3f2b

Please sign in to comment.