diff --git a/src/main/java/org/wikitolearn/midtier/course/config/SecurityConfiguration.java b/src/main/java/org/wikitolearn/midtier/course/config/SecurityConfiguration.java index 4fe0378..1596670 100644 --- a/src/main/java/org/wikitolearn/midtier/course/config/SecurityConfiguration.java +++ b/src/main/java/org/wikitolearn/midtier/course/config/SecurityConfiguration.java @@ -1,82 +1,42 @@ package org.wikitolearn.midtier.course.config; -import java.util.Map; -import java.util.Optional; - -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; -import org.springframework.security.oauth2.provider.token.TokenStore; -import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; -import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; -import org.springframework.web.client.RestTemplate; @Configuration @EnableResourceServer @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfiguration extends ResourceServerConfigurerAdapter { private final ResourceServerProperties resourceServerProperties; public SecurityConfiguration(ResourceServerProperties resourceServerProperties) { this.resourceServerProperties = resourceServerProperties; } @Override public void configure(HttpSecurity http) throws Exception { http .csrf() .disable(); http .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers(HttpMethod.GET, "/**").permitAll() .antMatchers("/**").authenticated(); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId(resourceServerProperties.getResourceId()); } - - @Bean - @ConditionalOnProperty("security.oauth2.resource.jwt.key-uri") - public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) { - return new JwtTokenStore(jwtAccessTokenConverter); - } - - @Bean - @ConditionalOnProperty("security.oauth2.resource.jwt.key-uri") - public JwtAccessTokenConverter jwtAccessTokenConverter() { - JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); - converter.setVerifierKey(getKeyFromAuthorizationServer()); - return converter; - } - - private String getKeyFromAuthorizationServer() { - return Optional.ofNullable( - new RestTemplate() - .exchange( - resourceServerProperties.getJwt().getKeyUri(), - HttpMethod.GET, - new HttpEntity(new HttpHeaders()), - Map.class - ) - .getBody() - .get("public_key")) - .map(publicKey -> String.format("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", publicKey)) - .orElse(resourceServerProperties.getJwt().getKeyValue()); - } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ba11b3c..86211e5 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,49 +1,51 @@ # Spring properties spring: application: name: CourseMidTier output: ansi: enabled: DETECT # Security properties security: oauth2: resource: user-info-uri: ${KEYCLOAK_URI}/auth/realms/${KEYCLOAK_AUTH_REALM}/protocol/openid-connect/userinfo token-info-uri: ${KEYCLOAK_URI}/auth/realms/${KEYCLOAK_AUTH_REALM}/protocol/openid-connect/token/introspect prefer-token-info: false - jwt: - key-uri: ${KEYCLOAK_URI}/auth/realms/${KEYCLOAK_AUTH_REALM} - +# jwt: +# key-uri: ${KEYCLOAK_URI}/auth/realms/${KEYCLOAK_AUTH_REALM} + jwk: + key-set-uri: ${KEYCLOAK_URI}/auth/realms/${KEYCLOAK_AUTH_REALM}/protocol/openid-connect/certs + # Springfox properties springfox: documentation: swagger: v2: path: /api-docs # Logging properties logging: pattern: file: '%d{"yyyy-MM-dd HH:mm:ss,SSS"} %-5level [%c] \(%thread\) : %msg%n' console: '%d{"yyyy-MM-dd HH:mm:ss,SSS"} %-5level [%c] \(%thread\) : %msg%n' # Server properties server: port: ${SERVICE_PORT} ssl: enabled: ${SSL_ENABLED} key-store: file:./app-keystore.jks key-store-password: changeme key-password: changeme trust-store: file:./app-truststore.jks trust-store-password: changeme client-auth: ${MTLS_STATUS} # Application properties application: clients: courses-backend: ${COURSES_BACKEND_URI}/v1 chapters-backend: ${CHAPTERS_BACKEND_URI}/v1 pages-backend: ${PAGES_BACKEND_URI}/v1 \ No newline at end of file