added keycloak authentification and account
This commit is contained in:
Mahgs
@ -1,81 +0,0 @@
|
|||||||
package mops.gruppen2.Security;
|
|
||||||
|
|
||||||
import org.keycloak.KeycloakPrincipal;
|
|
||||||
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
|
|
||||||
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
|
||||||
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
|
||||||
import org.keycloak.representations.AccessToken;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.*;
|
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
||||||
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
|
||||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
|
||||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
|
||||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
|
||||||
import org.springframework.web.context.WebApplicationContext;
|
|
||||||
import org.springframework.web.context.request.RequestContextHolder;
|
|
||||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
@EnableWebSecurity
|
|
||||||
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
|
|
||||||
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
|
||||||
KeycloakAuthenticationProvider keycloakAuthenticationProvider
|
|
||||||
= keycloakAuthenticationProvider();
|
|
||||||
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
|
|
||||||
auth.authenticationProvider(keycloakAuthenticationProvider);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
@Override
|
|
||||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
|
||||||
return new RegisterSessionAuthenticationStrategy(
|
|
||||||
new SessionRegistryImpl());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
|
|
||||||
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
|
||||||
public AccessToken getAccessToken() {
|
|
||||||
HttpServletRequest request =
|
|
||||||
((ServletRequestAttributes) RequestContextHolder
|
|
||||||
.currentRequestAttributes()).getRequest();
|
|
||||||
return ((KeycloakPrincipal) request.getUserPrincipal())
|
|
||||||
.getKeycloakSecurityContext().getToken();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
super.configure(http);
|
|
||||||
http.authorizeRequests()
|
|
||||||
.antMatchers("/actuator/**")
|
|
||||||
.hasRole("monitoring")
|
|
||||||
.anyRequest()
|
|
||||||
.permitAll();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Declaring this class enables us to use the Spring specific
|
|
||||||
* {@link org.springframework.security.access.annotation.Secured} annotation
|
|
||||||
* or the JSR-250 Java Standard
|
|
||||||
* {@link javax.annotation.security.RolesAllowed} annotation
|
|
||||||
* for Role-based authorization
|
|
||||||
*/
|
|
||||||
@Configuration
|
|
||||||
@EnableGlobalMethodSecurity(
|
|
||||||
prePostEnabled = true,
|
|
||||||
securedEnabled = true,
|
|
||||||
jsr250Enabled = true)
|
|
||||||
public static class MethodSecurityConfig
|
|
||||||
extends GlobalMethodSecurityConfiguration {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1,15 +1,24 @@
|
|||||||
package mops.gruppen2.controllers;
|
package mops.gruppen2.controllers;
|
||||||
|
|
||||||
import mops.gruppen2.Security.Account;
|
import javax.annotation.security.RolesAllowed;
|
||||||
|
import mops.gruppen2.security.Account;
|
||||||
import org.keycloak.KeycloakPrincipal;
|
import org.keycloak.KeycloakPrincipal;
|
||||||
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
|
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
|
||||||
import org.springframework.security.access.annotation.Secured;
|
import org.springframework.context.annotation.Scope;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.ui.Model;
|
import org.springframework.ui.Model;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.context.annotation.SessionScope;
|
||||||
|
|
||||||
|
@SessionScope
|
||||||
@Controller
|
@Controller
|
||||||
public class Gruppen2Controller {
|
public class Gruppen2Controller {
|
||||||
|
/**
|
||||||
|
* Creates an Account.
|
||||||
|
*
|
||||||
|
* @param token
|
||||||
|
* @return Account with current userdata
|
||||||
|
*/
|
||||||
private Account createAccountFromPrincipal(KeycloakAuthenticationToken token) {
|
private Account createAccountFromPrincipal(KeycloakAuthenticationToken token) {
|
||||||
KeycloakPrincipal principal = (KeycloakPrincipal) token.getPrincipal();
|
KeycloakPrincipal principal = (KeycloakPrincipal) token.getPrincipal();
|
||||||
return new Account(
|
return new Account(
|
||||||
@ -20,13 +29,17 @@ public class Gruppen2Controller {
|
|||||||
token.getAccount().getRoles());
|
token.getAccount().getRoles());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param token
|
||||||
|
* @param model
|
||||||
|
* @return index.html
|
||||||
|
*/
|
||||||
@GetMapping("/")
|
@GetMapping("/")
|
||||||
@Secured("ROLE_Orga")
|
@RolesAllowed({"ROLE_Orga", "ROLE_studentin", "ROLE_actuator)"})
|
||||||
public String index(KeycloakAuthenticationToken token, Model model) {
|
public String index(KeycloakAuthenticationToken token, Model model) {
|
||||||
if (token != null) {
|
if (token != null) {
|
||||||
|
|
||||||
model.addAttribute("account", createAccountFromPrincipal(token));
|
model.addAttribute("account", createAccountFromPrincipal(token));
|
||||||
|
|
||||||
}
|
}
|
||||||
return "index";
|
return "index";
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,9 +1,8 @@
|
|||||||
package mops.gruppen2.Security;
|
package mops.gruppen2.security;
|
||||||
|
|
||||||
import lombok.AllArgsConstructor;
|
|
||||||
import lombok.Getter;
|
|
||||||
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Getter;
|
||||||
|
|
||||||
@Getter
|
@Getter
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
@ -1,6 +1,5 @@
|
|||||||
package mops.gruppen2.Security;
|
package mops.gruppen2.security;
|
||||||
|
|
||||||
import mops.gruppen2.Security.SecurityConfig;
|
|
||||||
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
|
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
@ -12,8 +11,8 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
public class KeycloakConfig {
|
public class KeycloakConfig {
|
||||||
@Bean
|
@Bean
|
||||||
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
|
public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
|
||||||
return new KeycloakSpringBootConfigResolver();
|
return new KeycloakSpringBootConfigResolver();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
84
src/main/java/mops/gruppen2/security/SecurityConfig.java
Normal file
84
src/main/java/mops/gruppen2/security/SecurityConfig.java
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
package mops.gruppen2.security;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import org.keycloak.KeycloakPrincipal;
|
||||||
|
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
|
||||||
|
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
||||||
|
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
||||||
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Scope;
|
||||||
|
import org.springframework.context.annotation.ScopedProxyMode;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
||||||
|
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||||
|
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||||
|
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||||
|
import org.springframework.web.context.WebApplicationContext;
|
||||||
|
import org.springframework.web.context.request.RequestContextHolder;
|
||||||
|
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
|
||||||
|
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
||||||
|
KeycloakAuthenticationProvider keycloakAuthenticationProvider
|
||||||
|
= keycloakAuthenticationProvider();
|
||||||
|
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
|
||||||
|
auth.authenticationProvider(keycloakAuthenticationProvider);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@Override
|
||||||
|
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||||
|
return new RegisterSessionAuthenticationStrategy(
|
||||||
|
new SessionRegistryImpl());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
|
||||||
|
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||||
|
public AccessToken getAccessToken() {
|
||||||
|
HttpServletRequest request =
|
||||||
|
((ServletRequestAttributes) RequestContextHolder
|
||||||
|
.currentRequestAttributes()).getRequest();
|
||||||
|
return ((KeycloakPrincipal) request.getUserPrincipal())
|
||||||
|
.getKeycloakSecurityContext().getToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
super.configure(http);
|
||||||
|
http.authorizeRequests()
|
||||||
|
.antMatchers("/actuator/**")
|
||||||
|
.hasRole("monitoring")
|
||||||
|
.anyRequest()
|
||||||
|
.permitAll();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Declaring this class enables us to use the Spring specific
|
||||||
|
* {@link org.springframework.security.access.annotation.Secured} annotation
|
||||||
|
* or the JSR-250 Java Standard
|
||||||
|
* {@link javax.annotation.security.RolesAllowed} annotation
|
||||||
|
* for Role-based authorization.
|
||||||
|
**/
|
||||||
|
@Configuration
|
||||||
|
@EnableGlobalMethodSecurity(
|
||||||
|
prePostEnabled = true,
|
||||||
|
securedEnabled = true,
|
||||||
|
jsr250Enabled = true)
|
||||||
|
public static class MethodSecurityConfig
|
||||||
|
extends GlobalMethodSecurityConfiguration {
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user