added keycloak authentification and account
This commit is contained in:
Mahgs
@ -1,81 +0,0 @@
|
||||
package mops.gruppen2.Security;
|
||||
|
||||
import org.keycloak.KeycloakPrincipal;
|
||||
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
|
||||
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
||||
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.*;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
|
||||
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
||||
KeycloakAuthenticationProvider keycloakAuthenticationProvider
|
||||
= keycloakAuthenticationProvider();
|
||||
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
|
||||
auth.authenticationProvider(keycloakAuthenticationProvider);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||
return new RegisterSessionAuthenticationStrategy(
|
||||
new SessionRegistryImpl());
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
|
||||
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||
public AccessToken getAccessToken() {
|
||||
HttpServletRequest request =
|
||||
((ServletRequestAttributes) RequestContextHolder
|
||||
.currentRequestAttributes()).getRequest();
|
||||
return ((KeycloakPrincipal) request.getUserPrincipal())
|
||||
.getKeycloakSecurityContext().getToken();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
super.configure(http);
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/actuator/**")
|
||||
.hasRole("monitoring")
|
||||
.anyRequest()
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
/**
|
||||
* Declaring this class enables us to use the Spring specific
|
||||
* {@link org.springframework.security.access.annotation.Secured} annotation
|
||||
* or the JSR-250 Java Standard
|
||||
* {@link javax.annotation.security.RolesAllowed} annotation
|
||||
* for Role-based authorization
|
||||
*/
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(
|
||||
prePostEnabled = true,
|
||||
securedEnabled = true,
|
||||
jsr250Enabled = true)
|
||||
public static class MethodSecurityConfig
|
||||
extends GlobalMethodSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
@ -1,15 +1,24 @@
|
||||
package mops.gruppen2.controllers;
|
||||
|
||||
import mops.gruppen2.Security.Account;
|
||||
import javax.annotation.security.RolesAllowed;
|
||||
import mops.gruppen2.security.Account;
|
||||
import org.keycloak.KeycloakPrincipal;
|
||||
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.context.annotation.Scope;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.context.annotation.SessionScope;
|
||||
|
||||
@SessionScope
|
||||
@Controller
|
||||
public class Gruppen2Controller {
|
||||
/**
|
||||
* Creates an Account.
|
||||
*
|
||||
* @param token
|
||||
* @return Account with current userdata
|
||||
*/
|
||||
private Account createAccountFromPrincipal(KeycloakAuthenticationToken token) {
|
||||
KeycloakPrincipal principal = (KeycloakPrincipal) token.getPrincipal();
|
||||
return new Account(
|
||||
@ -20,13 +29,17 @@ public class Gruppen2Controller {
|
||||
token.getAccount().getRoles());
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param token
|
||||
* @param model
|
||||
* @return index.html
|
||||
*/
|
||||
@GetMapping("/")
|
||||
@Secured("ROLE_Orga")
|
||||
@RolesAllowed({"ROLE_Orga", "ROLE_studentin", "ROLE_actuator)"})
|
||||
public String index(KeycloakAuthenticationToken token, Model model) {
|
||||
if (token != null) {
|
||||
|
||||
model.addAttribute("account", createAccountFromPrincipal(token));
|
||||
|
||||
}
|
||||
return "index";
|
||||
}
|
||||
|
||||
@ -1,9 +1,8 @@
|
||||
package mops.gruppen2.Security;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
package mops.gruppen2.security;
|
||||
|
||||
import java.util.Set;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
@ -1,6 +1,5 @@
|
||||
package mops.gruppen2.Security;
|
||||
package mops.gruppen2.security;
|
||||
|
||||
import mops.gruppen2.Security.SecurityConfig;
|
||||
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
@ -13,7 +12,7 @@ import org.springframework.context.annotation.Configuration;
|
||||
@Configuration
|
||||
public class KeycloakConfig {
|
||||
@Bean
|
||||
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
|
||||
public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
|
||||
return new KeycloakSpringBootConfigResolver();
|
||||
}
|
||||
}
|
||||
84
src/main/java/mops/gruppen2/security/SecurityConfig.java
Normal file
84
src/main/java/mops/gruppen2/security/SecurityConfig.java
Normal file
@ -0,0 +1,84 @@
|
||||
package mops.gruppen2.security;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.keycloak.KeycloakPrincipal;
|
||||
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
|
||||
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
||||
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Scope;
|
||||
import org.springframework.context.annotation.ScopedProxyMode;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
|
||||
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
||||
KeycloakAuthenticationProvider keycloakAuthenticationProvider
|
||||
= keycloakAuthenticationProvider();
|
||||
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
|
||||
auth.authenticationProvider(keycloakAuthenticationProvider);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||
return new RegisterSessionAuthenticationStrategy(
|
||||
new SessionRegistryImpl());
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
|
||||
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||
public AccessToken getAccessToken() {
|
||||
HttpServletRequest request =
|
||||
((ServletRequestAttributes) RequestContextHolder
|
||||
.currentRequestAttributes()).getRequest();
|
||||
return ((KeycloakPrincipal) request.getUserPrincipal())
|
||||
.getKeycloakSecurityContext().getToken();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
super.configure(http);
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/actuator/**")
|
||||
.hasRole("monitoring")
|
||||
.anyRequest()
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
/**
|
||||
* Declaring this class enables us to use the Spring specific
|
||||
* {@link org.springframework.security.access.annotation.Secured} annotation
|
||||
* or the JSR-250 Java Standard
|
||||
* {@link javax.annotation.security.RolesAllowed} annotation
|
||||
* for Role-based authorization.
|
||||
**/
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(
|
||||
prePostEnabled = true,
|
||||
securedEnabled = true,
|
||||
jsr250Enabled = true)
|
||||
public static class MethodSecurityConfig
|
||||
extends GlobalMethodSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user