Last active
November 10, 2016 15:47
-
-
Save dacrome/fd9a7792d023a9ff2445533ff9295f91 to your computer and use it in GitHub Desktop.
Use OSIAM with Spring Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
osiam: | |
endpoint: http://localhost:8080 | |
client: | |
id: example-client | |
secret: secret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.osiam.client.OsiamConnector; | |
import org.osiam.client.exception.OsiamRequestException; | |
import org.osiam.client.oauth.AccessToken; | |
import org.osiam.client.oauth.Scope; | |
import org.osiam.resources.scim.User; | |
import org.springframework.security.authentication.AuthenticationProvider; | |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | |
import org.springframework.security.core.Authentication; | |
import org.springframework.security.core.AuthenticationException; | |
import org.springframework.security.core.authority.SimpleGrantedAuthority; | |
import javax.servlet.http.HttpSession; | |
import java.util.List; | |
import java.util.stream.Collectors; | |
public class OsiamAuthenticationProvider implements AuthenticationProvider { | |
private final OsiamConnector osiamConnector; | |
private final HttpSession httpSession; | |
public OsiamAuthenticationProvider(OsiamConnector osiamConnector, | |
HttpSession httpSession) { | |
this.osiamConnector = osiamConnector; | |
this.httpSession = httpSession; | |
} | |
@Override | |
public Authentication authenticate(Authentication authentication) throws AuthenticationException { | |
String username = authentication.getName(); | |
String password = (String) authentication.getCredentials(); | |
try { | |
AccessToken accessToken = osiamConnector.retrieveAccessToken(username, password, Scope.ME); | |
httpSession.setAttribute("accessToken", accessToken); | |
User me = osiamConnector.getMe(accessToken); | |
List<SimpleGrantedAuthority> authorities = me.getRoles() | |
.stream() | |
.map(role -> new SimpleGrantedAuthority("ROLE_" + role)) | |
.collect(Collectors.toList()); | |
return new UsernamePasswordAuthenticationToken(me, null, authorities); | |
} catch (OsiamRequestException e) { | |
return null; | |
} | |
} | |
@Override | |
public boolean supports(Class<?> authentication) { | |
return authentication.equals(UsernamePasswordAuthenticationToken.class); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.osiam.client.OsiamConnector; | |
import org.springframework.beans.factory.annotation.Autowired; | |
import org.springframework.beans.factory.annotation.Value; | |
import org.springframework.context.annotation.Bean; | |
import org.springframework.context.annotation.Configuration; | |
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; | |
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | |
import javax.servlet.http.HttpSession; | |
@Configuration | |
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { | |
@Autowired | |
private OsiamAuthenticationProvider osiamAuthenticationProvider; | |
@Override | |
protected void configure(AuthenticationManagerBuilder auth) throws Exception { | |
auth.authenticationProvider(osiamAuthenticationProvider); | |
} | |
@Override | |
protected void configure(HttpSecurity http) throws Exception { | |
// @formatter:off | |
http | |
.csrf().disable() | |
.httpBasic() | |
.and() | |
.authorizeRequests() | |
.antMatchers("/").permitAll() | |
.antMatchers("/index.html").permitAll() | |
.antMatchers("/web/**").permitAll() | |
.anyRequest().authenticated(); | |
// @formatter:on | |
} | |
@Bean | |
public OsiamAuthenticationProvider authenticationProvider(OsiamConnector osiamConnector, | |
HttpSession httpSession) { | |
return new OsiamAuthenticationProvider(osiamConnector, httpSession); | |
} | |
@Bean | |
public OsiamConnector osiamConnector(@Value("${osiam.endpoint}") String endpoint, | |
@Value("${osiam.client.id}") String clientId, | |
@Value("${osiam.client.secret}") String clientSecret) { | |
return new OsiamConnector.Builder() | |
.withEndpoint(endpoint) | |
.setClientId(clientId) | |
.setClientSecret(clientSecret) | |
.build(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment