Last active
May 31, 2021 07:31
-
-
Save senthilsivanath/4ff8906d0e5dc89414d7cc27954cb96f to your computer and use it in GitHub Desktop.
Auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.beans.factory.annotation.Autowired | |
| import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager | |
| import org.springframework.security.core.Authentication | |
| import org.springframework.security.core.userdetails.ReactiveUserDetailsService | |
| import org.springframework.security.web.server.authentication.AuthenticationWebFilter | |
| import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository | |
| import org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher | |
| import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers | |
| import org.springframework.stereotype.Component | |
| import reactor.core.publisher.Mono | |
| @Component | |
| class AppSecurityConfig { | |
| @Autowired | |
| private lateinit var jwtAuthenticationConverter: JwtAuthenticationConverter | |
| @Autowired | |
| private lateinit var userDetailsService: ReactiveUserDetailsService | |
| class CustomReactiveAuthenticationManager(userDetailsService: ReactiveUserDetailsService?) : UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService) { | |
| override fun authenticate(authentication: Authentication): Mono<Authentication> { | |
| return if (authentication.isAuthenticated) { | |
| Mono.just(authentication) | |
| } else super.authenticate(authentication) | |
| } | |
| } | |
| fun authenticationWebFilter(): AuthenticationWebFilter? { | |
| val authenticationWebFilter = AuthenticationWebFilter(CustomReactiveAuthenticationManager(userDetailsService)) | |
| authenticationWebFilter.setServerAuthenticationConverter(jwtAuthenticationConverter) | |
| authenticationWebFilter.setRequiresAuthenticationMatcher((NegatedServerWebExchangeMatcher(ServerWebExchangeMatchers.pathMatchers("SOMEURL")))) | |
| authenticationWebFilter.setSecurityContextRepository(NoOpServerSecurityContextRepository.getInstance()) | |
| return authenticationWebFilter | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Configuration | |
| class JwtAuthenticationConverter : ServerAuthenticationConverter { | |
| private val logger = KotlinLogging.logger {} | |
| @Autowired | |
| private lateinit var tokenProvider: TokenProvider | |
| override fun convert(exchange: ServerWebExchange): Mono<Authentication> { | |
| return mono { | |
| try { | |
| val token = getBearerToken(exchange) | |
| val authentication = tokenProvider.getAuthentication(token) | |
| authentication | |
| } catch (e: Exception) { | |
| logger.error("Exception while processing auth", e) | |
| throw UnauthorizedException() | |
| } | |
| } | |
| } | |
| private suspend fun getBearerToken(exchange: ServerWebExchange): String { | |
| val authToken = exchange.request.headers.getFirst(HttpHeaders.AUTHORIZATION)!! | |
| try { | |
| // Verify okta token | |
| } catch (e: InvalidTokenException // Replace with right exception) { | |
| logger.error("Exception while processing auth", e) | |
| throw UnauthorizedException() | |
| } | |
| return authToken | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.beans.factory.annotation.Autowired | |
| import org.springframework.context.annotation.Bean | |
| import org.springframework.context.annotation.Configuration | |
| import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity | |
| import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity | |
| import org.springframework.security.config.web.server.SecurityWebFiltersOrder | |
| import org.springframework.security.config.web.server.ServerHttpSecurity | |
| import org.springframework.security.web.server.SecurityWebFilterChain | |
| import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository | |
| import org.springframework.security.web.server.savedrequest.NoOpServerRequestCache | |
| import sh.radical.auth.configurations.RadicalSecurityConfig | |
| import sh.radical.orderservice.utils.PLAYGROUND_URL | |
| @Configuration | |
| @EnableWebFluxSecurity | |
| @EnableReactiveMethodSecurity | |
| class SecurityConfig { | |
| @Autowired | |
| private lateinit var appSecurityConfig: AppSecurityConfig | |
| @Bean | |
| fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain? { | |
| return http | |
| .requestCache().requestCache(NoOpServerRequestCache.getInstance()).and() | |
| .csrf().disable() | |
| .authorizeExchange() | |
| .and() | |
| .httpBasic().disable() | |
| .formLogin().disable() | |
| .authorizeExchange() | |
| .pathMatchers(PLAYGROUND_URL).permitAll() | |
| .anyExchange().authenticated() | |
| .and() | |
| .addFilterAt(appSecurityConfig.authenticationWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION) | |
| .securityContextRepository(NoOpServerSecurityContextRepository.getInstance()) | |
| .build() | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| val context = ReactiveSecurityContextHolder.getContext().awaitSingle() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import com.fasterxml.jackson.databind.ObjectMapper | |
| import com.fasterxml.jackson.module.kotlin.readValue | |
| import com.nimbusds.jwt.SignedJWT | |
| import org.springframework.beans.factory.annotation.Autowired | |
| import org.springframework.context.annotation.Configuration | |
| import org.springframework.security.authentication.UsernamePasswordAuthenticationToken | |
| import org.springframework.security.core.Authentication | |
| import org.springframework.security.core.GrantedAuthority | |
| import org.springframework.security.core.authority.SimpleGrantedAuthority | |
| import org.springframework.security.core.userdetails.User | |
| import sh.radical.auth.keycloak.entities.AccessToken | |
| import java.util.stream.Collectors | |
| @Configuration | |
| class TokenProvider { | |
| @Autowired | |
| lateinit var objectMapper: ObjectMapper | |
| @Autowired | |
| lateinit var authProperties: AuthProperties | |
| fun getAuthentication(token: String): Authentication { | |
| val payload = SignedJWT.parse(token).payload.toString() | |
| val accessToken = objectMapper.readValue<AccessToken>(payload) | |
| var authoritiesData = listOf<String>() | |
| accessToken.resourceAccess?.get(authProperties.clientName)?.let { | |
| authoritiesData = authoritiesData.plus(it.roles) | |
| } | |
| accessToken.authorization?.let { | |
| it.permissions[0].claims.scopes?.let { scopes -> | |
| authoritiesData = authoritiesData.plus(scopes) | |
| } | |
| it.permissions[0].scopes?.let { scopes -> | |
| authoritiesData = authoritiesData.plus(scopes) | |
| } | |
| } | |
| val authorities: Collection<GrantedAuthority?> = authoritiesData.stream() | |
| .map { role: String? -> SimpleGrantedAuthority(role) } | |
| .collect(Collectors.toList()) | |
| val userId = accessToken.sub | |
| val principal = User(userId, "", authorities) | |
| return UsernamePasswordAuthenticationToken(principal, token, authorities) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment