From 576f1f81593924047fff4785042cbee7bcd846e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominique=20Eifl=C3=A4nder?= Date: Fri, 17 May 2024 14:57:54 +0200 Subject: [PATCH] AuthResolver --- .../TenantAuthenticationManagerResolver.java | 2 - ...etTenantAuthenticationManagerResolver.java | 53 +++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/knecon/fforesight/keycloakcommons/security/WebsocketTenantAuthenticationManagerResolver.java diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java index 65a83a3..b1baead 100644 --- a/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java @@ -1,6 +1,5 @@ package com.knecon.fforesight.keycloakcommons.security; -import java.util.HashMap; import java.util.Map; import java.util.Optional; import java.util.concurrent.ConcurrentHashMap; @@ -8,7 +7,6 @@ import java.util.concurrent.ConcurrentHashMap; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManagerResolver; import org.springframework.security.oauth2.jwt.JwtDecoder; -import org.springframework.security.oauth2.jwt.JwtDecoders; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider; import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver; diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/WebsocketTenantAuthenticationManagerResolver.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/WebsocketTenantAuthenticationManagerResolver.java new file mode 100644 index 0000000..c416b15 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/WebsocketTenantAuthenticationManagerResolver.java @@ -0,0 +1,53 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import java.util.Map; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; + +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationManagerResolver; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider; +import org.springframework.stereotype.Component; + +import com.knecon.fforesight.tenantcommons.TenantProvider; + +import lombok.RequiredArgsConstructor; + +@Component +@RequiredArgsConstructor +public class WebsocketTenantAuthenticationManagerResolver implements AuthenticationManagerResolver { + + private final TenantProvider tenantProvider; + private final JwtDecoder jwtDecoder; + private final Map authenticationManagers = new ConcurrentHashMap<>(); + + + @Override + public AuthenticationManager resolve(String token) { + + return this.authenticationManagers.computeIfAbsent(toTenant(token), this::fromTenant); + } + + + private String toTenant(String token) { + + return TokenUtils.toTenant(token); + } + + + private AuthenticationManager fromTenant(String tenant) { + + return Optional.ofNullable(this.tenantProvider.getTenant(tenant)).map(tt -> + + { + var provider = new JwtAuthenticationProvider(jwtDecoder); + var converter = new JwtAuthenticationConverter(); + converter.setJwtGrantedAuthoritiesConverter(new CustomJwtAuthoritiesConverter(tt.getAuthDetails())); + provider.setJwtAuthenticationConverter(converter); + return provider; + }).orElseThrow(() -> new IllegalArgumentException("unknown tenant"))::authenticate; + } + +}