Merge branch 'RED-10106' into 'main'

Updated to latest tenant-commons

See merge request fforesight/keycloak-commons!14

.gitignore

@@ -39,3 +39,4 @@ gradle/
 
 **/.gradle
 **/build
+.DS_Store

build.gradle.kts

@@ -1,7 +1,6 @@
 plugins {
     `java-library`
     `maven-publish`
-    `kotlin-dsl`
     pmd
     checkstyle
     jacoco
@@ -12,12 +11,11 @@ plugins {
 val springVersion = "3.2.2";
 
 dependencies {
-    api("com.knecon.fforesight:tenant-commons:0.24.0")
+    api("com.knecon.fforesight:tenant-commons:0.31.0")
     api("org.springframework.boot:spring-boot-starter-oauth2-resource-server:${springVersion}")
     api("org.springframework.boot:spring-boot-starter-security:${springVersion}")
     api("org.springframework.boot:spring-boot-starter-web:${springVersion}")
     api("org.springframework.boot:spring-boot-configuration-processor:${springVersion}")
-    api("org.projectlombok:lombok:1.18.30")
     testImplementation("org.springframework.boot:spring-boot-starter-test:${springVersion}")
 }
 
@@ -81,7 +79,7 @@ tasks.named<Test>("test") {
 
 sonarqube {
     properties {
-        property("sonar.login", providers.gradleProperty("sonarToken").getOrNull())
+        providers.gradleProperty("sonarToken").getOrNull()?.let { property("sonar.login", it) }
         property("sonar.host.url", "https://sonarqube.knecon.com")
     }
 }
@@ -101,4 +99,4 @@ tasks.jacocoTestReport {
 
 java {
     withJavadocJar()
-}
+}

src/main/java/com/knecon/fforesight/keycloakcommons/security/SecuredKeyCloakConfiguration.java

@@ -59,11 +59,7 @@ public class SecuredKeyCloakConfiguration {
 
         http.anonymous().disable();
         http.httpBasic().disable();
-        http.csrf(csrf -> csrf.ignoringRequestMatchers("/redaction-gateway-v1/websocket/**"));
-        http.headers(headers -> headers
-                // allow same origin to frame our site to support iframe SockJS
-                .frameOptions(frameOptions -> frameOptions
-                                .sameOrigin()));
+        http.csrf().disable();
 
         http.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(tenantAuthenticationManagerResolver));
         http.authorizeHttpRequests().anyRequest().authenticated();
@@ -77,7 +73,7 @@ public class SecuredKeyCloakConfiguration {
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer(CommonsKeyCloakProperties commonsKeyCloakProperties) {
 
-        return (web) -> web.debug(true)
+        return (web) -> web.debug(false)
                 .ignoring()
                 .requestMatchers(commonsKeyCloakProperties.getIgnoredEndpoints().toArray(new String[0]))
                 .requestMatchers(HttpMethod.OPTIONS, "/**");

src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java

@@ -35,6 +35,18 @@ public class TenantAuthenticationManagerResolver implements AuthenticationManage
     }
 
 
+    public AuthenticationManager resolve(String token) {
+
+        return this.authenticationManagers.computeIfAbsent(toTenant(token), this::fromTenant);
+    }
+
+
+    private String toTenant(String token) {
+
+        return TokenUtils.toTenant(token);
+    }
+
+
     private String toTenant(HttpServletRequest request) {
 
         return TokenUtils.toTenant(this.resolver.resolve(request));

src/main/java/com/knecon/fforesight/keycloakcommons/security/WebsocketTenantAuthenticationManagerResolver.java

@@ -1,53 +0,0 @@
-package com.knecon.fforesight.keycloakcommons.security;
-
-import java.util.Map;
-import java.util.Optional;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationManagerResolver;
-import org.springframework.security.oauth2.jwt.JwtDecoder;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
-import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
-import org.springframework.stereotype.Component;
-
-import com.knecon.fforesight.tenantcommons.TenantProvider;
-
-import lombok.RequiredArgsConstructor;
-
-@Component
-@RequiredArgsConstructor
-public class WebsocketTenantAuthenticationManagerResolver implements AuthenticationManagerResolver<String> {
-
-    private final TenantProvider tenantProvider;
-    private final JwtDecoder jwtDecoder;
-    private final Map<String, AuthenticationManager> authenticationManagers = new ConcurrentHashMap<>();
-
-
-    @Override
-    public AuthenticationManager resolve(String token) {
-
-        return this.authenticationManagers.computeIfAbsent(toTenant(token), this::fromTenant);
-    }
-
-
-    private String toTenant(String token) {
-
-        return TokenUtils.toTenant(token);
-    }
-
-
-    private AuthenticationManager fromTenant(String tenant) {
-
-        return Optional.ofNullable(this.tenantProvider.getTenant(tenant)).map(tt ->
-
-        {
-            var provider = new JwtAuthenticationProvider(jwtDecoder);
-            var converter = new JwtAuthenticationConverter();
-            converter.setJwtGrantedAuthoritiesConverter(new CustomJwtAuthoritiesConverter(tt.getAuthDetails()));
-            provider.setJwtAuthenticationConverter(converter);
-            return provider;
-        }).orElseThrow(() -> new IllegalArgumentException("unknown tenant"))::authenticate;
-    }
-
-}