Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
576f1f8159 | ||
|
|
6894f0f61c | ||
|
|
04807ab9eb | ||
|
|
e11cb8149e |
@ -59,7 +59,11 @@ public class SecuredKeyCloakConfiguration {
|
|||||||
|
|
||||||
http.anonymous().disable();
|
http.anonymous().disable();
|
||||||
http.httpBasic().disable();
|
http.httpBasic().disable();
|
||||||
http.csrf().disable();
|
http.csrf(csrf -> csrf.ignoringRequestMatchers("/redaction-gateway-v1/websocket/**"));
|
||||||
|
http.headers(headers -> headers
|
||||||
|
// allow same origin to frame our site to support iframe SockJS
|
||||||
|
.frameOptions(frameOptions -> frameOptions
|
||||||
|
.sameOrigin()));
|
||||||
|
|
||||||
http.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(tenantAuthenticationManagerResolver));
|
http.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(tenantAuthenticationManagerResolver));
|
||||||
http.authorizeHttpRequests().anyRequest().authenticated();
|
http.authorizeHttpRequests().anyRequest().authenticated();
|
||||||
@ -73,7 +77,7 @@ public class SecuredKeyCloakConfiguration {
|
|||||||
@Bean
|
@Bean
|
||||||
public WebSecurityCustomizer webSecurityCustomizer(CommonsKeyCloakProperties commonsKeyCloakProperties) {
|
public WebSecurityCustomizer webSecurityCustomizer(CommonsKeyCloakProperties commonsKeyCloakProperties) {
|
||||||
|
|
||||||
return (web) -> web.debug(false)
|
return (web) -> web.debug(true)
|
||||||
.ignoring()
|
.ignoring()
|
||||||
.requestMatchers(commonsKeyCloakProperties.getIgnoredEndpoints().toArray(new String[0]))
|
.requestMatchers(commonsKeyCloakProperties.getIgnoredEndpoints().toArray(new String[0]))
|
||||||
.requestMatchers(HttpMethod.OPTIONS, "/**");
|
.requestMatchers(HttpMethod.OPTIONS, "/**");
|
||||||
|
|||||||
@ -1,6 +1,5 @@
|
|||||||
package com.knecon.fforesight.keycloakcommons.security;
|
package com.knecon.fforesight.keycloakcommons.security;
|
||||||
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
@ -8,7 +7,6 @@ import java.util.concurrent.ConcurrentHashMap;
|
|||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
||||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||||
import org.springframework.security.oauth2.jwt.JwtDecoders;
|
|
||||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
|
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
|
||||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
|
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
|
||||||
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
|
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
|
||||||
|
|||||||
@ -0,0 +1,53 @@
|
|||||||
|
package com.knecon.fforesight.keycloakcommons.security;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Optional;
|
||||||
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
|
|
||||||
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
||||||
|
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||||
|
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
|
||||||
|
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import com.knecon.fforesight.tenantcommons.TenantProvider;
|
||||||
|
|
||||||
|
import lombok.RequiredArgsConstructor;
|
||||||
|
|
||||||
|
@Component
|
||||||
|
@RequiredArgsConstructor
|
||||||
|
public class WebsocketTenantAuthenticationManagerResolver implements AuthenticationManagerResolver<String> {
|
||||||
|
|
||||||
|
private final TenantProvider tenantProvider;
|
||||||
|
private final JwtDecoder jwtDecoder;
|
||||||
|
private final Map<String, AuthenticationManager> authenticationManagers = new ConcurrentHashMap<>();
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public AuthenticationManager resolve(String token) {
|
||||||
|
|
||||||
|
return this.authenticationManagers.computeIfAbsent(toTenant(token), this::fromTenant);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private String toTenant(String token) {
|
||||||
|
|
||||||
|
return TokenUtils.toTenant(token);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private AuthenticationManager fromTenant(String tenant) {
|
||||||
|
|
||||||
|
return Optional.ofNullable(this.tenantProvider.getTenant(tenant)).map(tt ->
|
||||||
|
|
||||||
|
{
|
||||||
|
var provider = new JwtAuthenticationProvider(jwtDecoder);
|
||||||
|
var converter = new JwtAuthenticationConverter();
|
||||||
|
converter.setJwtGrantedAuthoritiesConverter(new CustomJwtAuthoritiesConverter(tt.getAuthDetails()));
|
||||||
|
provider.setJwtAuthenticationConverter(converter);
|
||||||
|
return provider;
|
||||||
|
}).orElseThrow(() -> new IllegalArgumentException("unknown tenant"))::authenticate;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user