debug

.gitignore

@@ -39,4 +39,3 @@ gradle/
 
 **/.gradle
 **/build
-.DS_Store

build.gradle.kts

@@ -1,6 +1,7 @@
 plugins {
     `java-library`
     `maven-publish`
+    `kotlin-dsl`
     pmd
     checkstyle
     jacoco
@@ -11,11 +12,12 @@ plugins {
 val springVersion = "3.2.2";
 
 dependencies {
-    api("com.knecon.fforesight:tenant-commons:0.31.0")
+    api("com.knecon.fforesight:tenant-commons:0.24.0")
     api("org.springframework.boot:spring-boot-starter-oauth2-resource-server:${springVersion}")
     api("org.springframework.boot:spring-boot-starter-security:${springVersion}")
     api("org.springframework.boot:spring-boot-starter-web:${springVersion}")
     api("org.springframework.boot:spring-boot-configuration-processor:${springVersion}")
+    api("org.projectlombok:lombok:1.18.30")
     testImplementation("org.springframework.boot:spring-boot-starter-test:${springVersion}")
 }
 
@@ -79,7 +81,7 @@ tasks.named<Test>("test") {
 
 sonarqube {
     properties {
-        providers.gradleProperty("sonarToken").getOrNull()?.let { property("sonar.login", it) }
+        property("sonar.login", providers.gradleProperty("sonarToken").getOrNull())
         property("sonar.host.url", "https://sonarqube.knecon.com")
     }
 }
@@ -99,4 +101,4 @@ tasks.jacocoTestReport {
 
 java {
     withJavadocJar()
-}
+}

src/main/java/com/knecon/fforesight/keycloakcommons/security/SecuredKeyCloakConfiguration.java

@@ -59,7 +59,11 @@ public class SecuredKeyCloakConfiguration {
 
         http.anonymous().disable();
         http.httpBasic().disable();
-        http.csrf().disable();
+        http.csrf(csrf -> csrf.ignoringRequestMatchers("/redaction-gateway-v1/websocket/**"));
+        http.headers(headers -> headers
+                // allow same origin to frame our site to support iframe SockJS
+                .frameOptions(frameOptions -> frameOptions
+                                .sameOrigin()));
 
         http.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(tenantAuthenticationManagerResolver));
         http.authorizeHttpRequests().anyRequest().authenticated();
@@ -73,7 +77,7 @@ public class SecuredKeyCloakConfiguration {
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer(CommonsKeyCloakProperties commonsKeyCloakProperties) {
 
-        return (web) -> web.debug(false)
+        return (web) -> web.debug(true)
                 .ignoring()
                 .requestMatchers(commonsKeyCloakProperties.getIgnoredEndpoints().toArray(new String[0]))
                 .requestMatchers(HttpMethod.OPTIONS, "/**");

src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java

@@ -1,5 +1,6 @@
 package com.knecon.fforesight.keycloakcommons.security;
 
+import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ConcurrentHashMap;
@@ -7,6 +8,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.jwt.JwtDecoders;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
@@ -35,18 +37,6 @@ public class TenantAuthenticationManagerResolver implements AuthenticationManage
     }
 
 
-    public AuthenticationManager resolve(String token) {
-
-        return this.authenticationManagers.computeIfAbsent(toTenant(token), this::fromTenant);
-    }
-
-
-    private String toTenant(String token) {
-
-        return TokenUtils.toTenant(token);
-    }
-
-
     private String toTenant(HttpServletRequest request) {
 
         return TokenUtils.toTenant(this.resolver.resolve(request));