VKR-QR-codes/qr-access-auth-server
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add authorization for admin

Browse Source
This commit is contained in:
kashiuno 2025-02-14 23:04:37 +03:00
parent 3cf19c23cb
commit 9c3957398f
2 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -13,6 +13,7 @@ build/
.settings .settings
.springBeans .springBeans
.sts4-cache .sts4-cache
.gigaide
bin/ bin/
!**/src/main/**/bin/ !**/src/main/**/bin/
!**/src/test/**/bin/ !**/src/test/**/bin/

57
src/main/kotlin/ru/vyatsu/qr_access_auth_server/SecurityConfig.kt
View File

@ -8,10 +8,15 @@ import com.nimbusds.jose.proc.SecurityContext
import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Configuration
import org.springframework.core.annotation.Order import org.springframework.core.annotation.Order
import org.springframework.http.MediaType
import org.springframework.jdbc.core.JdbcTemplate import org.springframework.jdbc.core.JdbcTemplate
import org.springframework.security.config.Customizer
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.crypto.factory.PasswordEncoderFactories
import org.springframework.security.oauth2.jwt.JwtDecoder import org.springframework.security.oauth2.jwt.JwtDecoder
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
@ -20,24 +25,48 @@ import org.springframework.security.oauth2.server.authorization.config.annotatio
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings
import org.springframework.security.provisioning.InMemoryUserDetailsManager import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.web.SecurityFilterChain import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
import java.security.KeyPair import java.security.KeyPair
import java.security.KeyPairGenerator import java.security.KeyPairGenerator
import java.security.interfaces.RSAPrivateKey import java.security.interfaces.RSAPrivateKey
import java.security.interfaces.RSAPublicKey import java.security.interfaces.RSAPublicKey
import java.util.* import java.util.*
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity(debug = true)
class SecurityConfig { class SecurityConfig {
@Bean
fun registeredClientRepository(operations: JdbcTemplate): RegisteredClientRepository {
return JdbcRegisteredClientRepository(operations)
}
@Bean @Bean
@Order(1) @Order(1)
@Throws(Exception::class) @Throws(java.lang.Exception::class)
fun authorizationServerSecurityFilterChain(http: HttpSecurity): SecurityFilterChain { fun authorizationServerSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
val authorizationServer = OAuth2AuthorizationServerConfigurer.authorizationServer() val authorizationServerConfigurer =
OAuth2AuthorizationServerConfigurer.authorizationServer()
http http
.securityMatcher(authorizationServer.endpointsMatcher) .securityMatcher(authorizationServerConfigurer.endpointsMatcher)
.with(authorizationServer) {} .with(
authorizationServerConfigurer
) { authorizationServer: OAuth2AuthorizationServerConfigurer ->
authorizationServer
.oidc(Customizer.withDefaults())
} // Enable OpenID Connect 1.0 <- potentially should be deleted
.authorizeHttpRequests { it.anyRequest().authenticated() } .authorizeHttpRequests { it.anyRequest().authenticated() }
.exceptionHandling { exceptions: ExceptionHandlingConfigurer<HttpSecurity?> ->
exceptions
.defaultAuthenticationEntryPointFor(
LoginUrlAuthenticationEntryPoint("/login"),
MediaTypeRequestMatcher(MediaType.TEXT_HTML)
)
}
return http.build() return http.build()
} }
@ -46,20 +75,26 @@ class SecurityConfig {
@Order(2) @Order(2)
@Throws(Exception::class) @Throws(Exception::class)
fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain { fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.csrf { it.disable() } http
.authorizeHttpRequests { it.anyRequest().authenticated() } .authorizeHttpRequests { it.anyRequest().authenticated() }
.formLogin(Customizer.withDefaults())
return http.build() return http.build()
} }
@Bean @Bean
fun userDetailsService(): UserDetailsService { fun userDetailsService(): UserDetailsService {
return InMemoryUserDetailsManager() val encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder()
val userDetails = User.builder()
.passwordEncoder(encoder::encode)
.username("admin")
.password("admin")
.roles("USER")
.build()
return InMemoryUserDetailsManager(userDetails)
} }
@Bean
fun registeredClientRepository(operations: JdbcTemplate): RegisteredClientRepository {
return JdbcRegisteredClientRepository(operations)
}
@Bean @Bean
fun jwkSource(): JWKSource<SecurityContext> { fun jwkSource(): JWKSource<SecurityContext> {