Add authorization for admin

2025-02-14 23:04:37 +03:00 · 2025-02-14 23:04:37 +03:00 · 9c3957398f
commit 9c3957398f
parent 3cf19c23cb
2 changed files with 47 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,6 +13,7 @@ build/
 .settings
 .springBeans
 .sts4-cache
+.gigaide
 bin/
 !**/src/main/**/bin/
 !**/src/test/**/bin/
--- a/src/main/kotlin/ru/vyatsu/qr_access_auth_server/SecurityConfig.kt
+++ b/src/main/kotlin/ru/vyatsu/qr_access_auth_server/SecurityConfig.kt
@ -8,10 +8,15 @@ import com.nimbusds.jose.proc.SecurityContext
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.core.annotation.Order
+import org.springframework.http.MediaType
 import org.springframework.jdbc.core.JdbcTemplate
+import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
+import org.springframework.security.core.userdetails.User
 import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.crypto.factory.PasswordEncoderFactories
 import org.springframework.security.oauth2.jwt.JwtDecoder
 import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
@ -20,24 +25,48 @@ import org.springframework.security.oauth2.server.authorization.config.annotatio
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
 import java.security.KeyPair
 import java.security.KeyPairGenerator
 import java.security.interfaces.RSAPrivateKey
 import java.security.interfaces.RSAPublicKey
 import java.util.*

+
@Configuration
-@EnableWebSecurity
+@EnableWebSecurity(debug = true)
 class SecurityConfig {
+
+    @Bean
+    fun registeredClientRepository(operations: JdbcTemplate): RegisteredClientRepository {
+        return JdbcRegisteredClientRepository(operations)
+    }
+
    @Bean
    @Order(1)
-    @Throws(Exception::class)
+    @Throws(java.lang.Exception::class)
    fun authorizationServerSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
-        val authorizationServer = OAuth2AuthorizationServerConfigurer.authorizationServer()
+        val authorizationServerConfigurer =
+            OAuth2AuthorizationServerConfigurer.authorizationServer()
+
        http
-            .securityMatcher(authorizationServer.endpointsMatcher)
-            .with(authorizationServer) {}
+            .securityMatcher(authorizationServerConfigurer.endpointsMatcher)
+            .with(
+                authorizationServerConfigurer
+            ) { authorizationServer: OAuth2AuthorizationServerConfigurer ->
+                authorizationServer
+                    .oidc(Customizer.withDefaults())
+            } // Enable OpenID Connect 1.0 <- potentially should be deleted
+
            .authorizeHttpRequests { it.anyRequest().authenticated() }
+            .exceptionHandling { exceptions: ExceptionHandlingConfigurer<HttpSecurity?> ->
+                exceptions
+                    .defaultAuthenticationEntryPointFor(
+                        LoginUrlAuthenticationEntryPoint("/login"),
+                        MediaTypeRequestMatcher(MediaType.TEXT_HTML)
+                    )
+            }

        return http.build()
    }
@ -46,20 +75,26 @@ class SecurityConfig {
    @Order(2)
    @Throws(Exception::class)
    fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
-        http.csrf { it.disable() }
+        http
            .authorizeHttpRequests { it.anyRequest().authenticated() }
+            .formLogin(Customizer.withDefaults())
+
        return http.build()
    }

    @Bean
    fun userDetailsService(): UserDetailsService {
-        return InMemoryUserDetailsManager()
+        val encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder()
+        val userDetails = User.builder()
+            .passwordEncoder(encoder::encode)
+            .username("admin")
+            .password("admin")
+            .roles("USER")
+            .build()
+
+        return InMemoryUserDetailsManager(userDetails)
    }

-    @Bean
-    fun registeredClientRepository(operations: JdbcTemplate): RegisteredClientRepository {
-        return JdbcRegisteredClientRepository(operations)
-    }

    @Bean
    fun jwkSource(): JWKSource<SecurityContext> {