Skip to content
Snippets Groups Projects
Commit e6459eb4 authored by Tobias Bruns's avatar Tobias Bruns
Browse files

OZG-6988 reenable security mappings

parent e652006f
No related branches found
No related tags found
1 merge request!3Ozg 6988 add reporting
Show whitespace changes
Inline Side-by-side
src/main/java/de/ozgcloud/admin/RootModelAssembler.java
+ 8
10
View file @ e6459eb4
...@@ -23,8 +23,9 @@ ...@@ -23,8 +23,9 @@
*/ */
package de.ozgcloud.admin; package de.ozgcloud.admin;
import de.ozgcloud.admin.common.user.CurrentUserService; import java.util.ArrayList;
import de.ozgcloud.admin.common.user.UserRole; import java.util.List;
import org.springframework.boot.autoconfigure.data.rest.RepositoryRestProperties; import org.springframework.boot.autoconfigure.data.rest.RepositoryRestProperties;
import org.springframework.hateoas.EntityModel; import org.springframework.hateoas.EntityModel;
import org.springframework.hateoas.Link; import org.springframework.hateoas.Link;
...@@ -32,11 +33,10 @@ import org.springframework.hateoas.server.RepresentationModelAssembler; ...@@ -32,11 +33,10 @@ import org.springframework.hateoas.server.RepresentationModelAssembler;
import org.springframework.hateoas.server.mvc.WebMvcLinkBuilder; import org.springframework.hateoas.server.mvc.WebMvcLinkBuilder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import de.ozgcloud.admin.common.user.CurrentUserService;
import de.ozgcloud.admin.common.user.UserRole;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import java.util.ArrayList;
import java.util.List;
@Component @Component
@RequiredArgsConstructor @RequiredArgsConstructor
public class RootModelAssembler implements RepresentationModelAssembler<Root, EntityModel<Root>> { public class RootModelAssembler implements RepresentationModelAssembler<Root, EntityModel<Root>> {
...@@ -49,15 +49,14 @@ public class RootModelAssembler implements RepresentationModelAssembler<Root, En ...@@ -49,15 +49,14 @@ public class RootModelAssembler implements RepresentationModelAssembler<Root, En
@Override @Override
public EntityModel<Root> toModel(Root root) { public EntityModel<Root> toModel(Root root) {
List<Link> links = buildRootModelLinks(); List<Link> links = buildRootModelLinks();
return EntityModel.of( return EntityModel.of(root, links);
root,
links);
} }
List<Link> buildRootModelLinks() { List<Link> buildRootModelLinks() {
List<Link> links = new ArrayList<>(); List<Link> links = new ArrayList<>();
var rootLinkBuilder = WebMvcLinkBuilder.linkTo(RootController.class); var rootLinkBuilder = WebMvcLinkBuilder.linkTo(RootController.class);
links.add(rootLinkBuilder.withSelfRel()); links.add(rootLinkBuilder.withSelfRel());
if (currentUserService.hasRole(UserRole.ADMIN_ADMIN)) { if (currentUserService.hasRole(UserRole.ADMIN_ADMIN)) {
links.add(buildConfigLink()); links.add(buildConfigLink());
} }
...@@ -68,7 +67,6 @@ public class RootModelAssembler implements RepresentationModelAssembler<Root, En ...@@ -68,7 +67,6 @@ public class RootModelAssembler implements RepresentationModelAssembler<Root, En
var rootLinkBuilder = WebMvcLinkBuilder.linkTo(RootController.class); var rootLinkBuilder = WebMvcLinkBuilder.linkTo(RootController.class);
return Link.of( return Link.of(
rootLinkBuilder.toUriComponentsBuilder().replacePath(restProperties.getBasePath()).toUriString(), rootLinkBuilder.toUriComponentsBuilder().replacePath(restProperties.getBasePath()).toUriString(),
REL_CONFIGURATION REL_CONFIGURATION);
);
} }
} }
src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java
+ 58
38
View file @ e6459eb4
...@@ -23,6 +23,14 @@ ...@@ -23,6 +23,14 @@
*/ */
package de.ozgcloud.admin.security; package de.ozgcloud.admin.security;
import static java.util.stream.Collectors.*;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
...@@ -31,9 +39,15 @@ import org.springframework.security.config.annotation.method.configuration.Enabl ...@@ -31,9 +39,15 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import de.ozgcloud.admin.common.user.UserRole; import de.ozgcloud.admin.common.user.UserRole;
import de.ozgcloud.admin.environment.OAuth2Properties;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
@Configuration @Configuration
...@@ -42,14 +56,13 @@ import lombok.RequiredArgsConstructor; ...@@ -42,14 +56,13 @@ import lombok.RequiredArgsConstructor;
@RequiredArgsConstructor @RequiredArgsConstructor
public class SecurityConfiguration { public class SecurityConfiguration {
private final AdminAuthenticationEntryPoint authenticationEntryPoint;
static final String RESOURCE_ACCESS_KEY = "resource_access"; static final String RESOURCE_ACCESS_KEY = "resource_access";
static final String SIMPLE_GRANT_AUTHORITY_PREFIX = "ROLE_"; static final String SIMPLE_GRANT_AUTHORITY_PREFIX = "ROLE_";
static final String ROLES_KEY = "roles"; static final String ROLES_KEY = "roles";
private final AdminAuthenticationEntryPoint authenticationEntryPoint;
private final OAuth2Properties oAuth2Properties;
@Bean @Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception { SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
...@@ -61,8 +74,6 @@ public class SecurityConfiguration { ...@@ -61,8 +74,6 @@ public class SecurityConfiguration {
http.authorizeHttpRequests(requests -> requests http.authorizeHttpRequests(requests -> requests
.requestMatchers(HttpMethod.GET, "/api/environment").permitAll() .requestMatchers(HttpMethod.GET, "/api/environment").permitAll()
// .requestMatchers("/api/configuration").hasRole(UserRole.DATENBEAUFTRAGUNG)
// .requestMatchers("/api/configuration/**").hasRole(UserRole.DATENBEAUFTRAGUNG)
.requestMatchers("/api/configuration").hasAnyRole(UserRole.ADMIN_ADMIN, UserRole.DATENBEAUFTRAGUNG) .requestMatchers("/api/configuration").hasAnyRole(UserRole.ADMIN_ADMIN, UserRole.DATENBEAUFTRAGUNG)
.requestMatchers("/api/configuration/**").hasAnyRole(UserRole.ADMIN_ADMIN, UserRole.DATENBEAUFTRAGUNG) .requestMatchers("/api/configuration/**").hasAnyRole(UserRole.ADMIN_ADMIN, UserRole.DATENBEAUFTRAGUNG)
.requestMatchers("/api").authenticated() .requestMatchers("/api").authenticated()
...@@ -74,37 +85,46 @@ public class SecurityConfiguration { ...@@ -74,37 +85,46 @@ public class SecurityConfiguration {
return http.build(); return http.build();
} }
/*
* @Bean JwtAuthenticationConverter jwtAuthenticationConverter() { var // TODO OZG-4954 replace with spring defaults
* jwtConverter = new JwtAuthenticationConverter(); @Bean
* jwtConverter.setJwtGrantedAuthoritiesConverter( JwtAuthenticationConverter jwtAuthenticationConverter() {
* this::convertJwtToGrantedAuthorities); var jwtConverter = new JwtAuthenticationConverter();
* jwtConverter.setPrincipalClaimName(StandardClaimNames.PREFERRED_USERNAME); jwtConverter.setJwtGrantedAuthoritiesConverter(this::convertJwtToGrantedAuthorities);
* return jwtConverter; } jwtConverter.setPrincipalClaimName(StandardClaimNames.PREFERRED_USERNAME);
*/ return jwtConverter;
/* }
* Set<GrantedAuthority> convertJwtToGrantedAuthorities(Jwt jwt) { return
* getRolesFromJwt(jwt) .stream() .map(this::mapRoleStringToGrantedAuthority) Set<GrantedAuthority> convertJwtToGrantedAuthorities(Jwt jwt) {
* .collect(toSet()); } return getRolesFromJwt(jwt)
* .stream()
* private GrantedAuthority mapRoleStringToGrantedAuthority(String role) { .map(this::mapRoleStringToGrantedAuthority)
* return new SimpleGrantedAuthority(SIMPLE_GRANT_AUTHORITY_PREFIX + role); } .collect(toSet());
* }
* List<String> getRolesFromJwt(Jwt jwt) { return
* Optional.ofNullable(jwt.getClaimAsMap(RESOURCE_ACCESS_KEY)) private GrantedAuthority mapRoleStringToGrantedAuthority(String role) {
* .flatMap(resourceAccessMap -> getMap(resourceAccessMap, return new SimpleGrantedAuthority(SIMPLE_GRANT_AUTHORITY_PREFIX + role);
* oAuth2Properties.getResource())) .flatMap(adminClientMap -> }
* getList(adminClientMap, ROLES_KEY)) .orElse(Collections.emptyList()); }
* List<String> getRolesFromJwt(Jwt jwt) {
* @SuppressWarnings("unchecked") private Optional<Map<String, Object>> return Optional.ofNullable(jwt.getClaimAsMap(RESOURCE_ACCESS_KEY))
* getMap(Map<String, Object> map, String mapKey) { return .flatMap(resourceAccessMap -> getMap(resourceAccessMap, oAuth2Properties.getResource()))
* Optional.ofNullable(map.get(mapKey)) .filter(Map.class::isInstance) .map(obj .flatMap(adminClientMap -> getList(adminClientMap, ROLES_KEY))
* -> (Map<String, Object>) obj); } .orElse(Collections.emptyList());
* }
* @SuppressWarnings("unchecked") private Optional<List<String>>
* getList(Map<String, Object> map, String mapKey) { return @SuppressWarnings("unchecked")
* Optional.ofNullable(map.get(mapKey)) .filter(List.class::isInstance) .map(obj private Optional<Map<String, Object>> getMap(Map<String, Object> map, String mapKey) {
* -> (List<String>) obj); } return Optional.ofNullable(map.get(mapKey))
*/ .filter(Map.class::isInstance)
.map(obj -> (Map<String, Object>) obj);
}
@SuppressWarnings("unchecked")
private Optional<List<String>> getList(Map<String, Object> map, String mapKey) {
return Optional.ofNullable(map.get(mapKey))
.filter(List.class::isInstance)
.map(obj -> (List<String>) obj);
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit