Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PI-21774 OAuth2 Authentication Filter POC #237

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 1 addition & 27 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -30,34 +30,13 @@
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.4.RELEASE</version>
</parent>

<repositories>
<repository>
<id>appdirect-artifactory</id>
<name>appdirect-artifactory</name>
<snapshots>
<enabled>false</enabled>
</snapshots>
<url>https://artifactory.appdirect.tools/artifactory/repo</url>
</repository>
</repositories>


<dependencies>
<!-- Spring -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>com.appdirect.authz</groupId>
<artifactId>authz-spring</artifactId>
<version>0.1.9</version>
</dependency>
<dependency>
<groupId>com.appdirect.authz</groupId>
<artifactId>authz-sdk-cached-signing-key-service</artifactId>
<version>0.1.9</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
@@ -205,11 +184,6 @@
<artifactId>jackson-datatype-jsr310</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.52</version>
</dependency>
</dependencies>

<build>
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package com.appdirect.sdk.web.oauth;

import javax.servlet.Filter;

public class DeveloperSpecificOAuth2AuthorizationService {
private final DeveloperSpecificOAuth2AuthorizationSupplier oAuth2AuthorizationSupplier;

DeveloperSpecificOAuth2AuthorizationService(DeveloperSpecificOAuth2AuthorizationSupplier oAuth2AuthorizationSupplier) {
this.oAuth2AuthorizationSupplier = oAuth2AuthorizationSupplier;
}

public Filter getOAuth2Filter() {
return oAuth2AuthorizationSupplier.getOAuth2Filter();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package com.appdirect.sdk.web.oauth;

import javax.servlet.Filter;

/**
* Implementations of this interface provide a way for the service-integration-sdk
* to retrieve the developer credentials. Each SDK client application must contain a bean
* of this type in its application context in order for the communication with AppMarket to work.
*/
@FunctionalInterface
public interface DeveloperSpecificOAuth2AuthorizationSupplier {

/**
* Returns the oAuth2 Filter
*
* @return the Filter to authorize incoming requests
*/
Filter getOAuth2Filter();
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package com.appdirect.sdk.web.oauth;

import javax.servlet.Filter;

public class DeveloperSpecificOAuth2AuthorizationSupplierImpl implements DeveloperSpecificOAuth2AuthorizationSupplier{
private final Filter oAuth2Filter;

public DeveloperSpecificOAuth2AuthorizationSupplierImpl(Filter oAuth2Filter) {
this.oAuth2Filter = oAuth2Filter;
}

@Override
public Filter getOAuth2Filter() {
return oAuth2Filter;
}
}

This file was deleted.

Original file line number Diff line number Diff line change
@@ -14,11 +14,15 @@
package com.appdirect.sdk.web.oauth;

import static java.util.Arrays.asList;
import static org.springframework.http.HttpStatus.UNAUTHORIZED;
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
import static org.springframework.util.CollectionUtils.isEmpty;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.Filter;

import lombok.extern.slf4j.Slf4j;

import org.springframework.beans.factory.annotation.Autowired;
@@ -27,15 +31,16 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth.provider.ConsumerDetailsService;
import org.springframework.security.oauth.provider.OAuthProcessingFilterEntryPoint;
import org.springframework.security.oauth.provider.OAuthProviderSupport;
import org.springframework.security.oauth.provider.filter.CoreOAuthProviderSupport;
import org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter;
import org.springframework.security.oauth.provider.token.InMemorySelfCleaningProviderTokenServices;
import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.header.HeaderWriterFilter;

import com.appdirect.sdk.appmarket.DeveloperSpecificAppmarketCredentialsSupplier;
import com.appdirect.sdk.web.oauth.model.OpenIdCustomUrlPattern;
@@ -47,6 +52,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DeveloperSpecificAppmarketCredentialsSupplier credentialsSupplier;

@Autowired
private DeveloperSpecificOAuth2AuthorizationSupplier oAuth2AuthorizationSupplier;

@Bean
public OpenIdCustomUrlPattern openIdUrlPatterns() {
return new OpenIdCustomUrlPattern();
@@ -57,11 +65,21 @@ public ConsumerDetailsService consumerDetailsService() {
return new DeveloperSpecificAppmarketCredentialsConsumerDetailsService(credentialsSupplier);
}

@Bean
public DeveloperSpecificOAuth2AuthorizationService oAuth2consumerDetailsService() {
return new DeveloperSpecificOAuth2AuthorizationService(oAuth2AuthorizationSupplier);
}

@Bean
public OAuthProviderTokenServices oauthProviderTokenServices() {
return new InMemorySelfCleaningProviderTokenServices();
}

@Bean
public Filter oAuth2SignatureCheckingFilter() {
return oAuth2consumerDetailsService().getOAuth2Filter();
}

@Bean
public OAuthProcessingFilterEntryPoint oAuthProcessingFilterEntryPoint() {
return new OAuthProcessingFilterEntryPoint();
@@ -91,25 +109,39 @@ public RequestIdFilter requestIdFilter() {
return new RequestIdFilter();
}


@Override
protected void configure(HttpSecurity http) throws Exception {
String[] securedUrlPatterns = createSecuredUrlPatterns();
mainConfiguration(http);
authZProtectionOnApi(http);
}

private void mainConfiguration(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/unsecured/**")
.permitAll()
.and()
.requestMatchers()
.antMatchers(securedUrlPatterns)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.antMatchers("/api/v1/integration/**", "/api/v1/domainassociation/**", "/api/v1/migration/**", "/api/v1/restrictions/**")
.and()
.cors().disable()
.csrf().disable()
.authorizeRequests().anyRequest().authenticated()
.and()
.logout().disable()
.x509().disable()
.formLogin().disable()
.httpBasic().disable()
.rememberMe().disable()
.sessionManagement().sessionCreationPolicy(STATELESS)
.and()
.addFilterAfter(oAuth2SignatureCheckingFilter(), HeaderWriterFilter.class)
.addFilterBefore(oAuthSignatureCheckingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(requestIdFilter(), ProtectedResourceProcessingFilter.class);
.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(UNAUTHORIZED));
}


private void authZProtectionOnApi(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/unsecured/**").permitAll()
.antMatchers("/api/v1/integration/**", "/api/v1/domainassociation/**", "/api/v1/migration/**", "/api/v1/restrictions/**")
.authenticated();
}

private String[] createSecuredUrlPatterns() {