Package org.chenile.configuration.security

Class ChenileSecurityConfiguration

java.lang.Object
org.chenile.configuration.security.ChenileSecurityConfiguration
@Configuration @ConditionalOnProperty(name="security.config.type", havingValue="false", matchIfMissing=true) public class ChenileSecurityConfiguration extends Object

  • Field Details

    • logger

      private final org.slf4j.Logger logger

    • connectionDetails

      @Autowired KeycloakConnectionDetails connectionDetails

    • clientId

      @Value("${chenile.security.client.id}") String clientId

    • clientSecret

      @Value("${chenile.security.client.secret}") String clientSecret

    • keycloakAuthServerUrl

      @Value("${chenile.security.keycloak.host}") private String keycloakAuthServerUrl

    • realm

      @Value("${chenile.security.keycloak.base.realm}") private String realm

    • repositories

      private final Map<String,org.springframework.security.oauth2.client.registration.ClientRegistrationRepository> repositories

    • authenticationManagers

      private final Map<String,org.springframework.security.authentication.AuthenticationManager> authenticationManagers

    • jwtDecoderMap

      Map<String,org.springframework.security.oauth2.jwt.JwtDecoder> jwtDecoderMap

  • Constructor Details

    • ChenileSecurityConfiguration

      public ChenileSecurityConfiguration()

  • Method Details

    • securityFilterChain

      @Bean public org.springframework.security.web.SecurityFilterChain securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Throws:
      Exception

    • resolver

      private org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver resolver()

    • clientRegistrationRepository

      @Bean public org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository()

    • clientRegistrationRepository

      private org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository(String tenantId)

    • authorizedClientService

      @Bean public org.springframework.security.oauth2.client.OAuth2AuthorizedClientService authorizedClientService(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)

    • client

      public org.springframework.security.oauth2.client.registration.ClientRegistration client()

    • client

      @Bean public org.springframework.security.oauth2.client.registration.ClientRegistration client(String realm)

    • authenticationManagerResolver

      private org.springframework.security.authentication.AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver()

    • getAuthenticationManager

      private org.springframework.security.authentication.AuthenticationManager getAuthenticationManager(String tenantId)
      Here we take the tenant ID to construct a specific URL (with the realm as tenant ID) and return an Authentication Manager for that realm.
      Since the URL that is constructed depends on the validity of the tenant ID, it is possible that we may get a 404 from keycloak. To take care of this, we will recast all exceptions to "InvalidBearerTokenException" so that spring security will give a 401 in all those cases.
      Parameters:
      tenantId - the tenant ID
      Returns:
      the Authentication manager for the particular tenant ID

    • jwt

      private org.springframework.security.authentication.AuthenticationManager jwt(String tenantId)

    • jwtBearerTokenAuthenticationConverter

      private Converter<org.springframework.security.oauth2.jwt.Jwt,? extends org.springframework.security.authentication.AbstractAuthenticationToken> jwtBearerTokenAuthenticationConverter()

    • keycloakBaseUrl

      private String keycloakBaseUrl(String realm)

    • keycloakOpenIdUrl

      private String keycloakOpenIdUrl(String realm)

    • jwtDecoder

      org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder(String tenantId)

    • securityService

      @Bean SecurityService securityService()