initial commit

2021-10-03 17:17:00 +02:00
commit 3fffe798cd
45 changed files with 3846 additions and 0 deletions
@@ -0,0 +1,50 @@
+/**
+ * 
+ */
+package de.bstly.board.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import de.bstly.board.businesslogic.UserManager;
+import de.bstly.board.model.LocalUser;
+
+/**
+ * @author Lurkars
+ *
+ */
+@Component
+public class OAuth2AuthenticationSuccessHandler
+		extends SavedRequestAwareAuthenticationSuccessHandler {
+
+	@Autowired
+	private UserManager localUserManager;
+
+	@Override
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+			Authentication authentication) throws IOException, ServletException {
+		LocalUser localUser = localUserManager.getByAuth(authentication);
+
+		User user = new User(localUser.getUsername(), "", authentication.getAuthorities());
+
+		UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(
+				user, null, authentication.getAuthorities());
+
+		SecurityContextHolder.getContext().setAuthentication(newAuthentication);
+
+		handle(request, response, newAuthentication);
+		clearAuthenticationAttributes(request);
+	}
+
+}
@@ -0,0 +1,111 @@
+/**
+ * 
+ */
+package de.bstly.board.security;
+
+import javax.sql.DataSource;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
+import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import de.bstly.board.businesslogic.UserManager;
+
+/**
+ * 
+ * @author monitoring@bstly.de
+ *
+ */
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	private UserManager localUserManager;
+	@Autowired
+	private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
+	@Autowired
+	private DataSource dataSource;
+	@Value("${loginUrl:/login}")
+	private String loginUrl;
+	@Value("${loginTargetUrl:/}")
+	private String loginTargetUrl;
+
+	/*
+	 * 
+	 * @see org.springframework.security.config.annotation.web.configuration.
+	 * WebSecurityConfigurerAdapter#configure(org.springframework.security.config.
+	 * annotation.web.builders.HttpSecurity)
+	 */
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+
+		oAuth2AuthenticationSuccessHandler.setDefaultTargetUrl(loginTargetUrl);
+
+		http
+				// crsf
+				.csrf().disable()
+				// anonymous
+				.anonymous().disable()
+				// login
+				.formLogin().loginPage("/login").defaultSuccessUrl(loginTargetUrl)
+				.failureHandler(new SimpleUrlAuthenticationFailureHandler(loginUrl
+						+ "?error"))
+				.and()
+				// remember me
+				.rememberMe().rememberMeServices(rememberMeServices()).and()
+				// logout
+				.logout().logoutUrl("/logout")
+				.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK))
+				.and()
+				// exception
+				.exceptionHandling()
+				.defaultAuthenticationEntryPointFor(
+						new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
+						new AntPathRequestMatcher("/api/**"))
+				.and()
+				// oidc
+				.oauth2Login().successHandler(oAuth2AuthenticationSuccessHandler)
+				.failureHandler(new SimpleUrlAuthenticationFailureHandler(loginUrl
+						+ "?externalError"))
+				.loginPage("/login");
+	}
+
+	/**
+	 * 
+	 * @return
+	 */
+	@Bean(name = "passwordEncoder")
+	public Argon2PasswordEncoder passwordEncoder() {
+		return new Argon2PasswordEncoder();
+	}
+
+	@Bean
+	public PersistentTokenRepository persistentTokenRepository() {
+		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
+		tokenRepository.setDataSource(dataSource);
+		return tokenRepository;
+	}
+
+	@Bean
+	public RememberMeServices rememberMeServices() {
+		PersistentTokenBasedRememberMeServices rememberMeServices = new PersistentTokenBasedRememberMeServices(
+				"remember-me", localUserManager, persistentTokenRepository());
+		return rememberMeServices;
+	}
+
+}