added support for refresh token

2023-07-17 15:41:14 +02:00 · 2023-07-17 15:41:14 +02:00 · cda0ddb926
commit cda0ddb926
parent 4736b9208a
4 changed files with 53 additions and 1 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java
@ -48,6 +48,7 @@ import ch.ethz.seb.sebserver.WebSecurityConfig;
 import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.CachableJdbcTokenStore;
+import ch.ethz.seb.sebserver.webservice.weblayer.oauth.PreAuthProvider;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebClientDetailsService;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebserviceResourceConfiguration;

@ -87,6 +88,8 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
    private TokenStore tokenStore;
    @Autowired
    private WebClientDetailsService webServiceClientDetails;
+    @Autowired
+    private PreAuthProvider preAuthProvider;

    @Value("${sebserver.webservice.api.admin.endpoint}")
    private String adminAPIEndpoint;
@ -146,6 +149,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
        auth
                .userDetailsService(this.webServiceUserDetails)
                .passwordEncoder(this.userPasswordEncoder);
+        auth.authenticationProvider(this.preAuthProvider);
    }

    @Override
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java
@ -9,9 +9,12 @@
 package ch.ethz.seb.sebserver.webservice.weblayer;

 import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.stereotype.Component;

 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
@ -20,7 +23,8 @@ import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserDAO;
@Lazy
@Component
@WebServiceProfile
-public class WebServiceUserDetails implements UserDetailsService {
+public class WebServiceUserDetails
+        implements UserDetailsService, AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {

    private final UserDAO userDAO;

@ -36,4 +40,16 @@ public class WebServiceUserDetails implements UserDetailsService {
                });
    }

+    @Override
+    public UserDetails loadUserDetails(final PreAuthenticatedAuthenticationToken token)
+            throws UsernameNotFoundException {
+
+        final Object principal = token.getPrincipal();
+        if (principal instanceof UsernamePasswordAuthenticationToken) {
+            return loadUserByUsername(((UsernamePasswordAuthenticationToken) principal).getName());
+        }
+
+        throw new UsernameNotFoundException("No User for principal: " + principal + " found");
+    }
+
 }
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java
@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+package ch.ethz.seb.sebserver.webservice.weblayer.oauth;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
+import org.springframework.stereotype.Component;
+
+import ch.ethz.seb.sebserver.webservice.weblayer.WebServiceUserDetails;
+
+@Component
+public class PreAuthProvider extends PreAuthenticatedAuthenticationProvider {
+
+    private final WebServiceUserDetails webServiceUserDetails;
+
+    public PreAuthProvider(final WebServiceUserDetails webServiceUserDetails) {
+        this.webServiceUserDetails = webServiceUserDetails;
+    }
+
+    @PostConstruct
+    public void init() {
+        super.setPreAuthenticatedUserDetailsService(this.webServiceUserDetails);
+    }
+}
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java
@ -135,6 +135,7 @@ public abstract class WebserviceResourceConfiguration extends ResourceServerConf
            tokenService.setTokenStore(this.tokenStore);
            tokenService.setClientDetailsService(this.webServiceClientDetails);
            tokenService.setSupportRefreshToken(this.supportRefreshToken);
+            tokenService.setSupportRefreshToken(this.supportRefreshToken);
            tokenService.setAuthenticationManager(this.authenticationManager);
            tokenService.setAccessTokenValiditySeconds(this.accessTokenValiditySeconds);
            tokenService.setRefreshTokenValiditySeconds(this.refreshTokenValiditySeconds);