From cda0ddb92622469520cacb217de59b77b703e898 Mon Sep 17 00:00:00 2001 From: anhefti Date: Mon, 17 Jul 2023 15:41:14 +0200 Subject: [PATCH] added support for refresh token --- .../weblayer/WebServiceSecurityConfig.java | 4 +++ .../weblayer/WebServiceUserDetails.java | 18 ++++++++++- .../weblayer/oauth/PreAuthProvider.java | 31 +++++++++++++++++++ .../WebserviceResourceConfiguration.java | 1 + 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java index 89accdfa..4048e476 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java @@ -48,6 +48,7 @@ import ch.ethz.seb.sebserver.WebSecurityConfig; import ch.ethz.seb.sebserver.gbl.model.user.UserRole; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; import ch.ethz.seb.sebserver.webservice.weblayer.oauth.CachableJdbcTokenStore; +import ch.ethz.seb.sebserver.webservice.weblayer.oauth.PreAuthProvider; import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebClientDetailsService; import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebserviceResourceConfiguration; @@ -87,6 +88,8 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter { private TokenStore tokenStore; @Autowired private WebClientDetailsService webServiceClientDetails; + @Autowired + private PreAuthProvider preAuthProvider; @Value("${sebserver.webservice.api.admin.endpoint}") private String adminAPIEndpoint; @@ -146,6 +149,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter { auth .userDetailsService(this.webServiceUserDetails) .passwordEncoder(this.userPasswordEncoder); + auth.authenticationProvider(this.preAuthProvider); } @Override diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java index 3b9c7f3d..0fc0cf97 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java @@ -9,9 +9,12 @@ package ch.ethz.seb.sebserver.webservice.weblayer; import org.springframework.context.annotation.Lazy; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.stereotype.Component; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; @@ -20,7 +23,8 @@ import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserDAO; @Lazy @Component @WebServiceProfile -public class WebServiceUserDetails implements UserDetailsService { +public class WebServiceUserDetails + implements UserDetailsService, AuthenticationUserDetailsService { private final UserDAO userDAO; @@ -36,4 +40,16 @@ public class WebServiceUserDetails implements UserDetailsService { }); } + @Override + public UserDetails loadUserDetails(final PreAuthenticatedAuthenticationToken token) + throws UsernameNotFoundException { + + final Object principal = token.getPrincipal(); + if (principal instanceof UsernamePasswordAuthenticationToken) { + return loadUserByUsername(((UsernamePasswordAuthenticationToken) principal).getName()); + } + + throw new UsernameNotFoundException("No User for principal: " + principal + " found"); + } + } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java new file mode 100644 index 00000000..2aed9dbe --- /dev/null +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET) + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +package ch.ethz.seb.sebserver.webservice.weblayer.oauth; + +import javax.annotation.PostConstruct; + +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; +import org.springframework.stereotype.Component; + +import ch.ethz.seb.sebserver.webservice.weblayer.WebServiceUserDetails; + +@Component +public class PreAuthProvider extends PreAuthenticatedAuthenticationProvider { + + private final WebServiceUserDetails webServiceUserDetails; + + public PreAuthProvider(final WebServiceUserDetails webServiceUserDetails) { + this.webServiceUserDetails = webServiceUserDetails; + } + + @PostConstruct + public void init() { + super.setPreAuthenticatedUserDetailsService(this.webServiceUserDetails); + } +} diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java index ccd93952..ec308629 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java @@ -135,6 +135,7 @@ public abstract class WebserviceResourceConfiguration extends ResourceServerConf tokenService.setTokenStore(this.tokenStore); tokenService.setClientDetailsService(this.webServiceClientDetails); tokenService.setSupportRefreshToken(this.supportRefreshToken); + tokenService.setSupportRefreshToken(this.supportRefreshToken); tokenService.setAuthenticationManager(this.authenticationManager); tokenService.setAccessTokenValiditySeconds(this.accessTokenValiditySeconds); tokenService.setRefreshTokenValiditySeconds(this.refreshTokenValiditySeconds);