added support for refresh token

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java

@@ -48,6 +48,7 @@ import ch.ethz.seb.sebserver.WebSecurityConfig;
 import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.CachableJdbcTokenStore;
+import ch.ethz.seb.sebserver.webservice.weblayer.oauth.PreAuthProvider;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebClientDetailsService;
 import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebserviceResourceConfiguration;
 
@@ -87,6 +88,8 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
     private TokenStore tokenStore;
     @Autowired
     private WebClientDetailsService webServiceClientDetails;
+    @Autowired
+    private PreAuthProvider preAuthProvider;
 
     @Value("${sebserver.webservice.api.admin.endpoint}")
     private String adminAPIEndpoint;
@@ -146,6 +149,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
         auth
                 .userDetailsService(this.webServiceUserDetails)
                 .passwordEncoder(this.userPasswordEncoder);
+        auth.authenticationProvider(this.preAuthProvider);
     }
 
     @Override

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java

@@ -9,9 +9,12 @@
 package ch.ethz.seb.sebserver.webservice.weblayer;
 
 import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.stereotype.Component;
 
 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
@@ -20,7 +23,8 @@ import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserDAO;
 @Lazy
 @Component
 @WebServiceProfile
-public class WebServiceUserDetails implements UserDetailsService {
+public class WebServiceUserDetails
+        implements UserDetailsService, AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
 
     private final UserDAO userDAO;
 
@@ -36,4 +40,16 @@ public class WebServiceUserDetails implements UserDetailsService {
                 });
     }
 
+    @Override
+    public UserDetails loadUserDetails(final PreAuthenticatedAuthenticationToken token)
+            throws UsernameNotFoundException {
+
+        final Object principal = token.getPrincipal();
+        if (principal instanceof UsernamePasswordAuthenticationToken) {
+            return loadUserByUsername(((UsernamePasswordAuthenticationToken) principal).getName());
+        }
+
+        throw new UsernameNotFoundException("No User for principal: " + principal + " found");
+    }
+
 }

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/PreAuthProvider.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+package ch.ethz.seb.sebserver.webservice.weblayer.oauth;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
+import org.springframework.stereotype.Component;
+
+import ch.ethz.seb.sebserver.webservice.weblayer.WebServiceUserDetails;
+
+@Component
+public class PreAuthProvider extends PreAuthenticatedAuthenticationProvider {
+
+    private final WebServiceUserDetails webServiceUserDetails;
+
+    public PreAuthProvider(final WebServiceUserDetails webServiceUserDetails) {
+        this.webServiceUserDetails = webServiceUserDetails;
+    }
+
+    @PostConstruct
+    public void init() {
+        super.setPreAuthenticatedUserDetailsService(this.webServiceUserDetails);
+    }
+}

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java

@@ -135,6 +135,7 @@ public abstract class WebserviceResourceConfiguration extends ResourceServerConf
             tokenService.setTokenStore(this.tokenStore);
             tokenService.setClientDetailsService(this.webServiceClientDetails);
             tokenService.setSupportRefreshToken(this.supportRefreshToken);
+            tokenService.setSupportRefreshToken(this.supportRefreshToken);
             tokenService.setAuthenticationManager(this.authenticationManager);
             tokenService.setAccessTokenValiditySeconds(this.accessTokenValiditySeconds);
             tokenService.setRefreshTokenValiditySeconds(this.refreshTokenValiditySeconds);