Package org.chenile.configuration.security

Class SecurityConfiguration

java.lang.Object
org.chenile.configuration.security.SecurityConfiguration
@Configuration public class SecurityConfiguration extends Object

  • Field Details

    • logger

      private org.slf4j.Logger logger

    • connectionDetails

      @Autowired KeycloakConnectionDetails connectionDetails

    • clientId

      @Value("${chenile.security.client.id") String clientId

    • clientSecret

      @Value("${chenile.security.client.secret") String clientSecret

    • repositories

      private final Map<String,org.springframework.security.oauth2.client.registration.ClientRegistrationRepository> repositories

    • jwtDecoderMap

      Map<String,org.springframework.security.oauth2.jwt.JwtDecoder> jwtDecoderMap

  • Constructor Details

    • SecurityConfiguration

      public SecurityConfiguration()

  • Method Details

    • securityFilterChain

      @Bean public org.springframework.security.web.SecurityFilterChain securityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception
      Throws:
      Exception

    • resolver

      private org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver resolver()

    • clientRegistrationRepository

      @Bean public org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository()

    • clientRegistrationRepository

      private org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository(String tenantId)

    • authorizedClientService

      @Bean public org.springframework.security.oauth2.client.OAuth2AuthorizedClientService authorizedClientService(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)

    • client

      public org.springframework.security.oauth2.client.registration.ClientRegistration client()

    • client

      @Bean public org.springframework.security.oauth2.client.registration.ClientRegistration client(String realm)

    • authenticationManagerResolver

      private org.springframework.security.authentication.AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver()

    • jwt

      private org.springframework.security.authentication.AuthenticationManager jwt(String tenantId)
      Here we take the tenant ID to construct a specific URL (with the realm as tenant ID) and return an Authentication Manager for that realm.
      Since the URL that is constructed depends on the validity of the tenant ID, it is possible that we may get a 404 from keycloak. To take care of this, we will recast all exceptions to "InvalidBearerTokenException" so that spring security will give a 401 in all those cases.
      Parameters:
      tenantId - the tenant ID
      Returns:
      the Authentication manager for the particular tenant ID

    • jwtBearerTokenAuthenticationConverter

      private Converter<org.springframework.security.oauth2.jwt.Jwt,? extends org.springframework.security.authentication.AbstractAuthenticationToken> jwtBearerTokenAuthenticationConverter()

    • keycloakBaseUrl

      private String keycloakBaseUrl(String realm)

    • keycloakOpenIdUrl

      private String keycloakOpenIdUrl(String realm)

    • jwtDecoder

      org.springframework.security.oauth2.jwt.JwtDecoder jwtDecoder(String tenantId)

    • securityInterceptor

      @Bean public SecurityInterceptor securityInterceptor()