Skip to content

Commit

Permalink
gh-231 : (CONFIGURATION)
Browse files Browse the repository at this point in the history
WiP gh-231
  • Loading branch information
ch4mpy committed Oct 23, 2024
1 parent b7cb155 commit 159bb31
Show file tree
Hide file tree
Showing 21 changed files with 1,131 additions and 1,154 deletions.

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import java.net.URISyntaxException;
import java.util.List;
import java.util.stream.StreamSupport;

import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
Expand All @@ -13,38 +12,44 @@
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.view.RedirectView;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;

@Controller
public class LoginController {
private final List<ClientRegistration> clientRegistrations;

public LoginController(InMemoryClientRegistrationRepository clientRegistrationRepo) {
this.clientRegistrations = StreamSupport.stream(clientRegistrationRepo.spliterator(), false)
.filter(reg -> AuthorizationGrantType.AUTHORIZATION_CODE.equals(reg.getAuthorizationGrantType())).toList();
}

@GetMapping("/login")
public RedirectView getLogin() throws URISyntaxException {
if (clientRegistrations.size() == 1) {
return new RedirectView(loginPath(clientRegistrations.get(0)));
}
return new RedirectView("login/opts");
}

@GetMapping("/login/opts")
public String getLoginOpts(Authentication auth, Model model) throws URISyntaxException {
model.addAttribute("isAuthenticated", auth != null && auth.isAuthenticated() && !(auth instanceof AnonymousAuthenticationToken));
model.addAttribute(
"loginOptions",
clientRegistrations.stream().map(clientRegistration -> new LoginOptionDto(clientRegistration.getClientName(), loginPath(clientRegistration)))
.toList());
return "login";
}

static String loginPath(ClientRegistration clientRegistration) {
return "/oauth2/authorization/%s".formatted(clientRegistration.getRegistrationId());
}

static record LoginOptionDto(String name, String loginPath) {
}
private final List<ClientRegistration> clientRegistrations;

public LoginController(InMemoryClientRegistrationRepository clientRegistrationRepo,
SpringAddonsOidcProperties properties) {
this.clientRegistrations = StreamSupport.stream(clientRegistrationRepo.spliterator(), false)
.filter(reg -> AuthorizationGrantType.AUTHORIZATION_CODE
.equals(reg.getAuthorizationGrantType()))
.toList();
}

@GetMapping("/login")
public RedirectView getLogin() throws URISyntaxException {
if (clientRegistrations.size() == 1) {
return new RedirectView(loginPath(clientRegistrations.get(0)));
}
return new RedirectView("login/opts");
}

@GetMapping("/login/opts")
public String getLoginOpts(Authentication auth, Model model) throws URISyntaxException {
model.addAttribute("isAuthenticated",
auth != null && auth.isAuthenticated() && !(auth instanceof AnonymousAuthenticationToken));
model.addAttribute("loginOptions",
clientRegistrations.stream()
.map(clientRegistration -> new LoginOptionDto(clientRegistration.getClientName(),
loginPath(clientRegistration)))
.toList());
return "login";
}

static String loginPath(ClientRegistration clientRegistration) {
return "/oauth2/authorization/%s".formatted(clientRegistration.getRegistrationId());
}

static record LoginOptionDto(String name, String loginPath) {
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ client-uri: ${scheme}://localhost:${server.port}
rp-initiated-logout-enabled: true

scheme: http
keycloak-issuer: http://localhost:7080/auth/realms/spring-addons
issuer: https://oidc.c4-soft.com/auth/realms/quiz
auth0-issuer: https://dev-ch4mpy.eu.auth0.com/

server:
Expand All @@ -16,9 +16,9 @@ spring:
client:
provider:
keycloak:
issuer-uri: ${keycloak-issuer}
issuer-uri: ${issuer}
entra:
issuer-uri: https://sts.windows.net/4f68014f-7f14-4f89-8197-06f0b3ff24d9/
issuer-uri: ${issuer}
registration:
keycloak-authorization-code:
authorization-grant-type: authorization_code
Expand Down Expand Up @@ -46,7 +46,7 @@ com:
springaddons:
oidc:
ops:
- iss: ${keycloak-issuer}
- iss: ${issuer}
authorities:
- path: $.realm_access.roles
resourceserver:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,45 +1,45 @@
package com.c4_soft.springaddons.security.oidc.starter.properties;

import java.util.List;

import lombok.Data;

@Data
public class CorsProperties {
/**
* Path matcher to which this configuration entry applies
*/
private String path = "/**";

/**
* Default is null
*/
private Boolean allowCredentials = null;

/**
* Default is "*" which allows all origins
*/
private List<String> allowedOriginPatterns = List.of("*");

/**
* Default is "*" which allows all methods
*/
private List<String> allowedMethods = List.of("*");

/**
* Default is "*" which allows all headers
*/
private List<String> allowedHeaders = List.of("*");

/**
* Default is "*" which exposes all headers
*/
private List<String> exposedHeaders = List.of("*");

private Long maxAge = null;

/**
* If left to false, OPTIONS requests are added to permit-all for the {@link CorsProperties#path path matchers} of this {@link CorsProperties}
*/
private boolean disableAnonymousOptions = false;
/**
* Path matcher to which this configuration entry applies
*/
private String path = "/**";

/**
* Default is null
*/
private Boolean allowCredentials = null;

/**
* Default is "*" which allows all origins
*/
private List<String> allowedOriginPatterns = List.of("*");

/**
* Default is "*" which allows all methods
*/
private List<String> allowedMethods = List.of("*");

/**
* Default is "*" which allows all headers
*/
private List<String> allowedHeaders = List.of("*");

/**
* Default is "*" which exposes all headers
*/
private List<String> exposedHeaders = List.of("*");

private Long maxAge = null;

/**
* If left to false, OPTIONS requests are added to permit-all for the {@link CorsProperties#path
* path matchers} of this {@link CorsProperties}
*/
private boolean disableAnonymousOptions = false;
}
Loading

0 comments on commit 159bb31

Please sign in to comment.