feat: add basic support for OIDC login

author: Paul-Christian Volkmer 2024-01-31 15:43:10 +0100
committer: Paul-Christian Volkmer 2024-01-31 15:57:16 +0100
commit: 17e04a3f8972fe5eca0bf3b236293e4a6998e56f (patch)
tree: 5fc1a30c2991827cc610e0d2a83bfb4f32109d12 /src/main/kotlin/dev
parent: f71a775e12bfc6fe50e0b443863ac8fec6f4a4f2 (diff)
3 files changed, 43 insertions, 9 deletions
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
index aacf97d..b18bc02 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
@@ -86,7 +86,8 @@ data class KafkaTargetProperties(
 data class SecurityConfigProperties(
     val adminUser: String?,
     val adminPassword: String?,
-    val enableTokens: Boolean = false
+    val enableTokens: Boolean = false,
+    val enableOidc: Boolean = false
 ) {
     companion object {
         const val NAME = "app.security"
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
index 22a2e34..750ccbc 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
@@ -24,21 +24,15 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.core.Ordered
-import org.springframework.core.annotation.Order
-import org.springframework.http.HttpMethod
-import org.springframework.security.authentication.AuthenticationProvider
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.invoke
-import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.core.userdetails.User
 import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.crypto.factory.PasswordEncoderFactories
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.web.SecurityFilterChain
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
 import java.util.*
 
 
@@ -82,6 +76,30 @@ class AppSecurityConfiguration(
     }
 
     @Bean
+    @ConditionalOnProperty(value = ["app.security.enable-oidc"], havingValue = "true")
+    fun filterChainOidc(http: HttpSecurity, passwordEncoder: PasswordEncoder): SecurityFilterChain {
+        http {
+            authorizeRequests {
+                authorize("/configs/**", hasRole("ADMIN"))
+                authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
+                authorize(anyRequest, permitAll)
+            }
+            httpBasic {
+                realmName = "ETL-Processor"
+            }
+            formLogin {
+                loginPage = "/login"
+            }
+            oauth2Login {
+                loginPage = "/login"
+            }
+            csrf { disable() }
+        }
+        return http.build()
+    }
+
+    @Bean
+    @ConditionalOnProperty(value = ["app.security.enable-oidc"], havingValue = "false", matchIfMissing = true)
     fun filterChain(http: HttpSecurity, passwordEncoder: PasswordEncoder): SecurityFilterChain {
         http {
             authorizeRequests {
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt b/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt
index 02c98cf..954b23e 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt
@@ -19,14 +19,29 @@
 
 package dev.dnpm.etl.processor.web
 
+import dev.dnpm.etl.processor.config.SecurityConfigProperties
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties
 import org.springframework.stereotype.Controller
+import org.springframework.ui.Model
 import org.springframework.web.bind.annotation.GetMapping
+import java.security.Principal
 
 @Controller
-class LoginController {
+class LoginController(
+    private val securityConfigProperties: SecurityConfigProperties,
+    private val oAuth2ClientProperties: OAuth2ClientProperties?
+) {
 
     @GetMapping(path = ["/login"])
-    fun login(): String {
+    fun login(principal: Principal?, model: Model): String {
+        if (securityConfigProperties.enableOidc) {
+            model.addAttribute(
+                "oidcLogins",
+                oAuth2ClientProperties?.registration?.map { (key, value) -> Pair(key, value.clientName) }.orEmpty()
+            )
+        } else {
+            model.addAttribute("oidcLogins", emptyList<Pair<String, String>>())
+        }
         return "login"
     }
author	Paul-Christian Volkmer	2024-01-31 15:43:10 +0100
committer	Paul-Christian Volkmer	2024-01-31 15:57:16 +0100
commit	17e04a3f8972fe5eca0bf3b236293e4a6998e56f (patch)
tree	5fc1a30c2991827cc610e0d2a83bfb4f32109d12 /src/main/kotlin/dev
parent	f71a775e12bfc6fe50e0b443863ac8fec6f4a4f2 (diff)