Update security configuration

- add SecurityConf and add oidc and oauth2 application.yml - add ConfigReader, ConfigParam - add SecurityConstants
kbss-cvut · May 3, 2024 · 420d676 · 420d676
1 parent 337c357
commit 420d676
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 2 deletions.
diff --git a/src/main/java/cz/cvut/kbss/analysis/config/conf/SecurityConf.java b/src/main/java/cz/cvut/kbss/analysis/config/conf/SecurityConf.java
@@ -0,0 +1,26 @@
+package cz.cvut.kbss.analysis.config.conf;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Setter
+@Getter
+@Configuration
+@EnableConfigurationProperties
+@ConfigurationProperties("security")
+public class SecurityConf {
+        private String allowedOrigins;
+
+        private String appContext;
+
+        private String issuerUri;
+
+        private String secretKey;
+
+        private Long expiryMs;
+
+        private String roleClaim;
+}
diff --git a/src/main/java/cz/cvut/kbss/analysis/security/SecurityConstants.java b/src/main/java/cz/cvut/kbss/analysis/security/SecurityConstants.java
@@ -0,0 +1,33 @@
+package cz.cvut.kbss.analysis.security;
+
+public class SecurityConstants {
+
+    private SecurityConstants() {
+        throw new AssertionError();
+    }
+
+    public static final String SESSION_COOKIE_NAME = "FSM_JSESSIONID";
+
+    public static final String REMEMBER_ME_COOKIE_NAME = "remember-me";
+
+    public static final String CSRF_COOKIE_NAME = "CSRF-TOKEN";
+
+    public static final String USERNAME_PARAM = "username";
+
+    public static final String PASSWORD_PARAM = "password";
+
+    public static final String SECURITY_CHECK_URI = "/j_spring_security_check";
+
+    public static final String LOGOUT_URI = "/j_spring_security_logout";
+
+    public static final String COOKIE_URI = "/";
+
+    /**
+     * Session timeout in seconds.
+     */
+    public static final int SESSION_TIMEOUT = 12 * 60 * 60;
+
+    public static final String ROLE_USER = "ROLE_USER";
+
+    public static final String ROLE_ADMIN = "ROLE_ADMIN";
+}
diff --git a/src/main/java/cz/cvut/kbss/analysis/service/ConfigReader.java b/src/main/java/cz/cvut/kbss/analysis/service/ConfigReader.java
@@ -0,0 +1,42 @@
+package cz.cvut.kbss.analysis.service;
+
+import cz.cvut.kbss.analysis.util.ConfigParam;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+
+import java.util.Map;
+
+@Component
+public class ConfigReader {
+
+    private final Environment environment;
+
+    public ConfigReader(Environment environment) {
+        this.environment = environment;
+    }
+
+    /**
+     * Gets value of the specified configuration parameter.
+     *
+     * @param param Configuration parameter
+     * @return Configuration parameter value, empty string if the parameter is not set
+     */
+    public String getConfig(ConfigParam param) {
+        return getConfig(param, "");
+    }
+
+    public String getConfig(ConfigParam param, String defaultValue) {
+        if (environment.containsProperty(param.toString())) {
+            return environment.getProperty(param.toString());
+        }
+        return defaultValue;
+    }
+
+    public String getConfigWithParams(ConfigParam param, Map<String, String> params) {
+        String str = environment.getProperty(param.toString());
+        for ( String key : params.keySet() ) {
+            str = str.replace("{{" + key + "}}", params.get(key));
+        }
+        return str;
+    }
+}
diff --git a/src/main/java/cz/cvut/kbss/analysis/util/ConfigParam.java b/src/main/java/cz/cvut/kbss/analysis/util/ConfigParam.java
@@ -0,0 +1,19 @@
+package cz.cvut.kbss.analysis.util;
+
+public enum ConfigParam {
+
+    SECURITY_SAME_SITE("security.sameSite"),
+
+    APP_CONTEXT("appContext");
+
+    private final String name;
+
+    ConfigParam(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public String toString() {
+        return name;
+    }
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -2,14 +2,19 @@ server:
   port: 9999
 
 repository:
-  url: http://localhost:1235/services/db-server/repositories/fta-fmea
+  url: http://localhost/ava/services/db-server/repositories/fta-fmea
 
 
 persistence:
   driver: cz.cvut.kbss.ontodriver.rdf4j.Rdf4jDataSource
   language: cs
 
 security:
+  provider: oidc
+  oidcRoleClaim: realm_access.roles
+  appContext: http://localhost:3000/fta-fmea
+  cors:
+    allowedOrigins:
   jwt:
     secretKey: lwrUj5PmCE6X8ekbLd9wDTRlBkEJA0HB
     expiryMs: 28800000 # 8 hours
@@ -25,4 +30,13 @@ logging:
 annotator:
   list-documents-api: ${LIST_DOCUMENT_API:http://localhost:8282/s-pipes/service?_pId=list-documents}
   convert-document-api: ${CONVERT_DOCUMENT_API:http://localhost:8282/s-pipes/service?_pId=convert-document}
-  process-annotatoins-api: ${PROCESS_ANNOTATION_API:https://localhost:8090/annotator/process-annotation-service.sh}
+  process-annotatoins-api: ${PROCESS_ANNOTATION_API:https://localhost:8090/annotator/process-annotation-service.sh}
+
+spring:
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: http://localhost/services/auth/realms/record-manager
+          jwk-set-uri: http://localhost/services/auth/realms/record-manager/protocol/openid-connect/certs
+