diff options
author | Rodrigo Lima <rodrigo.lima@yoppworks.com> | 2020-09-03 11:54:27 -0400 |
---|---|---|
committer | Rodrigo Lima <rodrigo.lima@yoppworks.com> | 2020-09-08 11:25:04 -0400 |
commit | 696ebd9e433f2b6f890c6032a4febdb9d3ec8eb7 (patch) | |
tree | 427d1b6980fac114b4503407d434fa7ae979e743 /aai-resources/src/main/java/org/onap | |
parent | 4714ea1e5f45fe286a25adbcad8e553c6250a821 (diff) |
Add keycloak integration
- The feature can be enabled by adding keycloak spring profile in application properties.
- Add keycloak springboot and spring security adapter to pom
- Exclude keycloak and spring security autoconfiguration in application properties
- Add keycloak application properties that is activated when keycloak profile used
- Add WebSecurityConfig to config authorization
Issue-ID: AAI-3129
Signed-off-by: Rodrigo Lima <rodrigo.lima@yoppworks.com>
Change-Id: Iaa086b4075c03237388a997274d01bf8b8114b4d
Diffstat (limited to 'aai-resources/src/main/java/org/onap')
-rw-r--r-- | aai-resources/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/aai-resources/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java b/aai-resources/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java new file mode 100644 index 0000000..2b67c40 --- /dev/null +++ b/aai-resources/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java @@ -0,0 +1,86 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright (C) 2019 Nordix Foundation. + * Modifications Copyright (C) 2019 AT&T Intellectual Property. + * Modifications Copyright (C) 2020 Bell Canada. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.aai.rest.security; + +import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; +import org.keycloak.adapters.springsecurity.KeycloakConfiguration; +import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; +import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Import; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; +import org.springframework.security.core.session.SessionRegistryImpl; +import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; +import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; +import org.springframework.security.web.session.HttpSessionEventPublisher; + +@Profile("keycloak") +@KeycloakConfiguration +@Import({KeycloakSpringBootConfigResolver.class}) +public class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter { + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) { + KeycloakAuthenticationProvider keycloakAuthenticationProvider + = keycloakAuthenticationProvider(); + keycloakAuthenticationProvider.setGrantedAuthoritiesMapper( + new SimpleAuthorityMapper()); + auth.authenticationProvider(keycloakAuthenticationProvider); + } + + @Bean + public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() { + return new ServletListenerRegistrationBean<>(new HttpSessionEventPublisher()); + } + + @Bean + @Override + protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { + return new RegisterSessionAuthenticationStrategy( + new SessionRegistryImpl()); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + super.configure(http); + http.authorizeRequests() + .antMatchers("/**") + .hasAnyRole("admin") + .anyRequest() + .permitAll().and().csrf().disable(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + web.ignoring().regexMatchers("^.*/util/echo$"); + } + + +} |