Add keycloak integration

Issue-ID: AAI-3298 Signed-off-by: Sam Huang <sam.huang@yoppworks.com> Change-Id: I2d99769ab8d189d61de610ec020b15a8fe0aa652
author: Sam Huang <sam.huang@yoppworks.com> 2021-03-23 10:16:47 -0600
committer: Sam Huang <sam.huang@yoppworks.com> 2021-03-31 12:42:42 -0600
commit: 41bbec0fa7d767536d892c4ad76dadcb54aa796f (patch)
tree: 04765df7a92e325acb8bcbcc99433918bd3e9ce1 /aai-traversal/src/main/java
parent: 7e39a251880314af510a1a746fe28493403f1bc2 (diff)
1 files changed, 76 insertions, 0 deletions
diff --git a/aai-traversal/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java b/aai-traversal/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java
new file mode 100644
index 0000000..c92d818
--- /dev/null
+++ b/aai-traversal/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java
@@ -0,0 +1,76 @@
+
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright (C) 2019 Nordix Foundation.
+ * Modifications Copyright (C) 2019 AT&T Intellectual Property.
+ * Modifications Copyright (C) 2020 Bell Canada.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aai.rest.security;
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
+import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+@Profile("keycloak")
+@KeycloakConfiguration
+@Import({KeycloakSpringBootConfigResolver.class})
+public class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) {
+        KeycloakAuthenticationProvider keycloakAuthenticationProvider
+                = keycloakAuthenticationProvider();
+        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(
+                new SimpleAuthorityMapper());
+        auth.authenticationProvider(keycloakAuthenticationProvider);
+    }
+    @Bean
+    public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
+        return new ServletListenerRegistrationBean<>(new HttpSessionEventPublisher());
+    }
+    @Bean
+    @Override
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(
+                new SessionRegistryImpl());
+    }
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.authorizeRequests()
+                .antMatchers("/**")
+                .permitAll().and().csrf().disable();
+    }
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().regexMatchers("^.*/util/echo$");
+    }
+}
author	Sam Huang <sam.huang@yoppworks.com>	2021-03-23 10:16:47 -0600
committer	Sam Huang <sam.huang@yoppworks.com>	2021-03-31 12:42:42 -0600
commit	41bbec0fa7d767536d892c4ad76dadcb54aa796f (patch)
tree	04765df7a92e325acb8bcbcc99433918bd3e9ce1 /aai-traversal/src/main/java
parent	7e39a251880314af510a1a746fe28493403f1bc2 (diff)