77 lines
2.7 KiB
Kotlin
77 lines
2.7 KiB
Kotlin
package com.example.loginapi
|
|
|
|
import org.springframework.beans.factory.annotation.Value
|
|
import org.springframework.context.annotation.Bean
|
|
import org.springframework.context.annotation.Configuration
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer
|
|
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
|
|
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer
|
|
import org.springframework.security.oauth2.provider.token.DefaultTokenServices
|
|
import org.springframework.security.oauth2.provider.token.TokenStore
|
|
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter
|
|
import org.springframework.security.oauth2.provider.token.store.jwk.JwkTokenStore
|
|
|
|
/**
|
|
* @author sombochea
|
|
* @since 1.0
|
|
*/
|
|
@Configuration
|
|
@EnableResourceServer
|
|
open class OauthResourceServerSecurity :
|
|
ResourceServerConfigurerAdapter() {
|
|
private val jwtAccessTokenConverter: CubeJwtAccessTokenConverter = CubeJwtAccessTokenConverter()
|
|
|
|
@Value("\${spring.security.oauth2.resourceserver.jwt.public-key}")
|
|
var publicKey: String? = null
|
|
|
|
@Value("\${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
|
|
var jwkSetUri: String? = null
|
|
|
|
private var tokenStore: TokenStore? = null
|
|
|
|
override fun configure(resources: ResourceServerSecurityConfigurer) {
|
|
val resourceId = "cubetiq-clinic-dev"
|
|
println("Loaded system with resource id: $resourceId")
|
|
resources
|
|
.tokenStore(tokenStore())
|
|
.resourceId(resourceId)
|
|
.stateless(false)
|
|
}
|
|
|
|
@Throws(Exception::class)
|
|
override fun configure(http: HttpSecurity) {
|
|
http.exceptionHandling()
|
|
.and()
|
|
.authorizeRequests()
|
|
.antMatchers("/api/**")
|
|
.access("#oauth2.hasAnyScope('read','write')")
|
|
.antMatchers("/actuator/**")
|
|
.hasAnyRole("SUPER_ADMIN", "SYS_ADMIN","ACTUATOR")
|
|
}
|
|
|
|
@Bean
|
|
fun tokenServices(tokenStore: TokenStore?): DefaultTokenServices {
|
|
val tokenServices = DefaultTokenServices()
|
|
tokenServices.setTokenStore(tokenStore)
|
|
return tokenServices
|
|
}
|
|
|
|
@Bean
|
|
fun tokenStore(): TokenStore? {
|
|
if (tokenStore == null) {
|
|
tokenStore = JwkTokenStore(jwkSetUri, jwtAccessTokenConverter)
|
|
}
|
|
|
|
return tokenStore
|
|
}
|
|
|
|
@Bean
|
|
fun jwtAccessTokenConverter(): JwtAccessTokenConverter {
|
|
val converter = JwtAccessTokenConverter()
|
|
converter.accessTokenConverter = jwtAccessTokenConverter
|
|
converter.setVerifierKey(publicKey)
|
|
return converter
|
|
}
|
|
}
|