74 lines
3.1 KiB
Java
74 lines
3.1 KiB
Java
package com.example.demo;
|
|
|
|
import org.springframework.boot.SpringApplication;
|
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
|
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.core.annotation.Order;
|
|
import org.springframework.security.access.prepost.PreAuthorize;
|
|
import org.springframework.security.config.Customizer;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.core.userdetails.User;
|
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
|
import org.springframework.util.StringUtils;
|
|
import org.springframework.web.bind.annotation.GetMapping;
|
|
import org.springframework.web.bind.annotation.RestController;
|
|
|
|
import java.util.List;
|
|
|
|
@RestController
|
|
@EnableWebSecurity
|
|
@EnableMethodSecurity
|
|
@SpringBootApplication
|
|
public class DemoApplication {
|
|
|
|
public static void main(String[] args) {
|
|
SpringApplication.run(DemoApplication.class, args);
|
|
}
|
|
|
|
@GetMapping("/ping")
|
|
@PreAuthorize("hasAuthority('SCOPE_read')")
|
|
public String controller() {
|
|
return "pong";
|
|
}
|
|
|
|
@Bean
|
|
@Order(1)
|
|
public SecurityFilterChain authorizationServerFilterChain(HttpSecurity http) throws Exception {
|
|
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
|
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
|
|
.oidc(Customizer.withDefaults());
|
|
|
|
return http
|
|
.exceptionHandling(exceptions ->
|
|
exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
|
|
)
|
|
.build();
|
|
}
|
|
|
|
@Bean
|
|
@Order(2)
|
|
public SecurityFilterChain defaultFilterChain(HttpSecurity http) throws Exception {
|
|
return http
|
|
.authorizeHttpRequests(authz -> authz.anyRequest().authenticated())
|
|
.oauth2ResourceServer(resourceServerConfigurer -> resourceServerConfigurer.jwt(Customizer.withDefaults()))
|
|
.formLogin(Customizer.withDefaults())
|
|
.build();
|
|
}
|
|
|
|
@Bean
|
|
public InMemoryUserDetailsManager inMemoryUserDetailsManager(SecurityProperties properties) {
|
|
SecurityProperties.User user = properties.getUser();
|
|
List<String> roles = user.getRoles();
|
|
return new InMemoryUserDetailsManager(User.withUsername(user.getName()).password(user.getPassword())
|
|
.roles(StringUtils.toStringArray(roles)).build());
|
|
}
|
|
|
|
}
|