feat(server, ui): SSO OAuth2 with mock oidc-provider, authenticate SS…

…O Opaque token and generate session on server side
chutney-testing · Oct 10, 2024 · 8dfc0dd · 8dfc0dd
1 parent f6b1432
commit 8dfc0dd
Showing 5 changed files with 20 additions and 21 deletions.
diff --git a/...y/infra/sso/TokenAuthenticationToken.java → .../infra/sso/OAuth2AuthenticationToken.java b/...y/infra/sso/TokenAuthenticationToken.java → .../infra/sso/OAuth2AuthenticationToken.java
@@ -9,11 +9,11 @@
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 
-public class TokenAuthenticationToken extends AbstractAuthenticationToken {
+public class OAuth2AuthenticationToken extends AbstractAuthenticationToken {
 
     private final String token;
 
-    public TokenAuthenticationToken(String token) {
+    public OAuth2AuthenticationToken(String token) {
         super(null);
         this.token = token;
         setAuthenticated(false);

diff --git a/...r/src/main/java/com/chutneytesting/security/infra/sso/OAuth2SsoSecurityConfiguration.java b/...r/src/main/java/com/chutneytesting/security/infra/sso/OAuth2SsoSecurityConfiguration.java
@@ -93,28 +93,28 @@ SsoOpenIdConnectConfig ssoOpenIdConnectConfig(
 
     @Bean
     public OAuth2UserService<OAuth2UserRequest, OAuth2User> customOAuth2UserService(AuthenticationService authenticationService) {
-        return new CustomOAuth2UserService(authenticationService);
+        return new OAuth2SsoUserService(authenticationService);
     }
 
     @Bean
-    public TokenAuthenticationProvider tokenAuthenticationProvider(AuthenticationService authenticationService, ClientRegistrationRepository clientRegistrationRepository) {
-        return new TokenAuthenticationProvider(customOAuth2UserService(authenticationService), clientRegistrationRepository.findByRegistrationId("my-provider"));
+    public OAuth2TokenAuthenticationProvider tokenAuthenticationProvider(AuthenticationService authenticationService, ClientRegistrationRepository clientRegistrationRepository) {
+        return new OAuth2TokenAuthenticationProvider(customOAuth2UserService(authenticationService), clientRegistrationRepository.findByRegistrationId("my-provider"));
     }
 
     @Bean
-    public AuthenticationManager authenticationManager(TokenAuthenticationProvider tokenAuthenticationProvider) {
-        return new ProviderManager(Collections.singletonList(tokenAuthenticationProvider));
+    public AuthenticationManager authenticationManager(OAuth2TokenAuthenticationProvider OAuth2TokenAuthenticationProvider) {
+        return new ProviderManager(Collections.singletonList(OAuth2TokenAuthenticationProvider));
     }
 
     @Bean
     @Order(1)
-    public SecurityFilterChain securityFilterChainOAuth2Sso(final HttpSecurity http, TokenAuthenticationProvider tokenAuthenticationProvider, AuthenticationManager authenticationManager) throws Exception {
+    public SecurityFilterChain securityFilterChainOAuth2Sso(final HttpSecurity http, OAuth2TokenAuthenticationProvider OAuth2TokenAuthenticationProvider, AuthenticationManager authenticationManager) throws Exception {
         ChutneyWebSecurityConfig chutneyWebSecurityConfig = new ChutneyWebSecurityConfig();
-        TokenAuthenticationFilter tokenFilter = new TokenAuthenticationFilter(authenticationManager);
+        OAuth2TokenAuthenticationFilter tokenFilter = new OAuth2TokenAuthenticationFilter(authenticationManager);
         chutneyWebSecurityConfig.configureBaseHttpSecurity(http, sslEnabled);
         UserDto anonymous = chutneyWebSecurityConfig.anonymous();
         http
-            .authenticationProvider(tokenAuthenticationProvider)
+            .authenticationProvider(OAuth2TokenAuthenticationProvider)
             .addFilterBefore(tokenFilter, BasicAuthenticationFilter.class)
             .anonymous(anonymousConfigurer -> anonymousConfigurer
                 .principal(anonymous)

diff --git a/...ty/infra/sso/CustomOAuth2UserService.java → ...urity/infra/sso/OAuth2SsoUserService.java b/...ty/infra/sso/CustomOAuth2UserService.java → ...urity/infra/sso/OAuth2SsoUserService.java
@@ -15,22 +15,21 @@
 import java.util.Map;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
-public class CustomOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
+public class OAuth2SsoUserService implements org.springframework.security.oauth2.client.userinfo.OAuth2UserService<OAuth2UserRequest, OAuth2User> {
 
     private final AuthenticationService authenticationService;
 
-    public CustomOAuth2UserService(AuthenticationService authenticationService) {
+    public OAuth2SsoUserService(AuthenticationService authenticationService) {
         this.authenticationService = authenticationService;
     }
 
     @Override
     public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
-        OAuth2UserService<OAuth2UserRequest, OAuth2User> delegate = new DefaultOAuth2UserService();
+        org.springframework.security.oauth2.client.userinfo.OAuth2UserService<OAuth2UserRequest, OAuth2User> delegate = new DefaultOAuth2UserService();
         OAuth2User oAuth2User = delegate.loadUser(userRequest);
         Map<String, Object> oAuth2UserAttributes = oAuth2User.getAttributes();
         String username = (String) oAuth2UserAttributes.get("sub");

diff --git a/.../infra/sso/TokenAuthenticationFilter.java → .../sso/OAuth2TokenAuthenticationFilter.java b/.../infra/sso/TokenAuthenticationFilter.java → .../sso/OAuth2TokenAuthenticationFilter.java
@@ -19,11 +19,11 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-public class TokenAuthenticationFilter extends OncePerRequestFilter {
+public class OAuth2TokenAuthenticationFilter extends OncePerRequestFilter {
 
     private final AuthenticationManager authenticationManager;
 
-    public TokenAuthenticationFilter(AuthenticationManager authenticationManager){
+    public OAuth2TokenAuthenticationFilter(AuthenticationManager authenticationManager){
         this.authenticationManager = authenticationManager;
     }
 
@@ -35,7 +35,7 @@ protected void doFilterInternal(HttpServletRequest request,
         String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
         if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
             String token = authorizationHeader.substring(7);
-            TokenAuthenticationToken authRequest = new TokenAuthenticationToken(token);
+            OAuth2AuthenticationToken authRequest = new OAuth2AuthenticationToken(token);
             try {
                 Authentication authentication = authenticationManager.authenticate(authRequest);
                 SecurityContextHolder.getContext().setAuthentication(authentication);

diff --git a/...nfra/sso/TokenAuthenticationProvider.java → ...so/OAuth2TokenAuthenticationProvider.java b/...nfra/sso/TokenAuthenticationProvider.java → ...so/OAuth2TokenAuthenticationProvider.java
@@ -18,19 +18,19 @@
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
-public class TokenAuthenticationProvider implements AuthenticationProvider {
+public class OAuth2TokenAuthenticationProvider implements AuthenticationProvider {
 
     private final OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService;
     private final ClientRegistration clientRegistration;
 
-    public TokenAuthenticationProvider(OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService, ClientRegistration clientRegistration) {
+    public OAuth2TokenAuthenticationProvider(OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService, ClientRegistration clientRegistration) {
         this.oAuth2UserService = oAuth2UserService;
         this.clientRegistration = clientRegistration;
     }
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        TokenAuthenticationToken tokenAuth = (TokenAuthenticationToken) authentication;
+        OAuth2AuthenticationToken tokenAuth = (OAuth2AuthenticationToken) authentication;
         String token = tokenAuth.getCredentials().toString();
         OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, null, null);
         OAuth2UserRequest userRequest = new OAuth2UserRequest(clientRegistration, accessToken);
@@ -44,6 +44,6 @@ public Authentication authenticate(Authentication authentication) throws Authent
 
     @Override
     public boolean supports(Class<?> authentication) {
-        return TokenAuthenticationToken.class.isAssignableFrom(authentication);
+        return OAuth2AuthenticationToken.class.isAssignableFrom(authentication);
     }
 }