Working, but authentication is ignored

CDOT-CV · Feb 14, 2024 · f052ade · f052ade
1 parent 5e7bc1a
commit f052ade
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 105 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM maven:3.8.1-openjdk-11 as builder
+FROM maven:3.8-eclipse-temurin-21-alpine as builder
 
 WORKDIR /home
 
@@ -38,7 +38,7 @@ WORKDIR /home/jpo-conflictvisualizer-api
 
 RUN mvn clean package -DskipTests
 # ENTRYPOINT ["tail", "-f", "/dev/null"]
-FROM openjdk:11-jre
+FROM eclipse-temurin:21-jre-alpine
 
 WORKDIR /home
 

diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/KeycloakConfig.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/KeycloakConfig.java
@@ -1,31 +1,19 @@
 package us.dot.its.jpo.ode.api;
 
-//import org.keycloak.adapters.KeycloakConfigResolver;
-//import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
-//import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
-//import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
-//import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.KeycloakBuilder;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
@@ -73,16 +61,22 @@ private ClientRegistration keycloakClientRegistration() {
                 .clientId(resource)
                 .clientSecret(clientSecret)
                 .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-                .redirectUri(redirectServer + "/login/oauth2/code/" + resource)
                 .issuerUri(authServer + "/realms/" + realm)
-                .scope("openid")
+                .redirectUri(redirectServer)
+                .authorizationUri(authServer + "/realms/" + realm + "/protocol/openid-connect/auth")
+                .tokenUri(authServer + "/realms/" + realm + "/protocol/openid-connect/token")
+                .userInfoUri(authServer + "/realms/" + realm + "/protocol/openid-connect/userinfo")
+                .userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
                 .build();
     }
 
+
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
         if(securityEnabled){
             System.out.println("Running with KeyCloak Authentication");
+
             return httpSecurity
                     .cors(AbstractHttpConfigurer::disable)
                     .csrf(AbstractHttpConfigurer::disable)
@@ -91,7 +85,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                                 request.anyRequest().fullyAuthenticated();
                             }
                     )
-                    .oauth2Login(withDefaults())
+                    .oauth2Client(withDefaults())
                     .build();
         }else{
             System.out.println("Running without KeyCloak Authentication");
@@ -109,91 +103,21 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
 
 
 
-//
-//
-//    // sets KeycloakAuthenticationProvider as an authentication provider
-//    // sets SimpleAuthorityMapper as the authority mapper
-//    @Autowired
-//    protected void configureGlobal(final AuthenticationManagerBuilder auth) {
-//        final KeycloakAuthenticationProvider provider = super.keycloakAuthenticationProvider();
-//        provider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
-//        auth.authenticationProvider(provider);
-//    }
-//
-//
-//    @Bean
-//    @Override
-//    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-//
-//        return new NullAuthenticatedSessionStrategy();
-//    }
-//
-//    // ensure that spring boot will resolve the keycloak configuration
-//    // from application.yml (or application.properties)
-//    @Bean
-//    public KeycloakConfigResolver keycloakConfigResolver() {
-//        return new KeycloakSpringBootConfigResolver();
-//    }
-//
-//    @Bean
-//    public Keycloak keyCloakBuilder() {
-//        System.out.println("Auth Server: " + authServer);
-//        System.out.println("Realm: " + realm);
-//        System.out.println("Resource: " + resource);
-//        Keycloak keycloak = KeycloakBuilder.builder()
-//        .serverUrl(authServer)
-//        .grantType("password")
-//        .realm("master")
-//        .clientId("admin-cli")
-//        .username(username)
-//        .password(password)
-//        .build();
-//        return keycloak;
-//    }
-//
-//    @Override
-//    protected void configure(final HttpSecurity httpSecurity) throws Exception {
-//        super.configure(httpSecurity);
-//
-//        if(securityEnabled){
-//            System.out.println("Running with KeyCloak Authentication");
-//            httpSecurity
-//            .cors()
-//            .and()
-//            .csrf().disable()
-//            .authorizeRequests()
-//            .requestMatchers("/**").permitAll()
-//            .anyRequest().fullyAuthenticated();
-//        }else{
-//            System.out.println("Running without KeyCloak Authentication");
-//            httpSecurity
-//            .cors()
-//            .and()
-//            .csrf().disable()
-//            .authorizeRequests().anyRequest().permitAll();
-//        }
-//    }
-//
-//    @Override
-//    public void init(WebSecurity builder) throws Exception {
-//
-//    }
-//
-//    @Override
-//    public void configure(WebSecurity builder) throws Exception {
-//
-//    }
-//
-//
-//    // This is condition allows for disabling securit
-//    @ConditionalOnProperty(prefix = "security",
-//    name = "enabled",
-//    havingValue = "true")
-//    @EnableGlobalMethodSecurity(prePostEnabled = true)
-//    static class Dummy {
-//        public Dummy(){
-//            System.out.println("Initializing Security");
-//        }
-//
-//    }
+    @Bean
+    public Keycloak keyCloakBuilder() {
+        System.out.println("Auth Server: " + authServer);
+        System.out.println("Realm: " + realm);
+        System.out.println("Resource: " + resource);
+        Keycloak keycloak = KeycloakBuilder.builder()
+        .serverUrl(authServer)
+        .grantType("password")
+        .realm("master")
+        .clientId("admin-cli")
+        .username(username)
+        .password(password)
+        .build();
+        return keycloak;
+    }
+
+
 }