Skip to content

Commit 9ae8a32

Browse files
MarcialRosalesMarcialRosales
committed
Add behaviours
1 parent b434fd5 commit 9ae8a32

File tree

3 files changed

+186
-1
lines changed

3 files changed

+186
-1
lines changed

selenium/authorization-server/dockerfile

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ FROM maven:3.9.9-eclipse-temurin-24-alpine as builder
22
WORKDIR /home/app/authorization-server
33
COPY ./ .
44
RUN mvn -Dmaven.test.skip=true clean package
5-
# MAVEN_OPTS="--enable-native-access=ALL-UNNAMED"
65

76
FROM openjdk:24-jdk
87
EXPOSE 8080

selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java

Lines changed: 154 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
package com.rabbitmq.authorization_server;
2+
3+
import java.security.KeyPair;
4+
import java.security.KeyPairGenerator;
5+
import java.security.interfaces.RSAPrivateKey;
6+
import java.security.interfaces.RSAPublicKey;
7+
import java.util.UUID;
8+
9+
import org.springframework.context.annotation.Bean;
10+
import org.springframework.context.annotation.Configuration;
11+
import org.springframework.core.annotation.Order;
12+
import org.springframework.http.MediaType;
13+
import org.springframework.security.config.Customizer;
14+
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
15+
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
16+
import org.springframework.security.core.userdetails.User;
17+
import org.springframework.security.core.userdetails.UserDetails;
18+
import org.springframework.security.core.userdetails.UserDetailsService;
19+
import org.springframework.security.oauth2.core.AuthorizationGrantType;
20+
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
21+
import org.springframework.security.oauth2.core.oidc.OidcScopes;
22+
import org.springframework.security.oauth2.jwt.JwtDecoder;
23+
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
24+
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
25+
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
26+
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
27+
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
28+
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
29+
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
30+
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
31+
import org.springframework.security.web.SecurityFilterChain;
32+
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
33+
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
34+
35+
import com.nimbusds.jose.jwk.JWKSet;
36+
import com.nimbusds.jose.jwk.RSAKey;
37+
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
38+
import com.nimbusds.jose.jwk.source.JWKSource;
39+
import com.nimbusds.jose.proc.SecurityContext;
40+
41+
@Configuration
42+
@EnableWebSecurity
43+
public class SecurityConfig {
44+
45+
@Bean
46+
@Order(1)
47+
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
48+
throws Exception {
49+
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
50+
OAuth2AuthorizationServerConfigurer.authorizationServer();
51+
52+
http
53+
.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
54+
.with(authorizationServerConfigurer, (authorizationServer) ->
55+
authorizationServer
56+
.oidc(Customizer.withDefaults()) // Enable OpenID Connect 1.0
57+
)
58+
.authorizeHttpRequests((authorize) ->
59+
authorize
60+
.anyRequest().authenticated()
61+
)
62+
// Redirect to the login page when not authenticated from the
63+
// authorization endpoint
64+
.exceptionHandling((exceptions) -> exceptions
65+
.defaultAuthenticationEntryPointFor(
66+
new LoginUrlAuthenticationEntryPoint("/login"),
67+
new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
68+
)
69+
);
70+
71+
return http.build();
72+
}
73+
74+
@Bean
75+
@Order(2)
76+
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
77+
throws Exception {
78+
http
79+
.authorizeHttpRequests((authorize) -> authorize
80+
.anyRequest().authenticated()
81+
)
82+
// Form login handles the redirect to the login page from the
83+
// authorization server filter chain
84+
.formLogin(Customizer.withDefaults());
85+
86+
return http.build();
87+
}
88+
89+
@Bean
90+
public UserDetailsService userDetailsService() {
91+
UserDetails userDetails = User.withDefaultPasswordEncoder()
92+
.username("user")
93+
.password("password")
94+
.roles("USER")
95+
.build();
96+
97+
return new InMemoryUserDetailsManager(userDetails);
98+
}
99+
100+
@Bean
101+
public RegisteredClientRepository registeredClientRepository() {
102+
RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
103+
.clientId("oidc-client")
104+
.clientSecret("{noop}secret")
105+
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
106+
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
107+
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
108+
.redirectUri("http://127.0.0.1:8080/login/oauth2/code/oidc-client")
109+
.postLogoutRedirectUri("http://127.0.0.1:8080/")
110+
.scope(OidcScopes.OPENID)
111+
.scope(OidcScopes.PROFILE)
112+
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
113+
.build();
114+
115+
return new InMemoryRegisteredClientRepository(oidcClient);
116+
}
117+
118+
@Bean
119+
public JWKSource<SecurityContext> jwkSource() {
120+
KeyPair keyPair = generateRsaKey();
121+
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
122+
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
123+
RSAKey rsaKey = new RSAKey.Builder(publicKey)
124+
.privateKey(privateKey)
125+
.keyID(UUID.randomUUID().toString())
126+
.build();
127+
JWKSet jwkSet = new JWKSet(rsaKey);
128+
return new ImmutableJWKSet<>(jwkSet);
129+
}
130+
131+
private static KeyPair generateRsaKey() {
132+
KeyPair keyPair;
133+
try {
134+
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
135+
keyPairGenerator.initialize(2048);
136+
keyPair = keyPairGenerator.generateKeyPair();
137+
}
138+
catch (Exception ex) {
139+
throw new IllegalStateException(ex);
140+
}
141+
return keyPair;
142+
}
143+
144+
@Bean
145+
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
146+
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
147+
}
148+
149+
@Bean
150+
public AuthorizationServerSettings authorizationServerSettings() {
151+
return AuthorizationServerSettings.builder().build();
152+
}
153+
154+
}

selenium/authorization-server/src/main/resources/application.yml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
server:
2+
port: 8080
3+
4+
logging:
5+
level:
6+
org.springframework.security: trace
7+
8+
spring:
9+
security:
10+
user:
11+
name: user
12+
password: password
13+
oauth2:
14+
authorizationserver:
15+
client:
16+
oidc-client:
17+
registration:
18+
client-id: "oidc-client"
19+
client-secret: "{noop}secret"
20+
client-authentication-methods:
21+
- "client_secret_basic"
22+
authorization-grant-types:
23+
- "authorization_code"
24+
- "refresh_token"
25+
redirect-uris:
26+
- "http://127.0.0.1:15672/login/oauth2/code/oidc-client"
27+
post-logout-redirect-uris:
28+
- "http://127.0.0.1:15672/"
29+
scopes:
30+
- "openid"
31+
- "profile"
32+
require-authorization-consent: true

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy