Authentication: No Authentication when using oauth-proxy

Because we choose to use oauth-proxy in front, when openshift is used, we need to disable all the Authentication due to is made in the proxy. Signed-off-by: Eloy Coto <eloy.coto@acalustra.com>
parodos-dev · Apr 21, 2023 · 975676f · 975676f
1 parent 4235b8e
commit 975676f
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 8 deletions.
diff --git a/...tion-service/src/main/java/com/redhat/parodos/notification/config/SecurityProperties.java b/...tion-service/src/main/java/com/redhat/parodos/notification/config/SecurityProperties.java
@@ -0,0 +1,14 @@
+package com.redhat.parodos.notification.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+import lombok.Data;
+
+@ConfigurationProperties(prefix = "spring.security")
+@ConfigurationPropertiesScan
+@Data
+public class SecurityProperties {
+
+	Boolean authentication;
+
+}
diff --git a/...service/src/main/java/com/redhat/parodos/notification/security/SecurityConfiguration.java b/...service/src/main/java/com/redhat/parodos/notification/security/SecurityConfiguration.java
@@ -17,6 +17,7 @@
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
+import com.redhat.parodos.notification.config.SecurityProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -48,11 +49,18 @@ public class SecurityConfiguration {
 	@Autowired
 	private LdapConnectionProperties ldapConnectionProperties;
 
+	@Autowired
+	private SecurityProperties securityProperties;
+
 	public HttpSecurity setHttpSecurity(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
 			.csrf()
 			.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+		if (!securityProperties.getAuthentication()) {
+			return http;
+		}
+
 		http
 			.authorizeRequests()
 			.mvcMatchers(HttpMethod.OPTIONS, "/**")
@@ -78,6 +86,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
 	@Autowired
 	public void configure(AuthenticationManagerBuilder auth) throws Exception {
+		if (!securityProperties.getAuthentication()) {
+			return;
+		}
 		// @formatter:off
 		auth.ldapAuthentication()
 			.userDnPatterns(this.ldapConnectionProperties.getUserDNPatterns())

diff --git a/notification-service/src/main/resources/application.yml b/notification-service/src/main/resources/application.yml
@@ -1,7 +1,6 @@
 spring:
   application:
     name: parodos-notification-service
-
   jackson:
     default-property-inclusion: non_null
   main:
@@ -10,6 +9,9 @@ spring:
     config:
       enabled: false
 
+  security:
+    authentication: ${PARODOS_AUTH:true}
+
 springdoc:
   writer-with-order-by-keys: true
   writer-with-default-pretty-printer: true

diff --git a/workflow-service/src/main/java/com/redhat/parodos/config/properties/SecurityProperties.java b/workflow-service/src/main/java/com/redhat/parodos/config/properties/SecurityProperties.java
@@ -0,0 +1,14 @@
+package com.redhat.parodos.config.properties;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+import lombok.Data;
+
+@ConfigurationProperties(prefix = "spring.security")
+@ConfigurationPropertiesScan
+@Data
+public class SecurityProperties {
+
+	Boolean authentication;
+
+}
diff --git a/workflow-service/src/main/java/com/redhat/parodos/security/SecurityConfiguration.java b/workflow-service/src/main/java/com/redhat/parodos/security/SecurityConfiguration.java
@@ -16,6 +16,7 @@
 package com.redhat.parodos.security;
 
 import com.redhat.parodos.config.properties.LdapConnectionProperties;
+import com.redhat.parodos.config.properties.SecurityProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -49,11 +50,17 @@ public class SecurityConfiguration {
 	@Autowired
 	private LdapConnectionProperties ldapConnectionProperties;
 
+	@Autowired
+	private SecurityProperties securityProperties;
+
 	public HttpSecurity setHttpSecurity(HttpSecurity http) throws Exception {
+		http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+
+		if (!this.securityProperties.getAuthentication()) {
+			return http;
+		}
+
 		// @formatter:off
-		http
-			.csrf()
-			.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
 		http
 			.authorizeRequests()
 			.mvcMatchers(HttpMethod.OPTIONS, "/**")
@@ -79,6 +86,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
 	@Autowired
 	public void configure(AuthenticationManagerBuilder auth) throws Exception {
+		if (!this.securityProperties.getAuthentication()) {
+			return;
+		}
 		// @formatter:off
 		auth.ldapAuthentication()
 			.userDnPatterns(this.ldapConnectionProperties.getUserDNPatterns())

diff --git a/workflow-service/src/main/resources/application.yml b/workflow-service/src/main/resources/application.yml
@@ -4,6 +4,8 @@ spring:
     title: Parodos Workflow Service
     version: 1.0.9-SNAPSHOT
 
+
+
   jackson:
     serialization:
       indent-output: true
@@ -39,10 +41,7 @@ spring:
     allow-bean-definition-overriding: true
 
   security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${keycloak_url:http://localhost:3434/realms/Parodos/protocol/openid-connect/certs}
+    authentication: ${PARODOS_AUTH:true}
 
   lifecycle:
     timeout-per-shutdown-phase: "25s"