Skip to content
This repository has been archived by the owner on Jul 23, 2024. It is now read-only.

Authentication: No Authentication when using oauth-proxy #266

Merged
merged 1 commit into from
Apr 21, 2023
Merged

Authentication: No Authentication when using oauth-proxy #266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions ...tion-service/src/main/java/com/redhat/parodos/notification/config/SecurityProperties.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package com.redhat.parodos.notification.config;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
import lombok.Data;

@ConfigurationProperties(prefix = "spring.security")
@ConfigurationPropertiesScan
@Data
public class SecurityProperties {

Boolean authentication;

}
11 changes: 11 additions & 0 deletions ...service/src/main/java/com/redhat/parodos/notification/security/SecurityConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

import static org.springframework.security.config.Customizer.withDefaults;

import com.redhat.parodos.notification.config.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand Down Expand Up @@ -48,11 +49,18 @@ public class SecurityConfiguration {
@Autowired
private LdapConnectionProperties ldapConnectionProperties;

@Autowired
private SecurityProperties securityProperties;

public HttpSecurity setHttpSecurity(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
if (!securityProperties.getAuthentication()) {
return http;
}

http
.authorizeRequests()
.mvcMatchers(HttpMethod.OPTIONS, "/**")
Expand All @@ -78,6 +86,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti

@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
if (!securityProperties.getAuthentication()) {
return;
}
// @formatter:off
auth.ldapAuthentication()
.userDnPatterns(this.ldapConnectionProperties.getUserDNPatterns())
Expand Down
4 changes: 3 additions & 1 deletion notification-service/src/main/resources/application.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
spring:
application:
name: parodos-notification-service

jackson:
default-property-inclusion: non_null
main:
Expand All @@ -10,6 +9,9 @@ spring:
config:
enabled: false

security:
authentication: ${PARODOS_AUTH:true}

springdoc:
writer-with-order-by-keys: true
writer-with-default-pretty-printer: true
Expand Down
14 changes: 14 additions & 0 deletions workflow-service/src/main/java/com/redhat/parodos/config/properties/SecurityProperties.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package com.redhat.parodos.config.properties;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
import lombok.Data;

@ConfigurationProperties(prefix = "spring.security")
@ConfigurationPropertiesScan
@Data
public class SecurityProperties {

Boolean authentication;

}
16 changes: 13 additions & 3 deletions workflow-service/src/main/java/com/redhat/parodos/security/SecurityConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package com.redhat.parodos.security;

import com.redhat.parodos.config.properties.LdapConnectionProperties;
import com.redhat.parodos.config.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand Down Expand Up @@ -49,11 +50,17 @@ public class SecurityConfiguration {
@Autowired
private LdapConnectionProperties ldapConnectionProperties;

@Autowired
private SecurityProperties securityProperties;

public HttpSecurity setHttpSecurity(HttpSecurity http) throws Exception {
http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

if (!this.securityProperties.getAuthentication()) {
return http;
}

// @formatter:off
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http
.authorizeRequests()
.mvcMatchers(HttpMethod.OPTIONS, "/**")
Expand All @@ -79,6 +86,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti

@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
if (!this.securityProperties.getAuthentication()) {
return;
}
// @formatter:off
auth.ldapAuthentication()
.userDnPatterns(this.ldapConnectionProperties.getUserDNPatterns())
Expand Down
7 changes: 3 additions & 4 deletions workflow-service/src/main/resources/application.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ spring:
title: Parodos Workflow Service
version: 1.0.8-SNAPSHOT



jackson:
serialization:
indent-output: true
Expand Down Expand Up @@ -39,10 +41,7 @@ spring:
allow-bean-definition-overriding: true

security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: ${keycloak_url:http://localhost:3434/realms/Parodos/protocol/openid-connect/certs}
authentication: ${PARODOS_AUTH:true}

lifecycle:
timeout-per-shutdown-phase: "25s"
Expand Down