Skip to content

Commit

Permalink
[GEOS-8824] Refactor up common bits of security configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@aaime
aaime committed Jul 5, 2018
1 parent 79fe494 commit 2abb201
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 115 deletions.
44 changes: 6 additions & 38 deletions ...onode/src/main/java/org/geoserver/security/oauth2/GeoNodeOAuth2SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,12 @@
*/
package org.geoserver.security.oauth2;

import java.util.Arrays;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;

/**
Expand Down Expand Up @@ -63,40 +53,18 @@ class GeoNodeOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfigur

@Bean(name = "geoNodeOAuth2Resource")
public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("geonode-oauth2-client");

details.setGrantType("authorization_code");
details.setAuthenticationScheme(AuthenticationScheme.header);
details.setClientAuthenticationScheme(AuthenticationScheme.form);
return super.geoServerOAuth2Resource();
}

return details;
@Override
protected String getDetailsId() {
return "geonode-oauth2-client";
}

/** Must have "session" scope */
@Bean(name = "geoNodeOauth2RestTemplate")
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public OAuth2RestTemplate geoServerOauth2RestTemplate() {

OAuth2RestTemplate oAuth2RestTemplate =
new OAuth2RestTemplate(
geoServerOAuth2Resource(),
new DefaultOAuth2ClientContext(getAccessTokenRequest()));

AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
new AuthorizationCodeAccessTokenProvider();
authorizationCodeAccessTokenProvider.setStateMandatory(false);

AccessTokenProvider accessTokenProviderChain =
new AccessTokenProviderChain(
Arrays.<AccessTokenProvider>asList(
authorizationCodeAccessTokenProvider,
new ImplicitAccessTokenProvider(),
new ResourceOwnerPasswordAccessTokenProvider(),
new ClientCredentialsAccessTokenProvider()));

oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);

return oAuth2RestTemplate;
return super.geoServerOauth2RestTemplate();
}
}
46 changes: 8 additions & 38 deletions ...github/src/main/java/org/geoserver/security/oauth2/GitHubOAuth2SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,15 @@
*/
package org.geoserver.security.oauth2;

import java.util.Arrays;
import java.util.List;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;

/**
Expand Down Expand Up @@ -73,42 +63,22 @@ class GitHubOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfigura

@Bean(name = "githubOAuth2Resource")
public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("github-oauth2-client");

details.setGrantType("authorization_code");
details.setAuthenticationScheme(AuthenticationScheme.header);
details.setClientAuthenticationScheme(AuthenticationScheme.form);
return super.geoServerOAuth2Resource();
}

return details;
@Override
protected String getDetailsId() {
return "github-oauth2-client";
}

/** Must have "session" scope */
@Bean(name = "githubOauth2RestTemplate")
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public OAuth2RestTemplate geoServerOauth2RestTemplate() {

OAuth2RestTemplate oAuth2RestTemplate =
new OAuth2RestTemplate(
geoServerOAuth2Resource(),
new DefaultOAuth2ClientContext(getAccessTokenRequest()));

AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
new AuthorizationCodeAccessTokenProvider();
authorizationCodeAccessTokenProvider.setStateMandatory(false);

AccessTokenProvider accessTokenProviderChain =
new AccessTokenProviderChain(
Arrays.<AccessTokenProvider>asList(
authorizationCodeAccessTokenProvider,
new ImplicitAccessTokenProvider(),
new ResourceOwnerPasswordAccessTokenProvider(),
new ClientCredentialsAccessTokenProvider()));

oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
List<HttpMessageConverter<?>> messageConverters = oAuth2RestTemplate.getMessageConverters();
OAuth2RestTemplate template = super.geoServerOauth2RestTemplate();
List<HttpMessageConverter<?>> messageConverters = template.getMessageConverters();
messageConverters.add(new MappingJackson2HttpMessageConverter());

return oAuth2RestTemplate;
return template;
}
}
40 changes: 3 additions & 37 deletions ...google/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,13 @@
*/
package org.geoserver.security.oauth2;

import java.util.Arrays;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;

/**
Expand Down Expand Up @@ -68,14 +59,9 @@ class GoogleOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfigura

@Bean(name = "googleOAuth2Resource")
public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("oauth2-client");

details.setGrantType("authorization_code");
AuthorizationCodeResourceDetails details =
(AuthorizationCodeResourceDetails) super.geoServerOAuth2Resource();
details.setTokenName("authorization_code");
details.setUseCurrentUri(false);
details.setAuthenticationScheme(AuthenticationScheme.query);
details.setClientAuthenticationScheme(AuthenticationScheme.form);

return details;
}
Expand All @@ -84,26 +70,6 @@ public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
@Bean(name = "googleOauth2RestTemplate")
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public OAuth2RestTemplate geoServerOauth2RestTemplate() {

OAuth2RestTemplate oAuth2RestTemplate =
new OAuth2RestTemplate(
geoServerOAuth2Resource(),
new DefaultOAuth2ClientContext(getAccessTokenRequest()));

AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
new AuthorizationCodeAccessTokenProvider();
authorizationCodeAccessTokenProvider.setStateMandatory(false);

AccessTokenProvider accessTokenProviderChain =
new AccessTokenProviderChain(
Arrays.<AccessTokenProvider>asList(
authorizationCodeAccessTokenProvider,
new ImplicitAccessTokenProvider(),
new ResourceOwnerPasswordAccessTokenProvider(),
new ClientCredentialsAccessTokenProvider()));

oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);

return oAuth2RestTemplate;
return super.geoServerOauth2RestTemplate();
}
}
54 changes: 52 additions & 2 deletions ...th2/src/main/java/org/geoserver/security/oauth2/GeoServerOAuth2SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,23 @@
*/
package org.geoserver.security.oauth2;

import java.util.Arrays;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.env.Environment;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.AuthenticationScheme;

/**
* Base OAuth2 Configuration Class. Each OAuth2 specific Extension must implement its own {@link
Expand Down Expand Up @@ -45,11 +55,51 @@ public void setAccessTokenRequest(AccessTokenRequest accessTokenRequest) {
}

/** Details for an OAuth2-protected resource. */
public abstract OAuth2ProtectedResourceDetails geoServerOAuth2Resource();
public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId(getDetailsId());

details.setGrantType("authorization_code");
details.setAuthenticationScheme(AuthenticationScheme.header);
details.setClientAuthenticationScheme(AuthenticationScheme.form);

return details;
}

/**
* Returns the details id for the AuthorizationCodeResourceDetails.
*
* @return
*/
protected String getDetailsId() {
return "oauth2-client";
}

/**
* Rest template that is able to make OAuth2-authenticated REST requests with the credentials of
* the provided resource.
*/
public abstract OAuth2RestTemplate geoServerOauth2RestTemplate();
public OAuth2RestTemplate geoServerOauth2RestTemplate() {

OAuth2RestTemplate oAuth2RestTemplate =
new OAuth2RestTemplate(
geoServerOAuth2Resource(),
new DefaultOAuth2ClientContext(getAccessTokenRequest()));

AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
new AuthorizationCodeAccessTokenProvider();
authorizationCodeAccessTokenProvider.setStateMandatory(false);

AccessTokenProvider accessTokenProviderChain =
new AccessTokenProviderChain(
Arrays.<AccessTokenProvider>asList(
authorizationCodeAccessTokenProvider,
new ImplicitAccessTokenProvider(),
new ResourceOwnerPasswordAccessTokenProvider(),
new ClientCredentialsAccessTokenProvider()));

oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);

return oAuth2RestTemplate;
}
}

0 comments on commit 2abb201

Please sign in to comment.