[HAWNG-151] Less confusing JAAS configuration

hawtio · Mar 7, 2024 · 90486f0 · 90486f0
1 parent 7396b92
commit 90486f0
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 3 deletions.
diff --git a/hawtio-system/src/main/java/io/hawt/web/auth/AuthConfigurationServlet.java b/hawtio-system/src/main/java/io/hawt/web/auth/AuthConfigurationServlet.java
@@ -52,7 +52,6 @@ public void init() throws ServletException {
         }
 
         oidcConfiguration = authConfig.getOidcConfiguration();
-        authConfig.setConfiguration(oidcConfiguration);
         enabled = oidcConfiguration.isEnabled();
     }
 

diff --git a/hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationConfiguration.java b/hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationConfiguration.java
@@ -128,6 +128,8 @@ public class AuthenticationConfiguration {
     private Configuration configuration;
 
     private final ConfigManager configManager;
+    // OidcConfiguration implements javax.security.auth.login.Configuration, but let's keep it separate from
+    // this.configuration field
     private OidcConfiguration oidcConfiguration;
 
     private AuthenticationConfiguration(ServletContext servletContext) {
@@ -273,6 +275,7 @@ public void configureOidc() {
                 props.load(is);
                 this.oidcConfiguration = new OidcConfiguration(props);
                 this.oidcConfiguration.setRolePrincipalClasses(this.rolePrincipalClasses);
+                this.configuration = this.oidcConfiguration;
             } catch (IOException e) {
                 LOG.warn("Couldn't read OIDC configuration file", e);
             } finally {

diff --git a/hawtio-system/src/main/java/io/hawt/web/auth/oidc/OidcConfiguration.java b/hawtio-system/src/main/java/io/hawt/web/auth/oidc/OidcConfiguration.java
@@ -658,6 +658,7 @@ private boolean booleanProperty(Properties props, String key, boolean defaultVal
     public void setRolePrincipalClasses(String rolePrincipalClasses) {
         if (rolePrincipalClasses == null || rolePrincipalClasses.isBlank()) {
             this.rolePrincipalClasses = new String[0];
+            this.roleClass = RolePrincipal.class;
         } else {
             this.rolePrincipalClasses = rolePrincipalClasses.split("\\s*,\\s*");
             Class<?> roleClass = null;

diff --git a/hawtio-system/src/test/resources/hawtio-oidc.properties b/hawtio-system/src/test/resources/hawtio-oidc.properties
@@ -1,6 +1,7 @@
 # OpenID Connect configuration requred at client side
 
-# URL of OpenID Connect Provider
+# URL of OpenID Connect Provider - the URL after which ".well-known/openid-configuration" can be appended for
+# discovery purposes
 provider = https://login.microsoftonline.com/00000000-1111-2222-3333-444444444444/v2.0
 # OpenID client identifier
 client_id = 00000000-1111-2222-3333-444444444444
@@ -46,7 +47,7 @@ http.readTimeout = 10000
 # HTTP proxy to use when connecting to OpenID Connect provider
 #http.proxyURL = http://127.0.0.1:3128
 
-# TLS configuration (system properties can be used, e.g., "${catalina.home}/conf/hawtio-oidc.properties"
+# TLS configuration (system properties can be used, e.g., "${catalina.home}/conf/hawtio.jks")
 
 ssl.protocol = TLSv1.3
 ssl.truststore = src/test/resources/hawtio.jks