Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.x OIDC #3240

Merged
merged 5 commits into from Mar 7, 2024
Merged

4.x OIDC #3240

merged 5 commits into from Mar 7, 2024

Conversation

grgrzybek
Copy link
Contributor

Here's a short description of the changes:

  • new AuthConfigurationServlet servlet (path /auth/config) that returns OIDC configuration, so client side know whether (or not) to use OIDC. Similar role to Keycloak servlet
  • AuthenticationConfiguration is prepared earlier - in HawtioContextListener, because it's needed both in AuthConfigurationServlet and ContentSecurityPolicyFilter
  • AuthenticationConfiguration contains additional fields read from properties file, related to OIDC configuration
  • new io.hawt.web.auth.oidc.OidcConfiguration containing everything needed for OIDC configuration
  • new io.hawt.web.auth.oidc.OidcLoginModule which is JAAS login module
  • new OIDC stuff has only one new dependency - NimbusDS JOSE library. It also needs existing httpclient4.
  • Nimbus JOSE is used to parse and validate OpenID Connect access tokens - for date validity and public key signature. Keys are obtained from jwks_uri endpoint
  • ContentSecurityPolicyFilter configuration is a bit better (IMO) - instead of using String.format(), it constructs proper Content-Security-Policy using lists

@grgrzybek
Copy link
Contributor Author

Sorry - my bad. I built/tested with JDK11 without Spring.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 26, 2024
edited

Test Results

  4 files  ±0    4 suites  ±0   12m 16s ⏱️ -6s
 60 tests ±0   59 ✅ ±0   1 💤 ±0  0 ❌ ±0 
244 runs  ±0  234 ✅ ±0  10 💤 ±0  0 ❌ ±0 

Results for commit e60997a. ± Comparison against base commit e646378.

♻️ This comment has been updated with latest results.

@hawtio-ci
Copy link

hawtio-ci bot commented Feb 26, 2024
edited

Test results

Run attempt: 1202
Detailed summary

NAME TESTS PASSED ✅ SKIPPED 💤 FAILED ❌ ERRORS 🚫 TIME 🕖
results-quarkus-17-firefox 61 59 2 0 0 181.989
results-quarkus-21-firefox 61 59 2 0 0 182.99
results-springboot-17-firefox 61 58 3 0 0 185.004
results-springboot-21-firefox 61 58 3 0 0 186.271

tadayosi
tadayosi approved these changes Feb 27, 2024
View reviewed changes
Copy link
Member

@tadayosi tadayosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastic job!

A few minor comments but otherwise all great to me.

hawtio-system/src/main/java/io/hawt/web/auth/AuthConfigurationServlet.java Outdated Show resolved Hide resolved
hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationConfiguration.java Show resolved Hide resolved
@tadayosi
Copy link
Member

tadayosi commented Mar 7, 2024

@grgrzybek Please resolve conflicts before merging. Also, do you already consider the remaining comment as resolved? We need to resolve all before merging a pull req as a repository rule.

@tadayosi tadayosi merged commit 90486f0 into 4.x Mar 7, 2024
10 checks passed
@grgrzybek grgrzybek deleted the 4.x-oidc branch March 7, 2024 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tadayosi tadayosi tadayosi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@grgrzybek @tadayosi