Skip to content

Refactor authentication module#36

Merged
vlaurin merged 11 commits intomainfrom
refactor-auth
Mar 31, 2025
Merged

Refactor authentication module#36
vlaurin merged 11 commits intomainfrom
refactor-auth

Conversation

@vlaurin
Copy link
Copy Markdown
Contributor

@vlaurin vlaurin commented Mar 30, 2025
edited
Loading

  • Consistently adopt Spring Security's pattern of composable converters to allow fine-grained customisation of behaviour
  • Differentiate intent and purpose of authentication vs user details
  • Eliminate duplication between authentication and user details objects
  • Consolidate user-driven and client-driven authentications to reduce divergence:
    • Add support for extracting name claim for client-driven authentication
    • Add support for extracting roles claim for client-driven authentication
    • Add support for extracting groups claim for client-driven authentication
    • Provide UserInfo instance for client-driven authentication

vlaurin added 11 commits March 23, 2025 12:30
@vlaurin
Extract default organisation profiles
850e23f 
Relocate default profiles to class `OrganisationProfile` so that they are not affected by refactoring of `Authentication` classes
@vlaurin
Fix injection of account claim name
1ddc56f 
`ClaimNamesProvider` must be used to ensure claim prefix is applied.
@vlaurin
Drop Principal interface from UserInfo
de84788 
Principal is already represented by Spring's `Authentication` class
@vlaurin
Add test dependency org.mockito:mockito-junit-jupiter
7e28599
@vlaurin
Add JWT converters for all claims
cfd0078 
Follows Spring model of fine-grained converters with auto-configuration for easy substitution of conversion strategy for specific claims
@vlaurin
Add JSON UserInfo converter for legacy mode
8c5f6db 
This replaces `UserInfoExtractor` and `JsonClaimsParser` with an equivalent aligned with Spring's composable converters pattern
@vlaurin
Refactor UserInfo
67bad61 
- Shorten `Builder` name, avoid redundant name
- Capture account
- Return default organisation profile when profile not found
- Add singular builder methods for authorities, roles and groups
@vlaurin
Refactor QuickcaseAuthentication
980ddd2 
Instead of an abstract class with logic-driven implementations, turn `QuickcaseAuthentication` into a value-based class with final fields set via constructor.
The intent is to reduce the differences and unify behaviour as much as possible between user and client-based authentication.

At the same time, the structure of the authentication is also reviewed to better align with Spring Security's philosophy where the authentication class is exclusively intended
for Spring while the contained `UserDetails` (here `UserInfo`) is intended for the consuming applications.
Hence, all user-centric properties are now exclusively captured in `UserInfo` and `QuickcaseAuthentication` extends them with client-centric properties for the purpose of Spring Security.
@vlaurin
Refactor authentication converters
cf635d4
@vlaurin
Add missing auto-configuration conditions
bbceeed 
For auto-configuration to be overridable, all beans should have a condition on target bean missing
@vlaurin
Exclude Spring auto-configuration from coverage
d71239d 
Auto-configuration classes contains large number of lines which can't easily be tested and bring coverage down
@vlaurin vlaurin merged commit 1a7af4a into main Mar 31, 2025
2 checks passed
@vlaurin vlaurin deleted the refactor-auth branch March 31, 2025 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gbenadikar gbenadikar gbenadikar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vlaurin @gbenadikar