java source code of SecurityConfiguration

Project: java-microservices-examples (GitHub Link)

java-microservices-examples-master
- jhipster
  - demo.adoc
  - blog
    - src
      - main
        resources
        i18n
        messages_en.properties
        messages.properties
        messages_fr.properties
        .h2.server.properties
        templates
        error.html
        config
        application.yml
        application-dev.yml
        application-prod.yml
        application-tls.yml
        bootstrap-prod.yml
        bootstrap.yml
        liquibase
        data
        post.csv
        tag.csv
        blog.csv
        changelog
        20190517145011_added_entity_constraints_Post.xml
        00000000000000_initial_schema.xml
        20190517145012_added_entity_Tag.xml
        20190517145011_added_entity_Post.xml
        20190517145010_added_entity_constraints_Blog.xml
        20190517145010_added_entity_Blog.xml
        master.xml
        tls
        keystore.p12
        logback-spring.xml
        banner.txt
        static
        index.html
        docker
        prometheus
        prometheus.yml
        sonar.yml
        app.yml
        postgresql.yml
        grafana
        provisioning
        datasources
        datasource.yml
        dashboards
        dashboard.yml
        JVM.json
        hazelcast-management-center.yml
        jhipster-registry.yml
        central-server-config
        docker-config
        application.yml
        localhost-config
        application.yml
        README.md
        monitoring.yml
        java
        com
        okta
        developer
        blog
        security
        AuthoritiesConstants.java
        SecurityUtils.java
        oauth2
        AuthorizationHeaderUtil.java
        AudienceValidator.java
        SpringSecurityAuditorAware.java
        package-info.java
        web
        rest
        vm
        ManagedUserVM.java
        package-info.java
        BlogResource.java
        PostResource.java
        TagResource.java
        package-info.java
        UserResource.java
        AuditResource.java
        errors
        FieldErrorVM.java
        ExceptionTranslator.java
        ErrorConstants.java
        package-info.java
        BadRequestAlertException.java
        client
        AuthorizedFeignClient.java
        TokenRelayRequestInterceptor.java
        OAuth2InterceptedFeignConfiguration.java
        config
        FeignConfiguration.java
        ApplicationProperties.java
        LoggingAspectConfiguration.java
        DatabaseConfiguration.java
        SecurityConfiguration.java
        audit
        package-info.java
        AuditEventConverter.java
        JacksonConfiguration.java
        DefaultProfileUtil.java
        Constants.java
        CacheConfiguration.java
        LocaleConfiguration.java
        package-info.java
        WebConfigurer.java
        LiquibaseConfiguration.java
        LoggingConfiguration.java
        AsyncConfiguration.java
        DateTimeFormatConfiguration.java
        CloudDatabaseConfiguration.java
        service
        UserService.java
        dto
        UserDTO.java
        package-info.java
        package-info.java
        AuditEventService.java
        mapper
        UserMapper.java
        package-info.java
        ApplicationWebXml.java
        aop
        logging
        LoggingAspect.java
        domain
        PersistentAuditEvent.java
        Blog.java
        AbstractAuditingEntity.java
        package-info.java
        Post.java
        Tag.java
        Authority.java
        User.java
        repository
        AuthorityRepository.java
        PersistenceAuditEventRepository.java
        BlogRepository.java
        CustomAuditEventRepository.java
        PostRepository.java
        package-info.java
        TagRepository.java
        UserRepository.java
        BlogApp.java
        jib
        entrypoint.sh
      - test
        resources
        logback.xml
        config
        application.yml
        bootstrap.yml
        java
        com
        okta
        developer
        blog
        security
        oauth2
        AudienceValidatorTest.java
        SecurityUtilsUnitTest.java
        web
        rest
        PostResourceIT.java
        BlogResourceIT.java
        TagResourceIT.java
        TestUtil.java
        UserResourceIT.java
        AuditResourceIT.java
        errors
        ExceptionTranslatorIT.java
        ExceptionTranslatorTestController.java
        config
        TestSecurityConfiguration.java
        timezone
        HibernateTimeZoneIT.java
        WebConfigurerTestController.java
        WebConfigurerTest.java
        service
        UserServiceIT.java
        mapper
        UserMapperIT.java
        repository
        timezone
        DateTimeWrapperRepository.java
        DateTimeWrapper.java
        CustomAuditEventRepositoryIT.java
    - .yo-rc.json
    - pom.xml
    - .prettierrc
    - mvnw
    - sonar-project.properties
    - .editorconfig
    - package-lock.json
    - .gitattributes
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - README.md
    - package.json
    - .jhipster
      - Post.json
      - Blog.json
      - Tag.json
    - .gitignore
    - .prettierignore
    - mvnw.cmd
  - gateway
    - .huskyrc
    - src
      - main
        resources
        i18n
        messages_en.properties
        messages.properties
        messages_fr.properties
        .h2.server.properties
        templates
        error.html
        config
        application.yml
        application-dev.yml
        application-prod.yml
        application-tls.yml
        bootstrap-prod.yml
        bootstrap.yml
        liquibase
        data
        user_authority.csv
        user.csv
        authority.csv
        changelog
        00000000000000_initial_schema.xml
        master.xml
        tls
        keystore.p12
        logback-spring.xml
        banner.txt
        docker
        prometheus
        prometheus.yml
        keycloak.yml
        sonar.yml
        app.yml
        realm-config
        jhipster-realm.json
        jhipster-users-0.json
        postgresql.yml
        grafana
        provisioning
        datasources
        datasource.yml
        dashboards
        dashboard.yml
        JVM.json
        jhipster-registry.yml
        central-server-config
        docker-config
        application.yml
        localhost-config
        application.yml
        README.md
        monitoring.yml
        java
        com
        okta
        developer
        gateway
        security
        AuthoritiesConstants.java
        SecurityUtils.java
        oauth2
        AuthorizationHeaderUtil.java
        AuthorizationHeaderFilter.java
        AudienceValidator.java
        SpringSecurityAuditorAware.java
        package-info.java
        GatewayApp.java
        gateway
        responserewriting
        SwaggerBasePathRewritingFilter.java
        accesscontrol
        AccessControlFilter.java
        ratelimiting
        RateLimitingFilter.java
        web
        rest
        GatewayResource.java
        LogoutResource.java
        vm
        ManagedUserVM.java
        package-info.java
        RouteVM.java
        package-info.java
        ClientForwardController.java
        UserResource.java
        AuditResource.java
        AccountResource.java
        errors
        FieldErrorVM.java
        ExceptionTranslator.java
        ErrorConstants.java
        package-info.java
        BadRequestAlertException.java
        client
        AuthorizedFeignClient.java
        TokenRelayRequestInterceptor.java
        OAuth2InterceptedFeignConfiguration.java
        config
        FeignConfiguration.java
        ApplicationProperties.java
        LoggingAspectConfiguration.java
        DatabaseConfiguration.java
        SecurityConfiguration.java
        audit
        package-info.java
        AuditEventConverter.java
        JacksonConfiguration.java
        DefaultProfileUtil.java
        Constants.java
        CacheConfiguration.java
        LocaleConfiguration.java
        package-info.java
        WebConfigurer.java
        LiquibaseConfiguration.java
        LoggingConfiguration.java
        GatewayConfiguration.java
        apidoc
        GatewaySwaggerResourcesProvider.java
        AsyncConfiguration.java
        DateTimeFormatConfiguration.java
        CloudDatabaseConfiguration.java
        service
        UserService.java
        dto
        UserDTO.java
        package-info.java
        package-info.java
        AuditEventService.java
        mapper
        UserMapper.java
        package-info.java
        ApplicationWebXml.java
        aop
        logging
        LoggingAspect.java
        domain
        PersistentAuditEvent.java
        AbstractAuditingEntity.java
        package-info.java
        Authority.java
        User.java
        repository
        AuthorityRepository.java
        PersistenceAuditEventRepository.java
        CustomAuditEventRepository.java
        package-info.java
        UserRepository.java
        jib
        entrypoint.sh
        webapp
        robots.txt
        i18n
        en
        global.json
        register.json
        activate.json
        sessions.json
        settings.json
        health.json
        error.json
        login.json
        storeProduct.json
        blogBlog.json
        blogTag.json
        gateway.json
        password.json
        audits.json
        blogPost.json
        logs.json
        configuration.json
        home.json
        reset.json
        metrics.json
        user-management.json
        fr
        global.json
        register.json
        activate.json
        sessions.json
        settings.json
        health.json
        error.json
        login.json
        storeProduct.json
        blogBlog.json
        blogTag.json
        gateway.json
        password.json
        audits.json
        blogPost.json
        logs.json
        configuration.json
        home.json
        reset.json
        metrics.json
        user-management.json
        content
        images
        jhipster_family_member_2.svg
        jhipster_family_member_0.svg
        jhipster_family_member_3.svg
        scss
        global.scss
        vendor.scss
        _bootstrap-variables.scss
        css
        loading.css
        manifest.webapp
        swagger-ui
        dist
        images
        throbber.gif
        index.html
        favicon.ico
        404.html
        WEB-INF
        web.xml
        index.html
        app
        home
        home.component.ts
        home.scss
        index.ts
        home.module.ts
        home.route.ts
        home.component.html
        app-routing.module.ts
        vendor.ts
        admin
        configuration
        configuration.component.ts
        configuration.route.ts
        configuration.component.html
        configuration.service.ts
        audits
        audits.component.html
        audits.component.ts
        audit-data.model.ts
        audits.route.ts
        audit.model.ts
        audits.service.ts
        health
        health-modal.component.ts
        health.component.html
        health.route.ts
        health-modal.component.html
        health.service.ts
        health.component.ts
        gateway
        gateway.component.ts
        gateway-route.model.ts
        gateway.component.html
        gateway.route.ts
        gateway-routes.service.ts
        index.ts
        admin.module.ts
        admin.route.ts
        logs
        logs.component.ts
        log.model.ts
        logs.component.html
        logs.service.ts
        logs.route.ts
        metrics
        metrics.route.ts
        metrics.component.ts
        metrics.component.html
        metrics.service.ts
        docs
        docs.route.ts
        docs.component.html
        docs.component.ts
        app.module.ts
        app.constants.ts
        polyfills.ts
        app.main.ts
        blocks
        config
        prod.config.ts
        uib-pagination.config.ts
        interceptor
        notification.interceptor.ts
        errorhandler.interceptor.ts
        auth-expired.interceptor.ts
        core
        language
        language.constants.ts
        language.helper.ts
        user
        user.model.ts
        user.service.ts
        account.model.ts
        index.ts
        auth
        account.service.ts
        csrf.service.ts
        auth-session.service.ts
        state-storage.service.ts
        user-route-access-service.ts
        core.module.ts
        login
        login.service.ts
        entities
        blog
        blog
        blog-update.component.html
        blog.component.html
        index.ts
        blog-update.component.ts
        blog-delete-dialog.component.ts
        blog.route.ts
        blog-detail.component.ts
        blog.service.ts
        blog.component.ts
        blog.module.ts
        blog-delete-dialog.component.html
        blog-detail.component.html
        post
        post-update.component.ts
        post.service.ts
        post.route.ts
        index.ts
        post-update.component.html
        post-detail.component.html
        post-detail.component.ts
        post-delete-dialog.component.html
        post-delete-dialog.component.ts
        post.module.ts
        post.component.ts
        post.component.html
        tag
        tag.component.ts
        tag.route.ts
        index.ts
        tag.component.html
        tag-update.component.html
        tag.module.ts
        tag-update.component.ts
        tag-delete-dialog.component.ts
        tag-detail.component.ts
        tag-delete-dialog.component.html
        tag-detail.component.html
        tag.service.ts
        entity.module.ts
        store
        product
        product.component.ts
        product.component.html
        product.service.ts
        product-detail.component.html
        index.ts
        product.route.ts
        product-delete-dialog.component.ts
        product-detail.component.ts
        product-update.component.ts
        product.module.ts
        product-update.component.html
        product-delete-dialog.component.html
        layouts
        main
        main.component.html
        main.component.ts
        footer
        footer.component.html
        footer.component.ts
        profiles
        profile-info.model.ts
        profile.service.ts
        page-ribbon.component.ts
        page-ribbon.scss
        error
        error.component.html
        error.component.ts
        error.route.ts
        index.ts
        navbar
        active-menu.directive.ts
        navbar.component.ts
        navbar.scss
        navbar.route.ts
        navbar.component.html
        shared
        language
        find-language-from-key.pipe.ts
        shared.module.ts
        index.ts
        shared-libs.module.ts
        util
        request-util.ts
        datepicker-adapter.ts
        alert
        alert.component.ts
        alert-error.component.ts
        constants
        error.constants.ts
        input.constants.ts
        pagination.constants.ts
        shared-common.module.ts
        auth
        has-any-authority.directive.ts
        model
        blog
        blog.model.ts
        post.model.ts
        tag.model.ts
        store
        product.model.ts
      - test
        resources
        logback.xml
        config
        application.yml
        bootstrap.yml
        javascript
        protractor.conf.js
        e2e
        admin
        administration.spec.ts
        page-objects
        jhi-page-objects.ts
        account
        account.spec.ts
        entities
        blog
        blog
        blog.spec.ts
        blog.page-object.ts
        post
        post.spec.ts
        post.page-object.ts
        tag
        tag.spec.ts
        tag.page-object.ts
        store
        product
        product.page-object.ts
        product.spec.ts
        jest.ts
        spec
        helpers
        mock-account.service.ts
        mock-route.service.ts
        mock-login.service.ts
        mock-language.service.ts
        mock-state-storage.service.ts
        mock-event-manager.service.ts
        mock-active-modal.service.ts
        mock-alert.service.ts
        spyobject.ts
        test.module.ts
        app
        admin
        configuration
        configuration.service.spec.ts
        configuration.component.spec.ts
        audits
        audits.component.spec.ts
        audits.service.spec.ts
        health
        health.component.spec.ts
        logs
        logs.component.spec.ts
        logs.service.spec.ts
        metrics
        metrics.component.spec.ts
        metrics.service.spec.ts
        core
        user
        account.service.spec.ts
        entities
        blog
        blog
        blog.component.spec.ts
        blog-update.component.spec.ts
        blog-detail.component.spec.ts
        blog.service.spec.ts
        blog-delete-dialog.component.spec.ts
        post
        post-delete-dialog.component.spec.ts
        post-update.component.spec.ts
        post.service.spec.ts
        post.component.spec.ts
        post-detail.component.spec.ts
        tag
        tag.service.spec.ts
        tag-detail.component.spec.ts
        tag.component.spec.ts
        tag-delete-dialog.component.spec.ts
        tag-update.component.spec.ts
        store
        product
        product.service.spec.ts
        product-update.component.spec.ts
        product-delete-dialog.component.spec.ts
        product.component.spec.ts
        product-detail.component.spec.ts
        layouts
        main
        main.component.spec.ts
        jest-global-mocks.ts
        jest.conf.js
        java
        com
        okta
        developer
        gateway
        security
        oauth2
        AudienceValidatorTest.java
        SecurityUtilsUnitTest.java
        gateway
        responserewriting
        SwaggerBasePathRewritingFilterTest.java
        web
        rest
        ClientForwardControllerIT.java
        TestUtil.java
        AccountResourceIT.java
        LogoutResourceIT.java
        UserResourceIT.java
        AuditResourceIT.java
        errors
        ExceptionTranslatorIT.java
        ExceptionTranslatorTestController.java
        config
        TestSecurityConfiguration.java
        timezone
        HibernateTimeZoneIT.java
        WebConfigurerTestController.java
        WebConfigurerTest.java
        service
        UserServiceIT.java
        mapper
        UserMapperIT.java
        repository
        timezone
        DateTimeWrapperRepository.java
        DateTimeWrapper.java
        CustomAuditEventRepositoryIT.java
    - .yo-rc.json
    - pom.xml
    - .prettierrc
    - mvnw
    - tslint.json
    - postcss.config.js
    - proxy.conf.json
    - sonar-project.properties
    - .editorconfig
    - .gitattributes
    - tsconfig-aot.json
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - README.md
    - package.json
    - .jhipster
      - Product.json
      - Post.json
      - Blog.json
      - Tag.json
    - angular.json
    - webpack
      - webpack.dev.js
      - webpack.prod.js
      - webpack.common.js
      - utils.js
    - tsconfig.json
    - .gitignore
    - .prettierignore
    - mvnw.cmd
  - pom.xml
  - apps.jh
  - store
    - src
      - main
        resources
        i18n
        messages_en.properties
        messages.properties
        messages_fr.properties
        templates
        error.html
        config
        application.yml
        application-dev.yml
        application-prod.yml
        application-tls.yml
        bootstrap-prod.yml
        bootstrap.yml
        tls
        keystore.p12
        logback-spring.xml
        banner.txt
        static
        index.html
        docker
        prometheus
        prometheus.yml
        sonar.yml
        mongodb.yml
        app.yml
        grafana
        provisioning
        datasources
        datasource.yml
        dashboards
        dashboard.yml
        JVM.json
        hazelcast-management-center.yml
        jhipster-registry.yml
        central-server-config
        docker-config
        application.yml
        localhost-config
        application.yml
        README.md
        monitoring.yml
        mongodb
        MongoDB.Dockerfile
        scripts
        init_replicaset.js
        mongodb-cluster.yml
        java
        com
        okta
        developer
        store
        security
        AuthoritiesConstants.java
        SecurityUtils.java
        oauth2
        AuthorizationHeaderUtil.java
        AudienceValidator.java
        SpringSecurityAuditorAware.java
        package-info.java
        web
        rest
        vm
        ManagedUserVM.java
        package-info.java
        ProductResource.java
        package-info.java
        UserResource.java
        AuditResource.java
        errors
        FieldErrorVM.java
        ExceptionTranslator.java
        ErrorConstants.java
        package-info.java
        BadRequestAlertException.java
        client
        AuthorizedFeignClient.java
        TokenRelayRequestInterceptor.java
        OAuth2InterceptedFeignConfiguration.java
        config
        FeignConfiguration.java
        ApplicationProperties.java
        LoggingAspectConfiguration.java
        DatabaseConfiguration.java
        SecurityConfiguration.java
        audit
        package-info.java
        AuditEventConverter.java
        JacksonConfiguration.java
        DefaultProfileUtil.java
        Constants.java
        CacheConfiguration.java
        LocaleConfiguration.java
        dbmigrations
        package-info.java
        InitialSetupMigration.java
        package-info.java
        WebConfigurer.java
        LoggingConfiguration.java
        AsyncConfiguration.java
        DateTimeFormatConfiguration.java
        CloudDatabaseConfiguration.java
        service
        UserService.java
        dto
        UserDTO.java
        package-info.java
        package-info.java
        AuditEventService.java
        mapper
        UserMapper.java
        package-info.java
        ApplicationWebXml.java
        aop
        logging
        LoggingAspect.java
        domain
        Product.java
        PersistentAuditEvent.java
        AbstractAuditingEntity.java
        package-info.java
        Authority.java
        User.java
        StoreApp.java
        repository
        AuthorityRepository.java
        PersistenceAuditEventRepository.java
        CustomAuditEventRepository.java
        package-info.java
        ProductRepository.java
        UserRepository.java
        jib
        entrypoint.sh
      - test
        resources
        logback.xml
        config
        application.yml
        bootstrap.yml
        java
        com
        okta
        developer
        store
        security
        oauth2
        AudienceValidatorTest.java
        SecurityUtilsUnitTest.java
        web
        rest
        ProductResourceIT.java
        TestUtil.java
        UserResourceIT.java
        AuditResourceIT.java
        errors
        ExceptionTranslatorIT.java
        ExceptionTranslatorTestController.java
        config
        TestSecurityConfiguration.java
        WebConfigurerTestController.java
        WebConfigurerTest.java
        service
        UserServiceIT.java
        mapper
        UserMapperIT.java
        repository
        CustomAuditEventRepositoryIT.java
    - .yo-rc.json
    - pom.xml
    - .prettierrc
    - mvnw
    - sonar-project.properties
    - .editorconfig
    - package-lock.json
    - .gitattributes
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - README.md
    - package.json
    - .jhipster
      - Product.json
    - .gitignore
    - .prettierignore
    - mvnw.cmd
  - docker-compose
    - keycloak.yml
    - .yo-rc.json
    - realm-config
      - jhipster-realm.json
      - jhipster-users-0.json
    - README-DOCKER-COMPOSE.md
    - jhipster-registry.yml
    - central-server-config
      - application.yml
    - docker-compose.yml
- LICENSE
- spring-boot+cloud
  - demo.adoc
  - car-service
    - src
      - main
        resources
        application.properties
        java
        com
        example
        carservice
        HomeController.java
        CarServiceApplication.java
      - test
        java
        com
        example
        carservice
        CarServiceApplicationTests.java
    - pom.xml
    - mvnw
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - .gitignore
    - mvnw.cmd
  - pom.xml
  - api-gateway
    - src
      - main
        resources
        application.properties
        java
        com
        example
        apigateway
        ApiGatewayApplication.java
        AuthorizationHeaderFilter.java
        UserFeignClientInterceptor.java
      - test
        java
        com
        example
        apigateway
        ApiGatewayApplicationTests.java
    - pom.xml
    - mvnw
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - .gitignore
    - mvnw.cmd
  - discovery-service
    - src
      - main
        resources
        application.properties
        java
        com
        example
        discoveryservice
        EurekaServiceApplication.java
      - test
        java
        com
        example
        discoveryservice
        EurekaServiceApplicationTests.java
    - pom.xml
    - mvnw
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - .gitignore
    - mvnw.cmd
- spring-cloud-gateway
  - demo.adoc
  - car-service
    - src
      - main
        resources
        application.properties
        java
        com
        example
        carservice
        SecurityConfiguration.java
        CarServiceApplication.java
      - test
        java
        com
        example
        carservice
        CarServiceApplicationTests.java
    - pom.xml
    - mvnw
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - .gitignore
    - mvnw.cmd
  - pom.xml
  - api-gateway
    - src
      - main
        resources
        application.properties
        java
        com
        example
        apigateway
        ApiGatewayApplication.java
        SecurityConfiguration.java
      - test
        resources
        logback.xml
        java
        com
        example
        apigateway
        ApiGatewayApplicationTests.java
    - pom.xml
    - mvnw
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - .gitignore
    - mvnw.cmd
  - discovery-service
    - src
      - main
        resources
        application.properties
        java
        com
        example
        discoveryservice
        EurekaServiceApplication.java
      - test
        java
        com
        example
        discoveryservice
        EurekaServiceApplicationTests.java
    - pom.xml
    - mvnw
    - .mvn
      - wrapper
        maven-wrapper.jar
        MavenWrapperDownloader.java
        maven-wrapper.properties
    - .gitignore
    - mvnw.cmd
- README.md
- .gitignore

package com.okta.developer.store.config;

import com.okta.developer.store.security.*;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import com.okta.developer.store.security.oauth2.AudienceValidator;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.*;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Value("${spring.security.oauth2.client.provider.oidc.issuer-uri}")
    private String issuerUri;
    private final SecurityProblemSupport problemSupport;

    public SecurityConfiguration(SecurityProblemSupport problemSupport) {
        this.problemSupport = problemSupport;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .csrf()
            .disable()
            .exceptionHandling()
            .accessDeniedHandler(problemSupport)
        .and()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/api/auth-info").permitAll()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/info").permitAll()
            .antMatchers("/management/prometheus").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .and()
            .oauth2ResourceServer().jwt();
        // @formatter:on
    }

    /**
     * Map authorities from "groups" or "roles" claim in ID Token.
     *
     * @return a {@link GrantedAuthoritiesMapper} that maps groups from
     * the IdP to Spring Security Authorities.
     */
    @Bean
    @SuppressWarnings("unchecked")
    public GrantedAuthoritiesMapper userAuthoritiesMapper() {
        return (authorities) -> {
            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();

            authorities.forEach(authority -> {
                OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
                OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
                Collection<String> groups = (Collection<String>) userInfo.getClaims().get("groups");
                if (groups == null) {
                    groups = (Collection<String>) userInfo.getClaims().get("roles");
                }
                mappedAuthorities.addAll(groups.stream()
                    .filter(group -> group.startsWith("ROLE_"))
                    .map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
            });

            return mappedAuthorities;
        };
    }

    @Bean
    JwtDecoder jwtDecoder() {
        NimbusJwtDecoderJwkSupport jwtDecoder = (NimbusJwtDecoderJwkSupport)
            JwtDecoders.fromOidcIssuerLocation(issuerUri);

        OAuth2TokenValidator<Jwt> audienceValidator = new AudienceValidator();
        OAuth2TokenValidator<Jwt> withIssuer = JwtValidators.createDefaultWithIssuer(issuerUri);
        OAuth2TokenValidator<Jwt> withAudience = new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator);

        jwtDecoder.setJwtValidator(withAudience);

        return jwtDecoder;
    }
}