java source code of SecurityConfiguration

grpc-spring-boot-starter-master
- .github
  - ISSUE_TEMPLATE
    - question.md
    - feature_request.md
    - bug_report.md
  - workflows
    - pull-request.yml
    - build-master.yml
- grpc-server-spring-boot-autoconfigure
  - src
    - main
      - resources
        META-INF
        spring.factories
      - java
        net
        devh
        boot
        grpc
        server
        security
        check
        ManualGrpcSecurityMetadataSource.java
        AccessPredicates.java
        AccessPredicateVoter.java
        AbstractGrpcSecurityMetadataSource.java
        AccessPredicate.java
        GrpcSecurityMetadataSource.java
        package-info.java
        AccessPredicateConfigAttribute.java
        authentication
        X509CertificateAuthenticationProvider.java
        AnonymousAuthenticationReader.java
        SSLContextGrpcAuthenticationReader.java
        X509CertificateAuthentication.java
        BasicGrpcAuthenticationReader.java
        package-info.java
        GrpcAuthenticationReader.java
        CompositeGrpcAuthenticationReader.java
        BearerAuthenticationReader.java
        interceptors
        ExceptionTranslatingServerInterceptor.java
        AuthorizationCheckingServerInterceptor.java
        AuthenticatingServerInterceptor.java
        package-info.java
        AbstractAuthenticatingServerCallListener.java
        DefaultAuthenticatingServerInterceptor.java
        package-info.java
        serverfactory
        GrpcServerLifecycle.java
        InProcessGrpcServerFactory.java
        ShadedNettyGrpcServerFactory.java
        GrpcServerFactory.java
        NettyGrpcServerFactory.java
        package-info.java
        GrpcServerConfigurer.java
        AbstractGrpcServerFactory.java
        cloud
        package-info.java
        ConsulGrpcRegistrationCustomizer.java
        config
        ClientAuth.java
        package-info.java
        GrpcServerProperties.java
        service
        GrpcServiceDiscoverer.java
        AnnotationGrpcServiceDiscoverer.java
        GrpcService.java
        GrpcServiceDefinition.java
        package-info.java
        interceptor
        GlobalServerInterceptorRegistry.java
        GlobalServerInterceptorConfigurer.java
        OrderedServerInterceptor.java
        GrpcGlobalServerInterceptor.java
        package-info.java
        AnnotationGlobalServerInterceptorConfigurer.java
        metric
        MetricCollectingServerCall.java
        MetricCollectingServerCallListener.java
        MetricCollectingServerInterceptor.java
        package-info.java
        nameresolver
        package-info.java
        SelfNameResolverFactory.java
        SelfNameResolver.java
        scope
        GrpcRequestScope.java
        autoconfigure
        GrpcMetadataNacosConfiguration.java
        GrpcServerFactoryAutoConfiguration.java
        GrpcServerMetricAutoConfiguration.java
        GrpcMetadataConsulConfiguration.java
        package-info.java
        GrpcServerSecurityAutoConfiguration.java
        GrpcServerAutoConfiguration.java
        GrpcMetadataEurekaConfiguration.java
        GrpcServerTraceAutoConfiguration.java
        condition
        ConditionalOnInterprocessServer.java
    - test
      - java
        net
        devh
        boot
        grpc
        server
        config
        GrpcServerPropertiesConfig.java
        GrpcServerPropertiesNoUnitTest.java
        GrpcServerPropertiesGivenUnitTest.java
  - build.gradle
- testExamples.sh
- gradle
  - wrapper
    - gradle-wrapper.properties
    - gradle-wrapper.jar
- examples
  - cloud-eureka-server
    - src
      - main
        resources
        bootstrap.yml
        java
        net
        devh
        boot
        grpc
        examples
        cloud
        server
        EurekaServerApplication.java
    - build.gradle
  - security-grpc-server
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        security
        server
        GrpcServerService.java
        SecurityConfiguration.java
        SecurityGrpcServerApplication.java
    - build.gradle
  - grpc-lib
    - src
      - main
        proto
        helloworld.proto
    - build.gradle
  - security-grpc-client
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        security
        client
        SecurityGrpcClientApplication.java
        GrpcClientService.java
        SecurityConfiguration.java
        GrpcClientController.java
    - build.gradle
  - security-grpc-bearerAuth-client
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        security
        client
        GrpcClientService.java
        SecurityConfiguration.java
        SecurityBearerGrpcClientApplication.java
        GrpcClientController.java
    - build.gradle
  - cloud-grpc-server
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        cloud
        server
        GrpcServerService.java
        LogGrpcInterceptor.java
        CloudGrpcServerApplication.java
        GlobalInterceptorConfiguration.java
    - build.gradle
  - README.md
  - local-grpc-client
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        local
        client
        GrpcClientService.java
        LogGrpcInterceptor.java
        GrpcClientController.java
        LocalGrpcClientApplication.java
        GlobalClientInterceptorConfiguration.java
    - build.gradle
  - security-grpc-bearerAuth-server
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        security
        server
        GrpcServerService.java
        SecurityConfiguration.java
        SecurityBearerGrpcServerApplication.java
        KeyCloakGrantedAuthoritiesConverter.java
    - build.gradle
  - cloud-grpc-client
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        cloud
        client
        GrpcClientService.java
        LogGrpcInterceptor.java
        GrpcClientController.java
        CloudGrpcClientApplication.java
        GlobalClientInterceptorConfiguration.java
    - build.gradle
  - local-grpc-server
    - src
      - main
        resources
        application.yml
        java
        net
        devh
        boot
        grpc
        examples
        local
        server
        LocalGrpcServerApplication.java
        GrpcServerService.java
        LogGrpcInterceptor.java
        GlobalInterceptorConfiguration.java
    - build.gradle
- gradlew.bat
- grpc-common-spring-boot
  - src
    - main
      - resources
        META-INF
        spring.factories
      - java
        net
        devh
        boot
        grpc
        common
        security
        SecurityConstants.java
        package-info.java
        codec
        GrpcCodecDefinition.java
        GrpcCodec.java
        GrpcCodecDiscoverer.java
        package-info.java
        AnnotationGrpcCodecDiscoverer.java
        CodecType.java
        util
        InterceptorOrder.java
        package-info.java
        GrpcUtils.java
        metric
        MetricConstants.java
        MetricUtils.java
        AbstractMetricCollectingInterceptor.java
        package-info.java
        autoconfigure
        GrpcCommonTraceAutoConfiguration.java
        package-info.java
        GrpcCommonCodecAutoConfiguration.java
  - build.gradle
- LICENSE
- gradlew
- extra
  - spotless
    - mit-license.java
  - eclipse
    - eclipse-formatter.xml
    - eclipse.importorder
- CONTRIBUTING.md
- grpc-client-spring-boot-autoconfigure
  - src
    - main
      - resources
        META-INF
        services
        io.grpc.NameResolverProvider
        spring.factories
        additional-spring-configuration-metadata.json
      - java
        net
        devh
        boot
        grpc
        client
        security
        CallCredentialsHelper.java
        package-info.java
        inject
        StubTransformer.java
        GrpcClient.java
        package-info.java
        GrpcClientBeanPostProcessor.java
        channelfactory
        InProcessOrAlternativeChannelFactory.java
        AbstractChannelFactory.java
        InProcessChannelFactory.java
        ShadedNettyChannelFactory.java
        package-info.java
        GrpcChannelConfigurer.java
        GrpcChannelFactory.java
        NettyChannelFactory.java
        config
        NegotiationType.java
        GrpcChannelProperties.java
        GrpcChannelsProperties.java
        package-info.java
        interceptor
        GrpcGlobalClientInterceptor.java
        package-info.java
        AnnotationGlobalClientInterceptorConfigurer.java
        GlobalClientInterceptorRegistry.java
        OrderedClientInterceptor.java
        GlobalClientInterceptorConfigurer.java
        metric
        MetricCollectingClientInterceptor.java
        MetricCollectingClientCallListener.java
        package-info.java
        MetricCollectingClientCall.java
        nameresolver
        DiscoveryClientResolverFactory.java
        StaticNameResolver.java
        NameResolverRegistration.java
        StaticNameResolverProvider.java
        DiscoveryClientNameResolver.java
        package-info.java
        autoconfigure
        GrpcClientHealthAutoConfiguration.java
        GrpcClientSecurityAutoConfiguration.java
        GrpcClientMetricAutoConfiguration.java
        GrpcClientTraceAutoConfiguration.java
        package-info.java
        GrpcDiscoveryClientAutoConfiguration.java
        GrpcClientAutoConfiguration.java
    - test
      - java
        net
        devh
        boot
        grpc
        client
        config
        GrpcChannelPropertiesGlobalTest.java
        GrpcChannelPropertiesConfig.java
        GrpcChannelPropertiesGivenUnitTest.java
        GrpcChannelPropertiesNoUnitTest.java
  - build.gradle
- .gitattributes
- deploy.gradle
- private.key.enc
- build.gradle
- grpc-client-spring-boot-starter
  - build.gradle
- README.md
- tests
  - src
    - test
      - proto
        TestService.proto
      - resources
        logback-test.xml
        certificates
        trusted-clients-collection
        generateCertificates.sh
        trusted-servers-collection
        server.key
        client1.crt
        client1.key
        client2.key
        client2.crt
        server.crt
      - java
        net
        devh
        boot
        grpc
        test
        security
        AnnotatedSecurityWithCertificateTest.java
        ConcurrentSecurityTest.java
        AbstractSecurityTest.java
        ManualSecurityWithCertificateTest.java
        ManualSecurityWithBasicAuthTest.java
        AnnotatedSecurityWithBasicAuthTest.java
        AbstractSecurityWithBasicAuthTest.java
        inject
        GrpcClientInjectionTest.java
        codec
        BeanCodecTest.java
        IdentityCodecTest.java
        AbstractCodecTest.java
        CustomCodecTest.java
        GzipCodecTest.java
        setup
        SelfSignedMutualSetupTest.java
        OnlyInProcessServerTest.java
        BrokenClientSelfSignedMutualSetupTest.java
        AbstractSimpleServerClientTest.java
        SelfNameResolverConnectionTest.java
        InProcessSetupTest.java
        InterAndInProcessSetupTest.java
        PlaintextSetupTest.java
        InterAndInProcessSetup2Test.java
        AbstractBrokenServerClientTest.java
        NameResolverIPv4ConnectionTest.java
        CustomCiphersAndProtocolsSetupTest.java
        BrokenServerSelfSignedMutualSetupTest.java
        SelfSignedServerSetupTest.java
        NameResolverConnectionTest.java
        NameResolverIPv6ConnectionTest.java
        util
        GrpcAssertions.java
        TriConsumer.java
        RequireIPv6Condition.java
        FutureAssertions.java
        EnableOnIPv6.java
        DynamicTestCollection.java
        config
        WithCertificateSecurityConfiguration.java
        ServiceConfiguration.java
        AnnotatedSecurityConfiguration.java
        OrderedServerInterceptorConfiguration.java
        InProcessConfiguration.java
        WithBasicAuthSecurityConfiguration.java
        BaseAutoConfiguration.java
        ScopedServiceConfiguration.java
        OrderedClientInterceptorConfiguration.java
        ManualSecurityConfiguration.java
        MetricConfiguration.java
        interceptor
        OrderedClientInterceptorTest.java
        DefaultServerInterceptorTest.java
        OrderedServerInterceptorTest.java
        metric
        MetricCollectingClientInterceptorTest.java
        MetricFullAutoConfigurationTest.java
        MetricCollectingInterceptorTest.java
        MetricCustomAutoConfigurationTest.java
        MetricCollectingServerInterceptorTest.java
        MetricTestHelper.java
        MetricAutoConfigurationTest.java
        server
        ScopedTestServiceImpl.java
        TestServiceImpl.java
        scope
        GrpcRequestScopeTest.java
  - build.gradle
- crowdin.yml
- settings.gradle
- .gitignore
- docs
  - en
    - actuator.md
    - benchmarking.md
    - client
      - getting-started.md
      - configuration.md
      - security.md
      - testing.md
    - index.md
    - brave.md
    - versions.md
    - contributions.md
    - trouble-shooting.md
    - server
      - getting-started.md
      - configuration.md
      - contextual-data.md
      - security.md
      - testing.md
    - examples.md
  - _config.yml
  - index.md
  - zh-CN
    - actuator.md
    - benchmarking.md
    - client
      - getting-started.md
      - configuration.md
      - security.md
    - index.md
    - brave.md
    - versions.md
    - contributions.md
    - trouble-shooting.md
    - server
      - getting-started.md
      - configuration.md
      - contextual-data.md
      - security.md
      - testing.md
    - examples.md
  - assets
    - images
      - server-security.svg
      - client-project-setup.dot
      - client-project-setup.svg
      - server-project-setup.dot
      - server-security.graphml
      - server-project-setup.svg
    - css
      - style.scss
- grpc-server-spring-boot-starter
  - build.gradle
- README-zh-CN.md

/*
 * Copyright (c) 2016-2020 Michael Zhang <[email protected]>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
 * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
 * Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
 * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

package net.devh.boot.grpc.examples.security.server;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import net.devh.boot.grpc.server.security.authentication.BasicGrpcAuthenticationReader;
import net.devh.boot.grpc.server.security.authentication.GrpcAuthenticationReader;

/**
 * The security configuration. If you use spring security for web applications most of the stuff is already configured.
 *
 * @author Daniel Theuke ([email protected])
 */
@Configuration
// proxyTargetClass is required, if you use annotation driven security!
// However, you will receive a warning that GrpcServerService#bindService() method is final.
// You cannot avoid that warning (without massive amount of work), but it is safe to ignore it.
// The #bindService() method uses a reference to 'this', which will be used to invoke the methods.
// If the method is not final it will delegate to the original instance and thus it will bypass any security layer that
// you intend to add, unless you re-implement the #bindService() method on the outermost layer (which Spring does not).
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration {

    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);

    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(10);
    }

    @Bean
    // This could be your database lookup. There are some complete implementations in spring-security-web.
    UserDetailsService userDetailsService() {
        return username -> {
            log.debug("Searching user: {}", username);
            switch (username) {
                case "guest": {
                    return new User(username, passwordEncoder().encode(username + "Password"), Collections.emptyList());
                }
                case "user": {
                    final List<SimpleGrantedAuthority> authorities =
                            Arrays.asList(new SimpleGrantedAuthority("ROLE_GREET"));
                    return new User(username, passwordEncoder().encode(username + "Password"), authorities);
                }
                default: {
                    throw new UsernameNotFoundException("Could not find user!");
                }
            }
        };
    }

    @Bean
    // One of your authentication providers.
    // They ensure that the credentials are valid and populate the user's authorities.
    DaoAuthenticationProvider daoAuthenticationProvider() {
        final DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService());
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }

    @Bean
    // Add the authentication providers to the manager.
    AuthenticationManager authenticationManager() {
        final List<AuthenticationProvider> providers = new ArrayList<>();
        providers.add(daoAuthenticationProvider());
        return new ProviderManager(providers);
    }

    @Bean
    // Configure which authentication types you support.
    GrpcAuthenticationReader authenticationReader() {
        return new BasicGrpcAuthenticationReader();
        // final List<GrpcAuthenticationReader> readers = new ArrayList<>();
        // readers.add(new BasicGrpcAuthenticationReader());
        // readers.add(new SSLContextGrpcAuthenticationReader());
        // return new CompositeGrpcAuthenticationReader(readers);
    }

}