org.springframework.cloud.common.security.support.SecurityConfigUtils Java Examples

The following examples show how to use org.springframework.cloud.common.security.support.SecurityConfigUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CloudFoundryDataflowAuthoritiesMapper.java    From spring-cloud-dataflow with Apache License 2.0 6 votes vote down vote up
/**
 * The returned {@link List} of {@link GrantedAuthority}s contains all roles from
 * {@link CoreSecurityRoles}. The roles are prefixed with the value specified in
 * {@link GrantedAuthorityDefaults}.
 *
 * @param providerId Not used
 * @param scopes Not used
 * @param token Must not be null or empty.
 */
@Override
public Set<GrantedAuthority> mapScopesToAuthorities(String providerId, Set<String> scopes, String token) {
	if (cloudFoundrySecurityService.isSpaceDeveloper(token)) {
		final List<String> rolesAsStrings = new ArrayList<>();
		final Set<GrantedAuthority> grantedAuthorities = Stream.of(CoreSecurityRoles.values())
				.map(roleEnum -> {
					final String roleName = SecurityConfigUtils.ROLE_PREFIX + roleEnum.getKey();
					rolesAsStrings.add(roleName);
					return new SimpleGrantedAuthority(roleName);
				})
				.collect(Collectors.toSet());
		logger.info("Adding ALL roles {} to Cloud Foundry Space Developer user.",
				StringUtils.collectionToCommaDelimitedString(rolesAsStrings));
		return grantedAuthorities;
	}
	else {
		return Collections.emptySet();
	}
}
 
Example #2
Source File: CloudFoundryDataflowAuthoritiesExtractor.java    From spring-cloud-dataflow-server-cloudfoundry with Apache License 2.0 6 votes vote down vote up
/**
 * The returned {@link List} of {@link GrantedAuthority}s contains all roles from
 * {@link CoreSecurityRoles}. The roles are prefixed with the value specified in
 * {@link GrantedAuthorityDefaults}.
 *
 * @param map Must not be null. Is only used for logging
 */
@Override
public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
	Assert.notNull(map, "The map argument must not be null.");

	if (cloudFoundrySecurityService.isSpaceDeveloper()) {
		final List<String> rolesAsStrings = new ArrayList<>();
		final List<GrantedAuthority> grantedAuthorities = Stream.of(CoreSecurityRoles.values())
				.map(roleEnum -> {
					final String roleName = SecurityConfigUtils.ROLE_PREFIX + roleEnum.getKey();
					rolesAsStrings.add(roleName);
					return new SimpleGrantedAuthority(roleName);
				})
				.collect(Collectors.toList());
		logger.info("Adding ALL roles {} to Cloud Foundry Space Developer user {}",
				StringUtils.collectionToCommaDelimitedString(rolesAsStrings), map);
		return grantedAuthorities;
	}
	else {
		return new ArrayList<>(0);
	}
}
 
Example #3
Source File: SkipperOAuthSecurityConfiguration.java    From spring-cloud-skipper with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(SecurityConfigUtils.BASIC_AUTH_REALM_NAME);
	basicAuthenticationEntryPoint.afterPropertiesSet();

	if (opaqueTokenIntrospector != null) {
		BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
				providerManager(), basicAuthenticationEntryPoint);
		http.addFilter(basicAuthenticationFilter);
	}

	this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
	this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));

	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
			http.authorizeRequests()
					.antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
					.permitAll()
	.antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
	.authenticated();

	security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
	security.anyRequest().denyAll();

	http.httpBasic().and()
			.logout()
			.logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
			.and().csrf().disable()
			.exceptionHandling()
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"));

	if (opaqueTokenIntrospector != null) {
		http.oauth2ResourceServer()
			.opaqueToken()
				.introspector(opaqueTokenIntrospector());
	} else if (oAuth2ResourceServerProperties.getJwt().getJwkSetUri() != null) {
		http.oauth2ResourceServer()
			.jwt()
				.jwtAuthenticationConverter(grantedAuthoritiesExtractor());
	}

	this.securityStateBean.setAuthenticationEnabled(true);
}