avatic/lcc_tool
avatic/lcc_tool
1
0
Fork 0
Code Issues 31 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Added custom BearerTokenResolver to stop oauth2ResourceServer from evaluating requests with jwt token (API)

Browse source
This commit is contained in:
Jan 2025-10-30 16:37:52 +01:00
parent a3563449c8
commit 98e69164ed
1 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
src/main/java/de/avatic/lcc/config/SecurityConfig.java
View file

@ -4,6 +4,7 @@ import de.avatic.lcc.model.db.users.User;
import de.avatic.lcc.repositories.users.GroupRepository; import de.avatic.lcc.repositories.users.GroupRepository;
import de.avatic.lcc.repositories.users.UserRepository; import de.avatic.lcc.repositories.users.UserRepository;
import de.avatic.lcc.service.apps.JwtTokenService; import de.avatic.lcc.service.apps.JwtTokenService;
import io.jsonwebtoken.Claims;
import jakarta.servlet.FilterChain; import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@ -27,6 +28,7 @@ import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter; import org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.HttpStatusEntryPoint;
@ -76,6 +78,7 @@ public class SecurityConfig {
.defaultSuccessUrl("/", true) .defaultSuccessUrl("/", true)
) )
.oauth2ResourceServer(oauth2 -> oauth2 .oauth2ResourceServer(oauth2 -> oauth2
.bearerTokenResolver(bearerTokenResolver(jwtTokenService))
.jwt(jwt -> jwt .jwt(jwt -> jwt
.jwtAuthenticationConverter(jwtAuthenticationConverter()) .jwtAuthenticationConverter(jwtAuthenticationConverter())
) )
@ -280,6 +283,30 @@ public class SecurityConfig {
} }
@Bean
@Profile("!dev & !test")
public BearerTokenResolver bearerTokenResolver(JwtTokenService jwtTokenService) {
return request -> {
String authHeader = request.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Bearer ")) {
String token = authHeader.substring(7);
try {
Claims claims = jwtTokenService.validateToken(token);
String tokenType = claims.get("token_type", String.class);
if ("ext_app".equals(tokenType)) {
return null; // SelfIssuedJwtFilter behandelt es
}
} catch (Exception e) {
// Kein selbst ausgestelltes Token, weiter zur OAuth2 Validierung
}
return token;
}
return null;
};
}
public static final class LccCsrfTokenRequestHandler extends CsrfTokenRequestAttributeHandler { public static final class LccCsrfTokenRequestHandler extends CsrfTokenRequestAttributeHandler {
private final CsrfTokenRequestHandler delegate = new CsrfTokenRequestAttributeHandler(); private final CsrfTokenRequestHandler delegate = new CsrfTokenRequestAttributeHandler();