GithubHelp home page GithubHelp logo

Comments (4)

wilkinsona avatar wilkinsona commented on April 28, 2024

Overloaded method oauth2ResourceServer() of org.springframework.security.config.annotation.web.builders.HttpSecurity with parameter org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties

Unfortunately, we can't do that as it would require Spring Security to depend on Spring Boot and we already have a dependency in the other direction.

Can you please take a step back and describe your goal in more detail? It would be very useful to see the code that you currently have to write to achieve your goal. From that we can then see what, if anything, Spring Boot may be able to do to make it easier.

from spring-boot.

lowcasz avatar lowcasz commented on April 28, 2024

I'm not sure it will works correctly, but I would like something like that:

properties.yaml

  security:
    tenants:
      cat:
        jwt:
          issuer-uri:  https://keycloak/auth/realms/cat
          jwk-set-uri: https://keycloak/auth/realms/cat/protocol/openid-connect/certs
      dog:
        jwt:
          issuer-uri:  https://keycloak/auth/realms/dog
          jwk-set-uri: https://keycloak/auth/realms/dog/protocol/openid-connect/certs

Properties class

@Value
@ConfigurationProperties("spring.security")
public class SecurityProperties {

    public SecurityProperties(
        String[] permitAll,
        String[] denyAll,
        User basic,
        Map<String, OAuth2ResourceServerProperties> tenants
    ) {
        this.permitAll = Optional.ofNullable(permitAll).orElse(new String[0]);
        this.denyAll = Optional.ofNullable(denyAll).orElse(new String[0]);
        this.basic= Optional.ofNullable(tech).orElse(new User("user", "password", List.of()));
        this.tenants = Optional.ofNullable(tenants).orElse(Map.of());
    }

    String[] permitAll;

    String[] denyAll;

    User basic;

    Map<String, OAuth2ResourceServerProperties> tenants;

}

Configuration

@Configuration
@RequiredArgsConstructor
public class SecurityConfiguration {

    private final SecurityProperties properties;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
        authenticationManagerBuilder.inMemoryAuthentication().withUser(properties.getTech());
        http
            .cors(withDefaults())
            .authorizeHttpRequests(config -> {
                    config
                        .requestMatchers(properties.getPermitAll()).permitAll()
                        .requestMatchers(properties.getDenyAll()).denyAll()
                        .anyRequest().authenticated();
                }
            )
            .securityMatcher("/tech/**").authenticationManager(authenticationManagerBuilder.build())
            .securityMatcher("**").oauth2ResourceServer(config -> config.jwt(withDefaults()));
        properties.getTenants().forEach((tenant, config) -> http
         .securityMatcher("/%s/**".formatted(tenant))
         .oauth2ResourceServer(config)
         );
        return http.build();
    }

}

from spring-boot.

wilkinsona avatar wilkinsona commented on April 28, 2024

As I said above, we can't have a Spring Security method (oauth2ResourceServer in this case) that depends on a Spring Boot type.

At this point, I'm afraid that a possible solution such as the one that you have sketched out above isn't what we're looking for. What I would like to see is the code that you have to write today to solve your problem. That will, hopefully, help us to understand what you're trying to do and we can then consider if it's something that we want to make easier and, if we do, start thinking about how we could do it.

from spring-boot.

spring-projects-issues avatar spring-projects-issues commented on April 28, 2024

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

from spring-boot.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.