Example 1 with OidcResourceServerModuleWebSecurityConfiguration
use of com.evolveum.midpoint.authentication.impl.module.configuration.OidcResourceServerModuleWebSecurityConfiguration in project midpoint by Evolveum.
the class OidcResourceServerModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof OidcAuthenticationModuleType)) {
LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
return null;
}
if (((OidcAuthenticationModuleType) moduleType).getResourceServer() == null) {
LOGGER.error("Resource configuration of OidcAuthenticationModuleType is null");
return null;
}
isSupportedChannel(authenticationChannel);
OidcResourceServerModuleWebSecurityConfiguration.setProtector(getProtector());
OidcResourceServerModuleWebSecurityConfiguration configuration = OidcResourceServerModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) moduleType, sequenceSuffix);
configuration.setSequenceSuffix(sequenceSuffix);
OidcResourceServerAuthenticationModuleType resourceServer = ((OidcAuthenticationModuleType) moduleType).getResourceServer();
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
if (resourceServer.getNameOfUsernameClaim() != null) {
jwtAuthenticationConverter.setPrincipalClaimName(resourceServer.getNameOfUsernameClaim());
}
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcResourceServerProvider(configuration.getDecoder(), jwtAuthenticationConverter)));
OidcResourceServerModuleWebSecurityConfigurer<OidcResourceServerModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new OidcResourceServerModuleWebSecurityConfigurer<>(configuration));
module.setObjectPostProcessor(getObjectObjectPostProcessor());
HttpSecurity http = module.getNewHttpSecurity();
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, resourceServer);
moduleAuthentication.setFocusType(moduleType.getFocusType());
SecurityFilterChain filter = http.build();
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
OidcResourceServerProvider(com.evolveum.midpoint.authentication.impl.provider.OidcResourceServerProvider)
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
JwtAuthenticationConverter(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter)
OidcResourceServerModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.OidcResourceServerModuleWebSecurityConfiguration)
Aggregations
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)1
OidcResourceServerModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.impl.module.configuration.OidcResourceServerModuleWebSecurityConfiguration)1
OidcResourceServerProvider (com.evolveum.midpoint.authentication.impl.provider.OidcResourceServerProvider)1
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)1
JwtAuthenticationConverter (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter)1
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)1
