Search in sources :

Example 6 with Requires

use of io.micronaut.context.annotation.Requires in project micronaut-gcp by micronaut-projects.

the class GoogleCredentialsFactory method defaultGoogleCredentials.

/**
 * Method used to return the default {@link GoogleCredentials} and provide it as a bean.
 *
 * It will determine which credential in the following way:
 * <ol>
 *     <li>If <pre>gcp.credentials.location</pre> is specified, use its location</li>
 *     <li>Otherwise, if <pre>gcp.credentials.encodedKey</pre> is specified, decode it and use its content</li>
 *     <li>None of the 2 properties were specified, use Application Default credential resolution. See
 *     <a href="https://github.com/googleapis/google-cloud-java#authentication">Google Cloud Java authentication</a>.
 *     This will resolve credential in the following order:
 *       <ol>
 *           <li>The credentials file pointed to by the <pre>GOOGLE_APPLICATION_CREDENTIALS</pre> environment variable</li>
 *           <li>Credentials provided by the Google Cloud SDK <pre>gcloud auth application-default login</pre> command</li>
 *           <li>Google App Engine built-in credentials when running inside of Google App Engine</li>
 *           <li>Google Cloud Shell built-in credentials when running inside of Google Cloud Shell</li>
 *           <li>Google Compute Engine built-in credentials when running inside of Google Compute Engine or Kubernetes Engine</li>
 *       </ol>
 *     </li>
 * </ol>
 *
 * @return The {@link GoogleCredentials}
 * @throws IOException An exception if an error occurs
 */
@Requires(missingBeans = GoogleCredentials.class)
@Requires(classes = com.google.auth.oauth2.GoogleCredentials.class)
@Primary
@Singleton
protected GoogleCredentials defaultGoogleCredentials() throws IOException {
    final List<String> scopes = configuration.getScopes().stream().map(URI::toString).collect(Collectors.toList());
    GoogleCredentials credentials;
    if (configuration.getLocation().isPresent() && configuration.getEncodedKey().isPresent()) {
        throw new ConfigurationException("Please specify only one of gcp.credentials.location or gcp.credentials.encodedKey");
    } else if (configuration.getLocation().isPresent()) {
        LOG.info("Google Credentials from gcp.credentials.location = " + configuration.getLocation());
        FileInputStream fis = new FileInputStream(configuration.getLocation().get());
        credentials = GoogleCredentials.fromStream(fis);
        fis.close();
    } else if (configuration.getEncodedKey().isPresent()) {
        LOG.info("Google Credentials from gcp.credentials.encodedKey");
        Base64.Decoder decoder = Base64.getDecoder();
        byte[] bytes = decoder.decode(configuration.getEncodedKey().get());
        ByteArrayInputStream is = new ByteArrayInputStream(bytes);
        credentials = GoogleCredentials.fromStream(is);
        is.close();
    } else {
        LOG.info("Google Credentials from Application Default Credentials");
        credentials = GoogleCredentials.getApplicationDefault();
    }
    return credentials.createScoped(scopes);
}
Also used : Base64(java.util.Base64) ConfigurationException(io.micronaut.context.exceptions.ConfigurationException) ByteArrayInputStream(java.io.ByteArrayInputStream) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) FileInputStream(java.io.FileInputStream) Requires(io.micronaut.context.annotation.Requires) Singleton(jakarta.inject.Singleton) Primary(io.micronaut.context.annotation.Primary)

Example 7 with Requires

use of io.micronaut.context.annotation.Requires in project micronaut-security by micronaut-projects.

the class OpenIdClientFactory method openIdClient.

/**
 * Creates an {@link OpenIdClient} from the provided parameters.
 *
 * @param openIdClientConfiguration The openid client configuration
 * @param clientConfiguration The client configuration
 * @param openIdProviderMetadata The open id provider metadata
 * @param authenticationMapper The user details mapper
 * @param redirectUrlBuilder The redirect URL builder
 * @param authorizationResponseHandler The authorization response handler
 * @param endSessionEndpointResolver The end session resolver
 * @param endSessionCallbackUrlBuilder The end session callback URL builder
 * @return The OpenID client, or null if the client configuration does not allow it
 */
@EachBean(OpenIdClientConfiguration.class)
@Requires(condition = OpenIdClientCondition.class)
@SuppressWarnings("java:S107")
DefaultOpenIdClient openIdClient(@Parameter OpenIdClientConfiguration openIdClientConfiguration, @Parameter OauthClientConfiguration clientConfiguration, @Parameter BeanProvider<DefaultOpenIdProviderMetadata> openIdProviderMetadata, @Parameter @Nullable OpenIdAuthenticationMapper authenticationMapper, AuthorizationRedirectHandler redirectUrlBuilder, OpenIdAuthorizationResponseHandler authorizationResponseHandler, EndSessionEndpointResolver endSessionEndpointResolver, EndSessionCallbackUrlBuilder endSessionCallbackUrlBuilder) {
    Supplier<OpenIdProviderMetadata> metadataSupplier = SupplierUtil.memoized(openIdProviderMetadata::get);
    EndSessionEndpoint endSessionEndpoint = null;
    if (openIdClientConfiguration.getEndSession().isEnabled()) {
        endSessionEndpoint = endSessionEndpointResolver.resolve(clientConfiguration, metadataSupplier, endSessionCallbackUrlBuilder).orElse(null);
    }
    return new DefaultOpenIdClient(clientConfiguration, metadataSupplier, authenticationMapper, redirectUrlBuilder, authorizationResponseHandler, beanContext, endSessionEndpoint);
}
Also used : EndSessionEndpoint(io.micronaut.security.oauth2.endpoint.endsession.request.EndSessionEndpoint) Requires(io.micronaut.context.annotation.Requires) EachBean(io.micronaut.context.annotation.EachBean)

Example 8 with Requires

use of io.micronaut.context.annotation.Requires in project micronaut-security by micronaut-projects.

the class JwksUriSignatureFactory method createJwksUriSignature.

/**
 * @param openIdProviderMetadata The open id provider metadata
 * @param jwkValidator JWK Validator
 * @return a {@link JwksSignature} pointed to the jwks_uri exposed via OpenID configuration
 */
@Requires(property = SecurityConfigurationProperties.PREFIX + ".authentication", value = "idtoken")
@EachBean(DefaultOpenIdProviderMetadata.class)
public JwksSignature createJwksUriSignature(@Parameter BeanProvider<DefaultOpenIdProviderMetadata> openIdProviderMetadata, JwkValidator jwkValidator) {
    JwksSignatureConfigurationProperties jwksSignatureConfiguration = new JwksSignatureConfigurationProperties();
    jwksSignatureConfiguration.setUrl(openIdProviderMetadata.get().getJwksUri());
    return new JwksSignature(jwksSignatureConfiguration, jwkValidator);
}
Also used : JwksSignature(io.micronaut.security.token.jwt.signature.jwks.JwksSignature) JwksSignatureConfigurationProperties(io.micronaut.security.token.jwt.signature.jwks.JwksSignatureConfigurationProperties) Requires(io.micronaut.context.annotation.Requires) EachBean(io.micronaut.context.annotation.EachBean)

Aggregations

Requires (io.micronaut.context.annotation.Requires)8 Singleton (javax.inject.Singleton)5 EachBean (io.micronaut.context.annotation.EachBean)2 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)1 BulkheadRegistry (io.github.resilience4j.bulkhead.BulkheadRegistry)1 ThreadPoolBulkheadRegistry (io.github.resilience4j.bulkhead.ThreadPoolBulkheadRegistry)1 CircuitBreakerRegistry (io.github.resilience4j.circuitbreaker.CircuitBreakerRegistry)1 RetryRegistry (io.github.resilience4j.retry.RetryRegistry)1 TimeLimiterRegistry (io.github.resilience4j.timelimiter.TimeLimiterRegistry)1 Primary (io.micronaut.context.annotation.Primary)1 ConfigurationException (io.micronaut.context.exceptions.ConfigurationException)1 EndSessionEndpoint (io.micronaut.security.oauth2.endpoint.endsession.request.EndSessionEndpoint)1 JwksSignature (io.micronaut.security.token.jwt.signature.jwks.JwksSignature)1 JwksSignatureConfigurationProperties (io.micronaut.security.token.jwt.signature.jwks.JwksSignatureConfigurationProperties)1 Singleton (jakarta.inject.Singleton)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileInputStream (java.io.FileInputStream)1 Base64 (java.util.Base64)1