net.prasenjit.auth.config.OAuthConfig.java Source code

Java tutorial

  1. HOME
  2. Java
  3. net.prasenjit.auth.config.OAuthConfig.java

Introduction

Here is the source code for net.prasenjit.auth.config.OAuthConfig.java

Source

/*
 * Copyright (c) 2016 Prasenjit Purohit
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package net.prasenjit.auth.config;

import lombok.Data;
import net.prasenjit.auth.service.ClientService;
import net.prasenjit.auth.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ResourceLoader;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;

import java.util.Arrays;

/**
 * Created by PRASENJIT-NET on 4/3/2016.
 *
 * @author PRASEN
 * @version $Id: $Id
 */
@Configuration
@EnableAuthorizationServer
@EnableConfigurationProperties(OAuthConfig.JwtKey.class)
public class OAuthConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private UserService userService;
    @Autowired
    private ClientService clientService;
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private ResourceLoader resourceLoader;
    @Autowired
    private JwtKey jwtKey;
    @Autowired
    private TokenEnhancer tokenEnhancer;

    /**
     * {@inheritDoc}
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientService);
    }

    /** {@inheritDoc} */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(userAuthenticationManager()).tokenEnhancer(tokenEnhancer);
    }

    /**
     * <p>jwtAccessTokenConverter.</p>
     *
     * @return a {@link org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter} object.
     */
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        KeyStoreKeyFactory keyFactory = new KeyStoreKeyFactory(resourceLoader.getResource(jwtKey.getLocation()),
                jwtKey.getStorePassword());
        if (jwtKey.getPassword() != null) {
            converter.setKeyPair(keyFactory.getKeyPair(jwtKey.getAlias(), jwtKey.getPassword()));
        } else {
            converter.setKeyPair(keyFactory.getKeyPair(jwtKey.getAlias()));
        }
        return converter;
    }

    /** {@inheritDoc} */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }

    private AuthenticationManager userAuthenticationManager() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userService);
        provider.setPasswordEncoder(passwordEncoder);
        ProviderManager providerManager = new ProviderManager(Arrays.asList(provider));
        return providerManager;
    }

    @Data
    @ConfigurationProperties(prefix = "identity.oauth.jwt-key")
    public static class JwtKey {
        private String location;
        private char[] storePassword;
        private String alias;
        private char[] password;
    }
}