diff --git a/api/build.gradle b/api/build.gradle index 9cdbae4f1..ca51f8b21 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -18,6 +18,7 @@ dependencies { implementation libs.spring.starter.actuator implementation libs.spring.starter.logging implementation libs.spring.starter.oauth2.client + implementation libs.spring.security.oauth2.resource.server implementation libs.spring.boot.actuator compileOnly libs.spring.boot.devtools diff --git a/api/src/main/java/io/kafbat/ui/config/auth/OAuthProperties.java b/api/src/main/java/io/kafbat/ui/config/auth/OAuthProperties.java index 7021be8d5..5c861b7e1 100644 --- a/api/src/main/java/io/kafbat/ui/config/auth/OAuthProperties.java +++ b/api/src/main/java/io/kafbat/ui/config/auth/OAuthProperties.java @@ -6,6 +6,7 @@ import java.util.Map; import java.util.Set; import lombok.Data; +import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.util.Assert; @@ -13,6 +14,7 @@ @Data public class OAuthProperties { private Map client = new HashMap<>(); + private OAuth2ResourceServerProperties resourceServer = null; @PostConstruct public void init() { diff --git a/api/src/main/java/io/kafbat/ui/config/auth/OAuthSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/OAuthSecurityConfig.java index 4794b83ca..1787ad847 100644 --- a/api/src/main/java/io/kafbat/ui/config/auth/OAuthSecurityConfig.java +++ b/api/src/main/java/io/kafbat/ui/config/auth/OAuthSecurityConfig.java @@ -14,6 +14,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties; import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper; +import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -62,6 +63,20 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, OAuthLogoutSucc .logout(spec -> spec.logoutSuccessHandler(logoutHandler)) .csrf(ServerHttpSecurity.CsrfSpec::disable); + if (properties.getResourceServer() != null) { + OAuth2ResourceServerProperties resourceServer = properties.getResourceServer(); + if (resourceServer.getJwt() != null) { + builder.oauth2ResourceServer((c) -> c.jwt((j) -> j.jwkSetUri(resourceServer.getJwt().getJwkSetUri()))); + } else if (resourceServer.getOpaquetoken() != null) { + OAuth2ResourceServerProperties.Opaquetoken opaquetoken = resourceServer.getOpaquetoken(); + builder.oauth2ResourceServer( + (c) -> c.opaqueToken( + (o) -> o.introspectionUri(opaquetoken.getIntrospectionUri()) + .introspectionClientCredentials(opaquetoken.getClientId(), opaquetoken.getClientSecret()) + ) + ); + } + } builder.addFilterAt(new StaticFileWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING); diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index e61bf538a..5a7e7f96f 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -66,6 +66,7 @@ spring-boot-devtools = { module = 'org.springframework.boot:spring-boot-devtools spring-boot-configuration-processor = { module = 'org.springframework.boot:spring-boot-configuration-processor', version.ref = 'spring-boot' } spring-security-ldap = { module = 'org.springframework.security:spring-security-ldap' } +spring-security-oauth2-resource-server = { module = 'org.springframework.security:spring-security-oauth2-resource-server'} swagger-integration-jakarta = { module = 'io.swagger.core.v3:swagger-integration-jakarta', version.ref = 'swagger-integration-jakarta' } lombok = { module = 'org.projectlombok:lombok', version.ref = 'lombok' }