au.csiro.pathling.security.ga4gh.PassportDecoderBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of fhir-server Show documentation
Show all versions of fhir-server Show documentation
A server that exposes Pathling functionality through a FHIR API.
/*
* Copyright 2023 Commonwealth Scientific and Industrial Research
* Organisation (CSIRO) ABN 41 687 119 230.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package au.csiro.pathling.security.ga4gh;
import au.csiro.pathling.config.AuthorizationConfiguration;
import au.csiro.pathling.config.ServerConfiguration;
import au.csiro.pathling.security.OidcConfiguration;
import au.csiro.pathling.security.PathlingJwtDecoderBuilder;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import org.springframework.context.annotation.Profile;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
import org.springframework.stereotype.Component;
/**
* @author John Grimes
*/
@Component
@Profile("server & ga4gh")
public class PassportDecoderBuilder extends PathlingJwtDecoderBuilder {
/**
* @param oidcConfiguration configuration used to instantiate the builder
*/
public PassportDecoderBuilder(@Nonnull final OidcConfiguration oidcConfiguration) {
super(oidcConfiguration);
}
@Override
public JwtDecoder build(@Nonnull final ServerConfiguration configuration) {
final AuthorizationConfiguration auth = getAuthConfiguration(configuration);
// The passport decoder is the same as the regular Pathling decoder with the exception that the
// audience claim is not required.
final List> validators = new ArrayList<>();
auth.getIssuer().ifPresent(i -> validators.add(new JwtIssuerValidator(i)));
return buildDecoderWithValidators(validators);
}
}