• Home
• com.c4-soft.springaddons
• spring-addons-starter-oidc
• 8.0-RC1
• source code
• SpringAddonsOidcProperties.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties Maven / Gradle / Ivy

package com.c4_soft.springaddons.security.oidc.starter.properties;

import java.net.URI;
import java.util.List;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.NestedConfigurationProperty;
import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
import lombok.Data;

/**
 * 

 * Configuration properties for OAuth2 auto-configuration extensions to
 * spring-boot-starter-oauth2-client and spring-boot-starter-oauth2-resource-server.
 * 
 * The following spring-boot standard properties are used:
 * 

 * 
spring.security.oauth2.client.provider.*
 * 
spring.security.oauth2.client.registration.*
 * 
spring.security.oauth2.resourceserver.opaquetoken.*
 * 
 * spring.security.oauth2.resourceserver.jwt.* properties are ignored. The reason for that is
 * it is applicable only to single tenant scenarios. Use properties
 *
 * @author Jerome Wacongne ch4mp@c4-soft.com
 */
@Data
@AutoConfiguration
@ConfigurationProperties(prefix = "com.c4-soft.springaddons.oidc")
public class SpringAddonsOidcProperties {

  /**
   * OpenID Providers configuration: JWK set URI, issuer URI, audience, and authorities mapping
   * configuration for each issuer. A minimum of one issuer is required. Properties defined here
   * are a replacement for spring.security.oauth2.resourceserver.jwt.* (which will be ignored).
   * Authorities mapping defined there is used by both client and resource server filter-chains.
   */
  private List ops = List.of();

  /**
   * Auto-configuration for an OAuth2 client (secured with session, not access token)
   * Security(Web)FilterChain with @Order(Ordered.LOWEST_PRECEDENCE - 1). Typical use-cases are
   * spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side
   * rendering framework. Default configuration includes: enabled sessions, CSRF protection,
   * "oauth2Login", "logout". securityMatchers must be set for this filter-chain @Bean and its
   * dependencies to be defined. Properties defined here are a complement for
   * spring.security.oauth2.client.* (which are required when enabling spring-addons client
   * filter-chain).
   */
  @NestedConfigurationProperty
  private SpringAddonsOidcClientProperties client = new SpringAddonsOidcClientProperties();

  /**
   * Auto-configuration for an OAuth2 resource server Security(Web)FilterChain with
   * @Order(LOWEST_PRECEDENCE). Typical use case is a REST API secured with access tokens.
   * Default configuration is as follow: no securityMatcher to process all the requests that were
   * not intercepted by higher @Order Security(Web)FilterChains, no session, disabled CSRF
   * protection, and 401 to unauthorized requests.
   */
  @NestedConfigurationProperty
  private SpringAddonsOidcResourceServerProperties resourceserver =
      new SpringAddonsOidcResourceServerProperties();

  private List cors = List.of();

  /**
   * OpenID Providers configuration. A minimum of one issuer is required. Properties defined here
   * are a replacement for spring.security.oauth2.resourceserver.jwt.* (which will be ignored).
   * Authorities mapping defined here is used by both client and resource server filter-chains.
   *
   * @author Jerome Wacongne ch4mp@c4-soft.com
   */
  @Data
  static public class OpenidProviderProperties {
    /**
     * 

     * Must be exactly the same as in access tokens (even trailing slash, if any, is important). In
     * case of doubt, open one of your access tokens with a tool like
     * https://jwt.io.
     * 

     */
    private URI iss;

    /**
     * Can be omitted if OpenID configuration can be retrieved from
     * ${iss}/.well-known/openid-configuration
     */
    private URI jwkSetUri;

    /**
     * Can be omitted. Will insert an audience validator if not null or empty
     */
    private String aud;

    /**
     * Authorities mapping configuration, per claim
     */
    private List authorities = List.of();

    /**
     * JSON path for the claim to use as "name" source
     */
    private String usernameClaim = StandardClaimNames.SUB;

    @Data
    public static class SimpleAuthoritiesMappingProperties {
      /**
       * JSON path of the claim(s) to map with this properties
       */
      private String path = "$.realm_access.roles";

      /**
       * What to prefix authorities with (for instance "ROLE_" or "SCOPE_")
       */
      private String prefix = "";

      /**
       * Whether to transform authorities to uppercase, lowercase, or to leave it unchanged
       */
      private Case caze = Case.UNCHANGED;

      public static enum Case {
        UNCHANGED, UPPER, LOWER
      }

    }
  }
}