• Home
• com.github.bancolombia
• scaffold-clean-architecture
• 3.17.25
• source code
• authorization-jwt.java.mustache

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

entry-point.rest-mvc.authorization.authorization-jwt.mustache Maven / Gradle / Ivy

package {{package}}.api.config;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.JwtClaimValidator;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.web.SecurityFilterChain;
{{^lombok}}
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
{{/lombok}}
{{#lombok}}
import lombok.extern.log4j.Log4j2;
{{/lombok}}

import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

{{#lombok}}
@Log4j2
{{/lombok}}
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
public class AuthorizationJwt {

    {{^lombok}}
    private static final Logger log = LogManager.getLogger(AuthorizationJwt.class);
    {{/lombok}}
    private final String issuerUri;
    private final String clientId;
    private final String jsonExpRoles;
    private final ObjectMapper mapper;

    private static final String ROLE = "ROLE_";
    private static final String AZP = "azp";

    public AuthorizationJwt(@Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}") String issuerUri,
                             @Value("${spring.security.oauth2.resourceserver.jwt.client-id}") String clientId,
                             @Value("${jwt.json-exp-roles}") String jsonExpRoles,
                             ObjectMapper mapper) {
        this.issuerUri = issuerUri;
        this.clientId = clientId;
        this.jsonExpRoles = jsonExpRoles;
        this.mapper = mapper;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
                .oauth2ResourceServer(oauth2 ->
                        oauth2.jwt(jwtSpec ->
                                jwtSpec
                                .decoder(jwtDecoder())
                                .jwtAuthenticationConverter(grantedAuthoritiesExtractor())))
                .build();
    }

    public JwtDecoder jwtDecoder(){
        var defaultValidator = JwtValidators.createDefaultWithIssuer(issuerUri);
        var audienceValidator = new JwtClaimValidator(AZP,
                azp -> azp != null && !azp.isEmpty() && azp.contains(clientId));
        var tokenValidator = new DelegatingOAuth2TokenValidator<>(defaultValidator, audienceValidator);
        var jwtDecoder = NimbusJwtDecoder
                .withIssuerLocation(issuerUri)
                .build();
        jwtDecoder.setJwtValidator(tokenValidator);
        return jwtDecoder;
    }

    public JwtAuthenticationConverter grantedAuthoritiesExtractor(){
        var jwtConverter = new JwtAuthenticationConverter();
        jwtConverter.setJwtGrantedAuthoritiesConverter(jwt ->
                getRoles(jwt.getClaims(), jsonExpRoles)
                .stream()
                .map(ROLE::concat)
                .map(SimpleGrantedAuthority::new)
                .collect(Collectors.toList())
        );
        return jwtConverter;
    }

    private List getRoles(Map claims, String jsonExpClaim){
        List roles = List.of();
        try {
            var json = mapper.writeValueAsString(claims);
            var chunk = mapper.readTree(json)
                    .at(jsonExpClaim);
            return mapper.readerFor(new TypeReference>() {})
                    .readValue(chunk);
        } catch (IOException e) {
            log.error(e.getMessage());
            return roles;
        }
    }
}