in server/src/main/java/org/eclipse/jifa/server/configurer/SecurityFilterConfigurer.java [65:141]
public SecurityFilterChain configure(HttpSecurity hs, UserService userService, JwtService jwtService,
@Nullable OAuth2ClientProperties oauth2ClientProperties) throws Exception {
hs.cors(cors -> {
})
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.requestCache(cache -> cache.requestCache(new NullRequestCache()));
hs.anonymous(customizer -> customizer.principal(Constant.ANONYMOUS_USERNAME).key(Constant.ANONYMOUS_KEY));
hs.authorizeHttpRequests(requests -> {
String prefix = HTTP_API_PREFIX;
requests.requestMatchers(prefix + HTTP_HEALTH_CHECK_MAPPING).permitAll();
requests.requestMatchers(prefix + HTTP_HANDSHAKE_MAPPING).permitAll();
requests.requestMatchers(prefix + HTTP_LOGIN_MAPPING).permitAll();
requests.requestMatchers(prefix + HTTP_USER_MAPPING).permitAll();
String apiMatchers = prefix + "/**";
if (!config.isAllowAnonymousAccess()) {
requests.requestMatchers(apiMatchers).authenticated();
}
requests.anyRequest().permitAll();
});
hs.authenticationProvider(new AuthenticationProvider() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();
try {
return userService.login(username, password);
} catch (Throwable t) {
throw new AuthenticationServiceException(t.getMessage(), t);
}
}
@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class == authentication;
}
});
if (oauth2ClientProperties != null && !oauth2ClientProperties.getRegistration().isEmpty()) {
hs.oauth2Login(oauth2 -> oauth2.successHandler((request, response, authentication) -> {
Cookie jifaToken = new Cookie(COOKIE_JIFA_TOKEN_KEY, userService.handleOauth2Login((OAuth2AuthenticationToken) authentication).getToken());
jifaToken.setPath("/");
jifaToken.setHttpOnly(false);
response.addCookie(jifaToken);
response.sendRedirect("/");
}));
}
DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
hs.oauth2ResourceServer(rs -> rs.jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(jwtService::convert))
.bearerTokenResolver(request -> {
String token = defaultBearerTokenResolver.resolve(request);
if (token == null) {
if (request.getRequestURI().matches(HTTP_API_PREFIX + "/files/\\d+/download")) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (COOKIE_JIFA_TOKEN_KEY.equals(cookie.getName())) {
token = cookie.getValue();
}
}
}
}
}
return token;
}));
hs.exceptionHandling(eh -> {
eh.authenticationEntryPoint(new BearerTokenAuthenticationEntryPoint());
eh.accessDeniedHandler(new BearerTokenAccessDeniedHandler());
});
return hs.build();
}