DMC/oauth2-authorization-server
0
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Provide an embedded Docker container for local development #1

Merged
ansv7779 merged 10 commits from docker into main 2025-03-26 18:51:21 +01:00
Conversation 0 Commits 10 Files Changed 13 +13
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 220a8a454d - Show all commits

6
src/main/java/se/su/dsv/oauth2/AuthorizationServer.java
View File

@ -24,6 +24,7 @@ import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.AuthorizationFilter; import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter; import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher; import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import se.su.dsv.oauth2.shibboleth.Entitlement; import se.su.dsv.oauth2.shibboleth.Entitlement;
import se.su.dsv.oauth2.shibboleth.ShibbolethAuthenticationDetailsSource; import se.su.dsv.oauth2.shibboleth.ShibbolethAuthenticationDetailsSource;
@ -153,6 +154,11 @@ public class AuthorizationServer extends SpringBootServletInitializer {
// Using a custom authentication details source to extract the Shibboleth attributes // Using a custom authentication details source to extract the Shibboleth attributes
// and convert them to the relevant Spring Security objects. // and convert them to the relevant Spring Security objects.
object.setAuthenticationDetailsSource(new ShibbolethAuthenticationDetailsSource()); object.setAuthenticationDetailsSource(new ShibbolethAuthenticationDetailsSource());
// Prevent session creation
// It can cause conflicts when running on the same host as an embedded docker container
// as it overwrites the session cookie (it does not factor in port)
object.setSecurityContextRepository(new RequestAttributeSecurityContextRepository());
return object; return object;
} }
}; };

7
src/main/java/se/su/dsv/oauth2/shibboleth/ShibbolethConfigurer.java
View File

@ -7,6 +7,7 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService; import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter; import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter; import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
public class ShibbolethConfigurer extends AbstractHttpConfigurer<ShibbolethConfigurer, HttpSecurity> { public class ShibbolethConfigurer extends AbstractHttpConfigurer<ShibbolethConfigurer, HttpSecurity> {
@Override @Override
@ -24,6 +25,12 @@ public class ShibbolethConfigurer extends AbstractHttpConfigurer<ShibbolethConfi
filter.setAuthenticationDetailsSource(new ShibbolethAuthenticationDetailsSource()); filter.setAuthenticationDetailsSource(new ShibbolethAuthenticationDetailsSource());
filter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy()); filter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
// Do not create a session.
// 1) it is not necessary
// 2) it can cause conflicts when running on the same host as an embedded docker container
// as it overwrites the session cookie (it does not factor in port)
filter.setSecurityContextRepository(new RequestAttributeSecurityContextRepository());
// The default filter order is X509 followed by J2EE (pre-authentication which is what Shibboleth does). // The default filter order is X509 followed by J2EE (pre-authentication which is what Shibboleth does).
// Spring Authorization server then puts the OAuth 2.0 authorization filter before J2EE, and it requires // Spring Authorization server then puts the OAuth 2.0 authorization filter before J2EE, and it requires
// the user to be authenticated. Then there is also the custom authorization endpoint used in staging // the user to be authenticated. Then there is also the custom authorization endpoint used in staging