-
Notifications
You must be signed in to change notification settings - Fork 12
Team 10 ase 39 rbac for endpoints #9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
fee71d8
add jwt validation and test endpoint
davidclarafigueiredo 005168b
change issuer uri
davidclarafigueiredo 647cf16
add: provisory dockerfile
davidclarafigueiredo 95a0847
try to implement route protection
ItsGamerik 8637687
working mapper broken rbac
davidclarafigueiredo 00d6b2d
fix for role mapper?
davidclarafigueiredo c67febd
working role mapper and rbac
davidclarafigueiredo 8620ebd
Merge branch 'team-10-ASE-39' of https://github.com/Agile-Software-En…
davidclarafigueiredo df2066b
add note in endpoint code
ItsGamerik d314122
code cleanup
davidclarafigueiredo d795b0b
add user model to extract info from jwt, change claim from which to g…
davidclarafigueiredo 0f1834d
fix style and format
ItsGamerik 8a1ad44
add infos regarding security into README
davidclarafigueiredo 98190d0
Merge branch 'team-10-ASE-39' of https://github.com/Agile-Software-En…
davidclarafigueiredo 7337069
cleanup
davidclarafigueiredo File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # Use an official OpenJDK runtime as a parent image | ||
| FROM debian:latest | ||
|
|
||
| USER root | ||
|
|
||
| # Set the working directory inside the container | ||
| WORKDIR /app | ||
|
|
||
| COPY ./ ./ | ||
|
|
||
| RUN apt-get update && apt-get install -y maven openjdk-21-jdk | ||
|
|
||
| RUN mvn clean install | ||
| EXPOSE 8080 | ||
|
|
||
| ENTRYPOINT ["mvn", "spring-boot:run"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
src/main/java/com/ase/userservice/controllers/DemoController.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| package com.ase.userservice.controllers; | ||
|
|
||
| import org.springframework.web.bind.annotation.GetMapping; | ||
| import org.springframework.web.bind.annotation.RestController; | ||
|
|
||
| @RestController | ||
| public class DemoController { | ||
|
|
||
| // to manage access, add route rules in security/SecurityConfig.java like in the | ||
| // examples | ||
| @GetMapping("/demo") | ||
| public String demo() { | ||
| return "Hello from DemoController!"; | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| package com.ase.userservice.entities; | ||
|
|
||
| import java.util.ArrayList; | ||
|
|
||
| public class User { | ||
| public int exp; | ||
| public int iat; | ||
| public int auth_time; | ||
| public String jti; | ||
| public String iss; | ||
| public String aud; | ||
| public String sub; | ||
| public String typ; | ||
| public String azp; | ||
| public String sid; | ||
| public String at_hash; | ||
| public String acr; | ||
| public String upn; | ||
| public boolean email_verified; | ||
| public String name; | ||
| public ArrayList<String> groups; | ||
| public String preferred_username; | ||
| public String given_name; | ||
| public String family_name; | ||
| public String email; | ||
| } |
27 changes: 27 additions & 0 deletions
27
src/main/java/com/ase/userservice/security/JwtAuthConverter.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| // based on this tutorial: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html | ||
|
|
||
| package com.ase.userservice.security; | ||
|
|
||
| import org.springframework.core.convert.converter.Converter; | ||
| import org.springframework.security.core.GrantedAuthority; | ||
| import org.springframework.security.core.authority.SimpleGrantedAuthority; | ||
| import org.springframework.security.oauth2.jwt.Jwt; | ||
| import org.springframework.lang.NonNull; | ||
| import java.util.Collection; | ||
| import java.util.stream.Collectors; | ||
|
|
||
| public class JwtAuthConverter implements Converter<Jwt, Collection<GrantedAuthority>> { | ||
|
|
||
| @Override | ||
| public Collection<GrantedAuthority> convert(@NonNull Jwt jwt) { | ||
| var roles = jwt.getClaimAsStringList("groups"); | ||
|
|
||
| // you can check the roles here if you want to | ||
| //for (String role : roles) { | ||
| //System.out.println("Role from JWT: " + role); | ||
| // } | ||
| return roles.stream() | ||
| .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase())) | ||
| .collect(Collectors.toList()); | ||
| } | ||
| } |
31 changes: 31 additions & 0 deletions
31
src/main/java/com/ase/userservice/security/SecurityConfig.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| // based on this tutorial: https://www.javacodegeeks.com/2025/07/spring-boot-keycloak-role-based-authorization.html | ||
|
|
||
| package com.ase.userservice.security; | ||
|
|
||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; | ||
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
| import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; | ||
| import org.springframework.security.web.SecurityFilterChain; | ||
|
|
||
| @Configuration | ||
| @EnableMethodSecurity | ||
| public class SecurityConfig { | ||
|
|
||
| @Bean | ||
| public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | ||
| JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter(); | ||
| jwtConverter.setJwtGrantedAuthoritiesConverter(new JwtAuthConverter()); | ||
|
|
||
| // the role always has to be capatalized | ||
| http | ||
| .authorizeHttpRequests(authorize -> authorize | ||
| .requestMatchers("/demo").hasRole("DEFAULT-ROLES-SAU") | ||
| .requestMatchers("/admin/**").hasRole("admin") | ||
| .anyRequest().authenticated()) | ||
| .oauth2ResourceServer(oauth2 -> oauth2 | ||
| .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtConverter))); | ||
| return http.build(); | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.