Package com.totvs.tjf.autoconfigure

Class WebSecurityAutoConfiguration

  • All Implemented Interfaces:
    org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
    @Configuration
@EnableResourceServer
public class WebSecurityAutoConfiguration
extends org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
    Implementation of the ResourceServerConfigurerAdapter.

    The OAuth2 Resource Servers, enabling a Spring Security filter protected by OAuth2 security.

    Author:
    Roger Steuernagel

    • Constructor Detail

      • WebSecurityAutoConfiguration

        public WebSecurityAutoConfiguration​(org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties resourceServerProperties,
                                    SecurityAccessApiProperties securityAccessApiProperties,
                                    SecurityCorsProperties securityCorsProperties)
        The ResourceServerProperties is a shortcut to the Oauth2 settings.
        Parameters:
        resourceServerProperties - Configuration properties for OAuth2 Resources.

    • Method Detail

      • configure

        public void configure​(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer resources)
               throws Exception
        Configures the resourceId, is used in the JWT validation of the request.
        Specified by:
        configure in interface org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
        Overrides:
        configure in class org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
        Parameters:
        resources - configurer for the resource server.
        Throws:
        Exception

      • configure

        public void configure​(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
               throws Exception
        Endpoint security configuration
        Specified by:
        configure in interface org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
        Overrides:
        configure in class org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
        Parameters:
        http - the current http filter configuration.
        Throws:
        Exception

      • corsConfigurationSource

        @Bean
@ConditionalOnProperty(prefix="security.cors",
                       name="enabled")
public org.springframework.web.cors.CorsConfigurationSource corsConfigurationSource()
        Setup CORS configurations used by Fluig Apps
        Returns:
        CorsConfigurationSource

      • jwkUriTokenStore

        @Bean
@ConditionalOnProperty(prefix="security.oauth2.resource.jwk",
                       value="key-set-uri",
                       matchIfMissing=false)
public org.springframework.security.oauth2.provider.token.TokenStore jwkUriTokenStore​(TenantConverter tenantConverter)
        Setup a TokenStore that has the specific convert to understand the RAC/KEYCLOAK JWT.

        The Bean is only created when there is a property with the JWKS URL (RAC)

        Returns:
        standard JwkTokenStore instance to be used by the application.

      • jwkUrisTokenStore

        @Bean
@ConditionalOnProperty(prefix="security.access.api",
                       value="jwk-uris[0]",
                       matchIfMissing=false)
public org.springframework.security.oauth2.provider.token.TokenStore jwkUrisTokenStore​(TenantConverter tenantConverter)
        Setup a TokenStore that has the specific convert to understand the RAC/KEYCLOAK JWT.

        The Bean is only created when there is a property with the JWKS URL (RAC)

        Returns:
        standard JwkTokenStore instance to be used by the application.