mirror of https://github.com/usbharu/Hideout.git
fix: OAuth2認証に失敗するようになっているのを修正
This commit is contained in:
parent
44563e2251
commit
f232183679
|
@ -11,6 +11,7 @@ import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.Htt
|
||||||
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
|
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
|
||||||
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite
|
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite
|
||||||
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl
|
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl
|
||||||
|
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsServiceImpl
|
||||||
import dev.usbharu.hideout.core.query.UserQueryService
|
import dev.usbharu.hideout.core.query.UserQueryService
|
||||||
import dev.usbharu.hideout.util.RsaUtil
|
import dev.usbharu.hideout.util.RsaUtil
|
||||||
import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
|
import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
|
||||||
|
@ -31,6 +32,7 @@ import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
|
||||||
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
|
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
|
||||||
import org.springframework.security.authentication.AccountStatusUserDetailsChecker
|
import org.springframework.security.authentication.AccountStatusUserDetailsChecker
|
||||||
import org.springframework.security.authentication.AuthenticationManager
|
import org.springframework.security.authentication.AuthenticationManager
|
||||||
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider
|
||||||
import org.springframework.security.config.Customizer
|
import org.springframework.security.config.Customizer
|
||||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
|
@ -59,7 +61,7 @@ import java.security.interfaces.RSAPrivateKey
|
||||||
import java.security.interfaces.RSAPublicKey
|
import java.security.interfaces.RSAPublicKey
|
||||||
import java.util.*
|
import java.util.*
|
||||||
|
|
||||||
@EnableWebSecurity(debug = false)
|
@EnableWebSecurity(debug = true)
|
||||||
@Configuration
|
@Configuration
|
||||||
@Suppress("FunctionMaxLength", "TooManyFunctions")
|
@Suppress("FunctionMaxLength", "TooManyFunctions")
|
||||||
class SecurityConfig {
|
class SecurityConfig {
|
||||||
|
@ -75,13 +77,12 @@ class SecurityConfig {
|
||||||
@Order(1)
|
@Order(1)
|
||||||
fun httpSignatureFilterChain(
|
fun httpSignatureFilterChain(
|
||||||
http: HttpSecurity,
|
http: HttpSecurity,
|
||||||
httpSignatureFilter: HttpSignatureFilter,
|
|
||||||
introspector: HandlerMappingIntrospector
|
introspector: HandlerMappingIntrospector
|
||||||
): SecurityFilterChain {
|
): SecurityFilterChain {
|
||||||
val builder = MvcRequestMatcher.Builder(introspector)
|
val builder = MvcRequestMatcher.Builder(introspector)
|
||||||
http
|
http
|
||||||
.securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
|
.securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
|
||||||
.addFilter(httpSignatureFilter)
|
.addFilter(getHttpSignatureFilter(http.getSharedObject(AuthenticationManager::class.java)))
|
||||||
.addFilterBefore(
|
.addFilterBefore(
|
||||||
ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
|
ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
|
||||||
HttpSignatureFilter::class.java
|
HttpSignatureFilter::class.java
|
||||||
|
@ -108,12 +109,11 @@ class SecurityConfig {
|
||||||
.sessionManagement {
|
.sessionManagement {
|
||||||
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||||
}
|
}
|
||||||
|
|
||||||
return http.build()
|
return http.build()
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter {
|
fun getHttpSignatureFilter(authenticationManager: AuthenticationManager?): HttpSignatureFilter {
|
||||||
val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
|
val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
|
||||||
httpSignatureFilter.setAuthenticationManager(authenticationManager)
|
httpSignatureFilter.setAuthenticationManager(authenticationManager)
|
||||||
httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
|
httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
|
||||||
|
@ -124,6 +124,13 @@ class SecurityConfig {
|
||||||
return httpSignatureFilter
|
return httpSignatureFilter
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
fun daoAuthenticationProvider(userDetailsServiceImpl: UserDetailsServiceImpl): DaoAuthenticationProvider {
|
||||||
|
val daoAuthenticationProvider = DaoAuthenticationProvider()
|
||||||
|
daoAuthenticationProvider.setUserDetailsService(userDetailsServiceImpl)
|
||||||
|
return daoAuthenticationProvider
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
|
fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
|
||||||
val provider = PreAuthenticatedAuthenticationProvider()
|
val provider = PreAuthenticatedAuthenticationProvider()
|
||||||
|
@ -187,12 +194,18 @@ class SecurityConfig {
|
||||||
}
|
}
|
||||||
http.oauth2ResourceServer {
|
http.oauth2ResourceServer {
|
||||||
it.jwt(Customizer.withDefaults())
|
it.jwt(Customizer.withDefaults())
|
||||||
}.passwordManagement { }.formLogin(Customizer.withDefaults()).csrf {
|
}
|
||||||
|
.passwordManagement { }
|
||||||
|
.formLogin {
|
||||||
|
|
||||||
|
}
|
||||||
|
.csrf {
|
||||||
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
|
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
|
||||||
it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
|
it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
|
||||||
it.ignoringRequestMatchers(builder.pattern("/inbox"))
|
it.ignoringRequestMatchers(builder.pattern("/inbox"))
|
||||||
it.ignoringRequestMatchers(PathRequest.toH2Console())
|
it.ignoringRequestMatchers(PathRequest.toH2Console())
|
||||||
}.headers {
|
}
|
||||||
|
.headers {
|
||||||
it.frameOptions {
|
it.frameOptions {
|
||||||
it.sameOrigin()
|
it.sameOrigin()
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,7 +60,8 @@ class AppApiServiceImpl(
|
||||||
"invalid-vapid-key",
|
"invalid-vapid-key",
|
||||||
appsRequest.website,
|
appsRequest.website,
|
||||||
id,
|
id,
|
||||||
clientSecret
|
clientSecret,
|
||||||
|
appsRequest.redirectUris
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,7 @@ spring:
|
||||||
default-property-inclusion: always
|
default-property-inclusion: always
|
||||||
datasource:
|
datasource:
|
||||||
driver-class-name: org.h2.Driver
|
driver-class-name: org.h2.Driver
|
||||||
url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL;TRACE_LEVEL_FILE=4"
|
url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL"
|
||||||
username: ""
|
username: ""
|
||||||
password: ""
|
password: ""
|
||||||
# data:
|
# data:
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern>
|
<pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern>
|
||||||
</encoder>
|
</encoder>
|
||||||
</appender>
|
</appender>
|
||||||
<root level="INFO">
|
<root level="TRACE">
|
||||||
<appender-ref ref="STDOUT"/>
|
<appender-ref ref="STDOUT"/>
|
||||||
</root>
|
</root>
|
||||||
<logger name="org.eclipse.jetty" level="INFO"/>
|
<logger name="org.eclipse.jetty" level="INFO"/>
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
<logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/>
|
<logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/>
|
||||||
<logger name="Exposed" level="INFO"/>
|
<logger name="Exposed" level="INFO"/>
|
||||||
<logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/>
|
<logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/>
|
||||||
<logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="INFO"/>
|
<logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="DEBUG"/>
|
||||||
<logger name="org.mongodb.driver.protocol.command" level="INFO"/>
|
<logger name="org.mongodb.driver.protocol.command" level="INFO"/>
|
||||||
<logger name="dev.usbharu" level="TRACE"/>
|
<logger name="dev.usbharu" level="TRACE"/>
|
||||||
</configuration>
|
</configuration>
|
||||||
|
|
Loading…
Reference in New Issue