mirror of https://github.com/usbharu/Hideout.git
fix: OAuth2認証に失敗するようになっているのを修正
This commit is contained in:
parent
44563e2251
commit
f232183679
|
@ -11,6 +11,7 @@ import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.Htt
|
|||
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
|
||||
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite
|
||||
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl
|
||||
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsServiceImpl
|
||||
import dev.usbharu.hideout.core.query.UserQueryService
|
||||
import dev.usbharu.hideout.util.RsaUtil
|
||||
import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
|
||||
|
@ -31,6 +32,7 @@ import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
|
|||
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
|
||||
import org.springframework.security.authentication.AccountStatusUserDetailsChecker
|
||||
import org.springframework.security.authentication.AuthenticationManager
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider
|
||||
import org.springframework.security.config.Customizer
|
||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
|
@ -59,7 +61,7 @@ import java.security.interfaces.RSAPrivateKey
|
|||
import java.security.interfaces.RSAPublicKey
|
||||
import java.util.*
|
||||
|
||||
@EnableWebSecurity(debug = false)
|
||||
@EnableWebSecurity(debug = true)
|
||||
@Configuration
|
||||
@Suppress("FunctionMaxLength", "TooManyFunctions")
|
||||
class SecurityConfig {
|
||||
|
@ -75,13 +77,12 @@ class SecurityConfig {
|
|||
@Order(1)
|
||||
fun httpSignatureFilterChain(
|
||||
http: HttpSecurity,
|
||||
httpSignatureFilter: HttpSignatureFilter,
|
||||
introspector: HandlerMappingIntrospector
|
||||
): SecurityFilterChain {
|
||||
val builder = MvcRequestMatcher.Builder(introspector)
|
||||
http
|
||||
.securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
|
||||
.addFilter(httpSignatureFilter)
|
||||
.addFilter(getHttpSignatureFilter(http.getSharedObject(AuthenticationManager::class.java)))
|
||||
.addFilterBefore(
|
||||
ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
|
||||
HttpSignatureFilter::class.java
|
||||
|
@ -108,12 +109,11 @@ class SecurityConfig {
|
|||
.sessionManagement {
|
||||
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
}
|
||||
|
||||
return http.build()
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter {
|
||||
|
||||
fun getHttpSignatureFilter(authenticationManager: AuthenticationManager?): HttpSignatureFilter {
|
||||
val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
|
||||
httpSignatureFilter.setAuthenticationManager(authenticationManager)
|
||||
httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
|
||||
|
@ -124,6 +124,13 @@ class SecurityConfig {
|
|||
return httpSignatureFilter
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun daoAuthenticationProvider(userDetailsServiceImpl: UserDetailsServiceImpl): DaoAuthenticationProvider {
|
||||
val daoAuthenticationProvider = DaoAuthenticationProvider()
|
||||
daoAuthenticationProvider.setUserDetailsService(userDetailsServiceImpl)
|
||||
return daoAuthenticationProvider
|
||||
}
|
||||
|
||||
@Bean
|
||||
fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
|
||||
val provider = PreAuthenticatedAuthenticationProvider()
|
||||
|
@ -187,12 +194,18 @@ class SecurityConfig {
|
|||
}
|
||||
http.oauth2ResourceServer {
|
||||
it.jwt(Customizer.withDefaults())
|
||||
}.passwordManagement { }.formLogin(Customizer.withDefaults()).csrf {
|
||||
}
|
||||
.passwordManagement { }
|
||||
.formLogin {
|
||||
|
||||
}
|
||||
.csrf {
|
||||
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
|
||||
it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
|
||||
it.ignoringRequestMatchers(builder.pattern("/inbox"))
|
||||
it.ignoringRequestMatchers(PathRequest.toH2Console())
|
||||
}.headers {
|
||||
}
|
||||
.headers {
|
||||
it.frameOptions {
|
||||
it.sameOrigin()
|
||||
}
|
||||
|
|
|
@ -60,7 +60,8 @@ class AppApiServiceImpl(
|
|||
"invalid-vapid-key",
|
||||
appsRequest.website,
|
||||
id,
|
||||
clientSecret
|
||||
clientSecret,
|
||||
appsRequest.redirectUris
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ spring:
|
|||
default-property-inclusion: always
|
||||
datasource:
|
||||
driver-class-name: org.h2.Driver
|
||||
url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL;TRACE_LEVEL_FILE=4"
|
||||
url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL"
|
||||
username: ""
|
||||
password: ""
|
||||
# data:
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
<root level="INFO">
|
||||
<root level="TRACE">
|
||||
<appender-ref ref="STDOUT"/>
|
||||
</root>
|
||||
<logger name="org.eclipse.jetty" level="INFO"/>
|
||||
|
@ -12,7 +12,7 @@
|
|||
<logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/>
|
||||
<logger name="Exposed" level="INFO"/>
|
||||
<logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/>
|
||||
<logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="INFO"/>
|
||||
<logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="DEBUG"/>
|
||||
<logger name="org.mongodb.driver.protocol.command" level="INFO"/>
|
||||
<logger name="dev.usbharu" level="TRACE"/>
|
||||
</configuration>
|
||||
|
|
Loading…
Reference in New Issue