TouchInstinct
/
Backend-common
309
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix security modules

This commit is contained in:
Alexander Buntakov 2021-06-15 00:14:21 +03:00
parent 6f703d0bfc
commit 5e84eb2bb3
18 changed files with 167 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -148,3 +148,14 @@ token.refresh:
prefix: RT-
timeToLive: PT2H # 2 hours
```
Генерация ключей:
```bash
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -pubout -out public.pem
openssl pkcs8 -topk8 -inform PEM -outform DER -in private.pem -nocrypt > pkcs8_key
cat pkcs8_key | base64
cat public.pem
```

2
auth-core/src/main/kotlin/ru/touchin/auth/core/configurations/AuthCoreConfiguration.kt
View File

@ -8,7 +8,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder
@ComponentScan("ru.touchin.auth.core")
@ConfigurationPropertiesScan
@ConfigurationPropertiesScan("ru.touchin.auth.core")
class AuthCoreConfiguration {
@Bean

2
auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/configurations/AuthTokenConfiguration.kt
View File

@ -2,10 +2,8 @@ package ru.touchin.auth.core.configurations
import org.springframework.boot.context.properties.ConfigurationPropertiesScan
import org.springframework.context.annotation.ComponentScan
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
@Configuration
@Import(AuthCoreConfiguration::class)
@ComponentScan("ru.touchin.auth.core.tokens")
@ConfigurationPropertiesScan("ru.touchin.auth.core.tokens")

1
auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/configurations/AuthTokenDatabaseConfiguration.kt
View File

@ -4,7 +4,6 @@ import org.springframework.boot.autoconfigure.domain.EntityScan
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Import
@Configuration
@Import(AuthCoreDatabaseConfiguration::class)
@EntityScan("ru.touchin.auth.core.tokens")
class AuthTokenDatabaseConfiguration

2
auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/access/services/AccessTokenService.kt → auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/access/services/AccessTokenCoreService.kt
View File

@ -3,7 +3,7 @@ package ru.touchin.auth.core.tokens.access.services
import ru.touchin.auth.core.tokens.access.dto.AccessToken
import ru.touchin.auth.core.tokens.access.dto.AccessTokenRequest
interface AccessTokenService {
interface AccessTokenCoreService {
fun create(accessTokenRequest: AccessTokenRequest): AccessToken

4
auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/access/services/JwtAccessTokenServiceImpl.kt → auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/access/services/JwtAccessTokenCoreServiceImpl.kt
View File

@ -13,10 +13,10 @@ import java.time.ZoneId
import java.util.*
@Service
class JwtAccessTokenServiceImpl(
class JwtAccessTokenCoreServiceImpl(
private val accessTokenProperties: AccessTokenProperties,
private val accessTokenSigningAlgorithm: Algorithm
) : AccessTokenService {
) : AccessTokenCoreService {
private fun sign(builder: JWTCreator.Builder) = builder.sign(accessTokenSigningAlgorithm)

2
auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/refresh/services/RefreshTokenService.kt → auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/refresh/services/RefreshTokenCoreService.kt
View File

@ -3,7 +3,7 @@ package ru.touchin.auth.core.tokens.refresh.services
import ru.touchin.auth.core.tokens.refresh.dto.RefreshToken
import ru.touchin.auth.core.tokens.refresh.services.dto.NewRefreshToken
interface RefreshTokenService {
interface RefreshTokenCoreService {
fun get(value: String): RefreshToken
fun create(token: NewRefreshToken): RefreshToken

4
auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/refresh/services/RefreshTokenServiceImpl.kt → auth-jwt-core/src/main/kotlin/ru/touchin/auth/core/tokens/refresh/services/RefreshTokenCoreServiceImpl.kt
View File

@ -20,13 +20,13 @@ import ru.touchin.common.random.SecureRandomStringGenerator
import java.time.ZonedDateTime
@Service
class RefreshTokenServiceImpl(
class RefreshTokenCoreServiceImpl(
private val refreshTokenProperties: RefreshTokenProperties,
private val refreshTokenRepository: RefreshTokenRepository,
private val userRepository: UserRepository,
private val deviceRepository: DeviceRepository,
private val scopeRepository: ScopeRepository,
) : RefreshTokenService {
) : RefreshTokenCoreService {
@Transactional(readOnly = true)
override fun get(value: String): RefreshToken {

13
auth-jwt/build.gradle.kts Normal file
View File

@ -0,0 +1,13 @@
plugins {
id("kotlin")
id("kotlin-spring")
}
dependencies {
implementation(project(":auth-jwt-core"))
implementation(project(":common-spring-security"))
implementation("org.springframework.security:spring-security-oauth2-jose")
implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
}

6
auth-jwt/src/main/kotlin/ru/touchin/auth/security/jwt/configurations/JwtConfiguration.kt Normal file
View File

@ -0,0 +1,6 @@
package ru.touchin.auth.security.jwt.configurations
import org.springframework.context.annotation.ComponentScan
@ComponentScan("ru.touchin.auth.security.jwt.http.configurators")
class JwtConfiguration

36
auth-jwt/src/main/kotlin/ru/touchin/auth/security/jwt/http/configurators/JwtHttpSecurityConfigurator.kt Normal file
View File

@ -0,0 +1,36 @@
package ru.touchin.auth.security.jwt.http.configurators
import org.springframework.beans.factory.annotation.Qualifier
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.oauth2.jwt.JwtDecoder
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder
import org.springframework.stereotype.Component
import ru.touchin.auth.core.tokens.access.properties.AccessTokenProperties
import ru.touchin.common.spring.Ordered
import ru.touchin.common.spring.security.http.configurators.HttpSecurityConfigurator
import java.security.interfaces.RSAPublicKey
@Order(Ordered.HIGH)
@Component
class JwtHttpSecurityConfigurator(
@Qualifier("accessTokenPublicKey")
private val accessTokenPublicKey: RSAPublicKey,
private val accessTokenProperties: AccessTokenProperties
) : HttpSecurityConfigurator {
override fun configure(http: HttpSecurity) {
http.oauth2ResourceServer {
it.jwt { jwt ->
jwt.decoder(getJwtDecoder())
}
}
}
private fun getJwtDecoder(): JwtDecoder {
return NimbusJwtDecoder.withPublicKey(accessTokenPublicKey)
.signatureAlgorithm(accessTokenProperties.signatureAlgorithm)
.build()
}
}

21
common-spring-security/src/main/kotlin/ru/touchin/common/spring/security/configurations/DefaultSecurityConfiguration.kt
View File

@ -5,26 +5,21 @@ import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import ru.touchin.common.spring.security.url.interceptors.UrlExpressionRegistryInterceptor
import ru.touchin.common.spring.security.http.configurators.HttpSecurityConfigurator
@Configuration
@ComponentScan("ru.touchin.common.spring.security.url.interceptors")
@ComponentScan(
"ru.touchin.common.spring.security.url.interceptors",
"ru.touchin.common.spring.security.http.configurators",
)
@EnableGlobalMethodSecurity(prePostEnabled = true)
class DefaultSecurityConfiguration(
private val urlExpressionRegistryInterceptors: List<UrlExpressionRegistryInterceptor>,
private val httpSecurityConfigurators: List<HttpSecurityConfigurator>,
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http
.cors().disable()
.csrf().disable()
.httpBasic().disable()
.authorizeRequests { urlExpressionRegistry ->
urlExpressionRegistryInterceptors.forEach {
it.invoke(urlExpressionRegistry)
}
urlExpressionRegistry.anyRequest().authenticated()
httpSecurityConfigurators.forEach {
it.configure(http)
}
}

25
common-spring-security/src/main/kotlin/ru/touchin/common/spring/security/http/configurators/AuthorizeRequestsHttpSecurityConfigurator.kt Normal file
View File

@ -0,0 +1,25 @@
package ru.touchin.common.spring.security.http.configurators
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.stereotype.Component
import ru.touchin.common.spring.Ordered
import ru.touchin.common.spring.security.url.interceptors.UrlExpressionRegistryInterceptor
@Order(Ordered.NORMAL)
@Component
class AuthorizeRequestsHttpSecurityConfigurator(
private val urlExpressionRegistryInterceptors: List<UrlExpressionRegistryInterceptor>,
) : HttpSecurityConfigurator {
override fun configure(http: HttpSecurity) {
http.authorizeRequests { urlExpressionRegistry ->
urlExpressionRegistryInterceptors.forEach {
it.invoke(urlExpressionRegistry)
}
urlExpressionRegistry.anyRequest().authenticated()
}
}
}

17
common-spring-security/src/main/kotlin/ru/touchin/common/spring/security/http/configurators/BasicHttpSecurityConfigurator.kt Normal file
View File

@ -0,0 +1,17 @@
package ru.touchin.common.spring.security.http.configurators
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.stereotype.Component
import ru.touchin.common.spring.Ordered
@Order(Ordered.LOW)
@Component
class BasicHttpSecurityConfigurator : HttpSecurityConfigurator {
override fun configure(http: HttpSecurity) {
// TODO: user properties
http.httpBasic().disable()
}
}

17
common-spring-security/src/main/kotlin/ru/touchin/common/spring/security/http/configurators/CorsHttpSecurityConfigurator.kt Normal file
View File

@ -0,0 +1,17 @@
package ru.touchin.common.spring.security.http.configurators
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.stereotype.Component
import ru.touchin.common.spring.Ordered
@Order(Ordered.LOW)
@Component
class CorsHttpSecurityConfigurator : HttpSecurityConfigurator {
override fun configure(http: HttpSecurity) {
// TODO: user properties
http.cors().disable()
}
}

17
common-spring-security/src/main/kotlin/ru/touchin/common/spring/security/http/configurators/CsrfHttpSecurityConfigurator.kt Normal file
View File

@ -0,0 +1,17 @@
package ru.touchin.common.spring.security.http.configurators
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.stereotype.Component
import ru.touchin.common.spring.Ordered
@Order(Ordered.LOW)
@Component
class CsrfHttpSecurityConfigurator : HttpSecurityConfigurator {
override fun configure(http: HttpSecurity) {
// TODO: use properties
http.csrf().disable()
}
}

9
common-spring-security/src/main/kotlin/ru/touchin/common/spring/security/http/configurators/HttpSecurityConfigurator.kt Normal file
View File

@ -0,0 +1,9 @@
package ru.touchin.common.spring.security.http.configurators
import org.springframework.security.config.annotation.web.builders.HttpSecurity
interface HttpSecurityConfigurator {
fun configure(http: HttpSecurity)
}

1
settings.gradle.kts
View File

@ -41,3 +41,4 @@ include("response-wrapper-spring-web")
include("settings-spring-jpa")
include("auth-core")
include("auth-jwt-core")
include("auth-jwt")