From 4faed76bbe49f0ed14fb29459ab1dfdac06c18ac Mon Sep 17 00:00:00 2001 From: Reham Muzzamil Date: Thu, 17 Jun 2021 15:00:19 +0500 Subject: [PATCH 1/6] Add gitignore file --- .gitignore | 16 ++++++++++++++++ README.md | 0 2 files changed, 16 insertions(+) create mode 100644 .gitignore delete mode 100644 README.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5ad8cb8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +# Default ignored files +/shelf/ +/workspace.xml +target/ +.project +.classpath +.settings/ +.DS_Store +.idea/ +*.iml +*.ipr +*.iws +logfile +*.log* +.springBeans +.gradle/ diff --git a/README.md b/README.md deleted file mode 100644 index e69de29..0000000 From 4791f918709e608daf93b6fc28e55c94e0bbbdd9 Mon Sep 17 00:00:00 2001 From: Reham Muzzamil Date: Thu, 17 Jun 2021 15:04:07 +0500 Subject: [PATCH 2/6] Initial Commit - Provide authentication support via Keycloak --- README.md | 0 pom.xml | 133 ++++++++++++++++++ .../autoconfigure/KeycloakSecurityConfig.java | 126 +++++++++++++++++ .../SecurityAutoConfiguration.java | 41 ++++++ src/main/resources/META-INF/spring.factories | 1 + src/test/resources/logback-test.xml | 4 + 6 files changed, 305 insertions(+) create mode 100644 README.md create mode 100644 pom.xml create mode 100644 src/main/java/autoconfigure/KeycloakSecurityConfig.java create mode 100644 src/main/java/autoconfigure/SecurityAutoConfiguration.java create mode 100644 src/main/resources/META-INF/spring.factories create mode 100644 src/test/resources/logback-test.xml diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..3af64a4 --- /dev/null +++ b/pom.xml @@ -0,0 +1,133 @@ + + 4.0.0 + + org.smartregister + + hapi-fhir-opensrp-security-config + jar + 0.0.1-SNAPSHOT + opensrp-server-fhir-security-auth + FHIR Security Authentication module + https://github.com/opensrp/opensrp-server-fhir-security-auth + + + 2.4.1 + + + + + org.springframework.boot + spring-boot-autoconfigure + ${spring_boot_version} + + + + javax.servlet + javax.servlet-api + true + + + + + org.springframework.boot + spring-boot-configuration-processor + true + + + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework + spring-web + test + + + com.h2database + h2 + test + + + ch.qos.logback + logback-classic + test + + + org.slf4j + log4j-over-slf4j + test + 1.7.30 + + + org.keycloak + keycloak-spring-boot-starter + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework + spring-web + + + org.springframework.boot + spring-boot-starter-security + + + + + + + org.springframework.boot + spring-boot-dependencies + ${spring_boot_version} + pom + import + true + + + org.keycloak.bom + keycloak-adapter-bom + 13.0.0 + pom + import + + + + + + + + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.8.1 + + 1.8 + 1.8 + true + UTF-8 + + + + + + + + + + + + + diff --git a/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/src/main/java/autoconfigure/KeycloakSecurityConfig.java new file mode 100644 index 0000000..3fbcdc1 --- /dev/null +++ b/src/main/java/autoconfigure/KeycloakSecurityConfig.java @@ -0,0 +1,126 @@ +package autoconfigure; + +import org.keycloak.adapters.KeycloakConfigResolver; +import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; +import org.keycloak.adapters.springsecurity.KeycloakConfiguration; +import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; +import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory; +import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate; +import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.config.ConfigurableBeanFactory; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Scope; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; +import org.springframework.security.core.session.SessionRegistryImpl; +import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; +import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; + +import static org.springframework.http.HttpMethod.DELETE; +import static org.springframework.http.HttpMethod.GET; +import static org.springframework.http.HttpMethod.POST; +import static org.springframework.http.HttpMethod.PUT; + +@KeycloakConfiguration +public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter { + + private static final String CORS_ALLOWED_HEADERS = "origin,content-type,accept,x-requested-with,Authorization"; + + private String opensrpAllowedSources=""; + + private long corsMaxAge=60; + + + private static final Logger logger = LoggerFactory.getLogger(KeycloakSecurityConfig.class); + + @Autowired + private KeycloakClientRequestFactory keycloakClientRequestFactory; + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) { + + SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper(); + grantedAuthorityMapper.setPrefix("ROLE_"); + + KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider(); + keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper()); + auth.authenticationProvider(keycloakAuthenticationProvider); + } + + @Bean + public KeycloakConfigResolver keycloakConfigResolver() { + return new KeycloakSpringBootConfigResolver(); + } + + @Bean + @Override + protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { + return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + super.configure(http); + logger.error("Inside configure method"); + http.cors() + .and() + .authorizeRequests() + .antMatchers("/").permitAll() + .antMatchers("/home").permitAll() + .mvcMatchers("/logout.do").permitAll() + .antMatchers("/fhir/**") + .authenticated() + .and() + .csrf() + .ignoringAntMatchers("/fhir/**") + .and() + .logout() + .logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET")); + + } + + @Override + public void configure(WebSecurity web) throws Exception { + /* @formatter:off */ + web.ignoring().mvcMatchers("/js/**") + .and().ignoring().mvcMatchers("/css/**") + .and().ignoring().mvcMatchers("/images/**") + .and().ignoring().mvcMatchers("/html/**") + .and().ignoring().antMatchers(HttpMethod.OPTIONS, "/**") + .and().ignoring().antMatchers("/home") + .and().ignoring().antMatchers("/*") + .and().ignoring().antMatchers("/fhir/metadata"); +// /* @formatter:on */ + } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(Arrays.asList(opensrpAllowedSources.split(","))); + configuration.setAllowedMethods(Arrays.asList(GET.name(), POST.name(), PUT.name(), DELETE.name())); + configuration.setAllowedHeaders(Arrays.asList(CORS_ALLOWED_HEADERS.split(","))); + configuration.setMaxAge(corsMaxAge); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } + + @Bean + @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE) + public KeycloakRestTemplate keycloakRestTemplate() { + return new KeycloakRestTemplate(keycloakClientRequestFactory); + } + +} diff --git a/src/main/java/autoconfigure/SecurityAutoConfiguration.java b/src/main/java/autoconfigure/SecurityAutoConfiguration.java new file mode 100644 index 0000000..bddc601 --- /dev/null +++ b/src/main/java/autoconfigure/SecurityAutoConfiguration.java @@ -0,0 +1,41 @@ +package autoconfigure; + +/*- + * #%L + * hapi-fhir-spring-boot-autoconfigure + * %% + * Copyright (C) 2014 - 2021 Smile CDR, Inc. + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + + +import org.springframework.boot.autoconfigure.AutoConfigureAfter; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; + +/** + * {@link EnableAutoConfiguration Auto-configuration} for HAPI FHIR. + * + * @author Reham Muzzamil + */ +@Configuration +@AutoConfigureAfter({KeycloakSecurityConfig.class}) +@EnableWebSecurity +@Import({ KeycloakSecurityConfig.class }) +public class SecurityAutoConfiguration { + +} diff --git a/src/main/resources/META-INF/spring.factories b/src/main/resources/META-INF/spring.factories new file mode 100644 index 0000000..6cb3663 --- /dev/null +++ b/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=autoconfigure.SecurityAutoConfiguration diff --git a/src/test/resources/logback-test.xml b/src/test/resources/logback-test.xml new file mode 100644 index 0000000..ee27473 --- /dev/null +++ b/src/test/resources/logback-test.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file From f7f348797c1188b282fd039fd95d9e12e4b38131 Mon Sep 17 00:00:00 2001 From: Reham Muzzamil Date: Thu, 17 Jun 2021 15:08:21 +0500 Subject: [PATCH 3/6] Add authentication support via keycloak --- pom.xml | 230 ++++++++---------- .../autoconfigure/KeycloakSecurityConfig.java | 31 ++- .../SecurityAutoConfiguration.java | 3 +- src/test/resources/logback-test.xml | 4 +- 4 files changed, 126 insertions(+), 142 deletions(-) diff --git a/pom.xml b/pom.xml index 3af64a4..b54da21 100644 --- a/pom.xml +++ b/pom.xml @@ -1,133 +1,119 @@ - 4.0.0 + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 - org.smartregister + org.smartregister - hapi-fhir-opensrp-security-config - jar - 0.0.1-SNAPSHOT - opensrp-server-fhir-security-auth - FHIR Security Authentication module - https://github.com/opensrp/opensrp-server-fhir-security-auth + hapi-fhir-opensrp-security-config + jar + 0.0.1-SNAPSHOT + opensrp-server-fhir-security-auth + FHIR Security Authentication module + https://github.com/opensrp/opensrp-server-fhir-security-auth - - 2.4.1 - - - - - org.springframework.boot - spring-boot-autoconfigure - ${spring_boot_version} - + + 2.4.1 + + + + + org.springframework.boot + spring-boot-autoconfigure + ${spring_boot_version} + - - javax.servlet - javax.servlet-api - true - + + javax.servlet + javax.servlet-api + true + - - - org.springframework.boot - spring-boot-configuration-processor - true - + + + org.springframework.boot + spring-boot-configuration-processor + true + - - - org.springframework.boot - spring-boot-starter-test - test - - - org.springframework - spring-web - test - - - com.h2database - h2 - test - - - ch.qos.logback - logback-classic - test - - - org.slf4j - log4j-over-slf4j - test - 1.7.30 - - - org.keycloak - keycloak-spring-boot-starter - - - org.springframework.boot - spring-boot-starter-web - - - org.springframework - spring-web - - - org.springframework.boot - spring-boot-starter-security - - + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework + spring-web + test + + + com.h2database + h2 + test + + + ch.qos.logback + logback-classic + test + + + org.slf4j + log4j-over-slf4j + test + 1.7.30 + + + org.keycloak + keycloak-spring-boot-starter + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework + spring-web + + + org.springframework.boot + spring-boot-starter-security + + - - - - org.springframework.boot - spring-boot-dependencies - ${spring_boot_version} - pom - import - true - - - org.keycloak.bom - keycloak-adapter-bom - 13.0.0 - pom - import - - - + + + + org.springframework.boot + spring-boot-dependencies + ${spring_boot_version} + pom + import + true + + + org.keycloak.bom + keycloak-adapter-bom + 13.0.0 + pom + import + + + - - - - - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - 3.8.1 - - 1.8 - 1.8 - true - UTF-8 - - - - - - - - - - - + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.8.1 + + 1.8 + 1.8 + true + UTF-8 + + + + diff --git a/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/src/main/java/autoconfigure/KeycloakSecurityConfig.java index 3fbcdc1..12378fb 100644 --- a/src/main/java/autoconfigure/KeycloakSecurityConfig.java +++ b/src/main/java/autoconfigure/KeycloakSecurityConfig.java @@ -38,10 +38,9 @@ public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter private static final String CORS_ALLOWED_HEADERS = "origin,content-type,accept,x-requested-with,Authorization"; - private String opensrpAllowedSources=""; - - private long corsMaxAge=60; + private String opensrpAllowedSources = ""; + private long corsMaxAge = 60; private static final Logger logger = LoggerFactory.getLogger(KeycloakSecurityConfig.class); @@ -75,19 +74,19 @@ protected void configure(HttpSecurity http) throws Exception { super.configure(http); logger.error("Inside configure method"); http.cors() - .and() - .authorizeRequests() - .antMatchers("/").permitAll() - .antMatchers("/home").permitAll() - .mvcMatchers("/logout.do").permitAll() - .antMatchers("/fhir/**") - .authenticated() - .and() - .csrf() - .ignoringAntMatchers("/fhir/**") - .and() - .logout() - .logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET")); + .and() + .authorizeRequests() + .antMatchers("/").permitAll() + .antMatchers("/home").permitAll() + .mvcMatchers("/logout.do").permitAll() + .antMatchers("/fhir/**") + .authenticated() + .and() + .csrf() + .ignoringAntMatchers("/fhir/**") + .and() + .logout() + .logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET")); } diff --git a/src/main/java/autoconfigure/SecurityAutoConfiguration.java b/src/main/java/autoconfigure/SecurityAutoConfiguration.java index bddc601..82d35fd 100644 --- a/src/main/java/autoconfigure/SecurityAutoConfiguration.java +++ b/src/main/java/autoconfigure/SecurityAutoConfiguration.java @@ -20,7 +20,6 @@ * #L% */ - import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.context.annotation.Configuration; @@ -33,7 +32,7 @@ * @author Reham Muzzamil */ @Configuration -@AutoConfigureAfter({KeycloakSecurityConfig.class}) +@AutoConfigureAfter({ KeycloakSecurityConfig.class }) @EnableWebSecurity @Import({ KeycloakSecurityConfig.class }) public class SecurityAutoConfiguration { diff --git a/src/test/resources/logback-test.xml b/src/test/resources/logback-test.xml index ee27473..ed03eae 100644 --- a/src/test/resources/logback-test.xml +++ b/src/test/resources/logback-test.xml @@ -1,4 +1,4 @@ - - \ No newline at end of file + + From 599baa8fdeb332027b3816244243ad290f2b2517 Mon Sep 17 00:00:00 2001 From: Reham Muzzamil Date: Thu, 17 Jun 2021 18:05:40 +0500 Subject: [PATCH 4/6] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index e69de29..420a0d5 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,3 @@ +# Opensrp Server FHIR Security Auth + +This repo consists of providing Authentication support via Keycloak. From 05da194865b60ba459518a8f8ede5315e5ef5359 Mon Sep 17 00:00:00 2001 From: Reham Muzzamil Date: Thu, 17 Jun 2021 19:57:56 +0500 Subject: [PATCH 5/6] Code cleanup --- README.md | 2 +- src/main/java/autoconfigure/KeycloakSecurityConfig.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 420a0d5..486e39e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ # Opensrp Server FHIR Security Auth -This repo consists of providing Authentication support via Keycloak. +This repository provides spring security authentication configuration through Keycloak authorisation servers. diff --git a/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/src/main/java/autoconfigure/KeycloakSecurityConfig.java index 12378fb..238039d 100644 --- a/src/main/java/autoconfigure/KeycloakSecurityConfig.java +++ b/src/main/java/autoconfigure/KeycloakSecurityConfig.java @@ -72,7 +72,7 @@ protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); - logger.error("Inside configure method"); + logger.info("Inside configure method"); http.cors() .and() .authorizeRequests() From a81a75f63dc4dc923c4a69d55cc71862c6aba531 Mon Sep 17 00:00:00 2001 From: Reham Muzzamil Date: Thu, 17 Jun 2021 20:58:03 +0500 Subject: [PATCH 6/6] Code cleanup --- pom.xml | 29 ------------------- .../autoconfigure/KeycloakSecurityConfig.java | 2 +- 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/pom.xml b/pom.xml index b54da21..2627a17 100644 --- a/pom.xml +++ b/pom.xml @@ -22,19 +22,6 @@ ${spring_boot_version} - - javax.servlet - javax.servlet-api - true - - - - - org.springframework.boot - spring-boot-configuration-processor - true - - org.springframework.boot @@ -46,22 +33,6 @@ spring-web test - - com.h2database - h2 - test - - - ch.qos.logback - logback-classic - test - - - org.slf4j - log4j-over-slf4j - test - 1.7.30 - org.keycloak keycloak-spring-boot-starter diff --git a/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/src/main/java/autoconfigure/KeycloakSecurityConfig.java index 238039d..f32f5c7 100644 --- a/src/main/java/autoconfigure/KeycloakSecurityConfig.java +++ b/src/main/java/autoconfigure/KeycloakSecurityConfig.java @@ -101,7 +101,7 @@ public void configure(WebSecurity web) throws Exception { .and().ignoring().antMatchers("/home") .and().ignoring().antMatchers("/*") .and().ignoring().antMatchers("/fhir/metadata"); -// /* @formatter:on */ + /* @formatter:on */ } @Bean