├── .gitignore ├── Dockerfile ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── src └── main ├── java └── com │ └── thoughtworks │ └── spring │ └── rbac │ └── demo │ ├── Application.java │ ├── config │ ├── RestAuthenticationEntryPoint.java │ └── SecurityConfig.java │ ├── controller │ ├── AuthController.java │ └── ProtectedResourceController.java │ ├── entity │ ├── KanBanUser.java │ ├── KanBanUserDetails.java │ └── Message.java │ ├── filter │ └── KanBanPreAuthenticationFilter.java │ └── service │ └── KanBanAuthenticationUserDetailsService.java └── resources ├── application.properties └── kanban-sso.conf /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | out/ 3 | idea/ 4 | .idea/ 5 | spring-rbac.i* 6 | .gradle 7 | data/ 8 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM redis 2 | VOLUME ./data:/data 3 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | repositories { 3 | mavenCentral() 4 | } 5 | dependencies { 6 | classpath("org.springframework.boot:spring-boot-gradle-plugin:1.3.3.RELEASE") 7 | } 8 | } 9 | 10 | apply plugin: 'spring-boot' 11 | 12 | 13 | apply plugin: 'java' 14 | apply plugin: 'idea' 15 | 16 | repositories { 17 | jcenter() 18 | } 19 | 20 | dependencies { 21 | compile "org.springframework.boot:spring-boot-starter-web:1.3.3.RELEASE" 22 | compile 'org.springframework.data:spring-data-mongodb:1.8.4.RELEASE' 23 | compile("org.springframework.boot:spring-boot-starter-security:1.3.3.RELEASE") 24 | 25 | testCompile 'junit:junit:4.12' 26 | } 27 | 28 | 29 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/abruzzi/spring-security-demo/8bdb6e22602dde8f732c7dd00e71ea7df4d3aac7/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Fri Apr 29 08:39:19 AEST 2016 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-2.9-bin.zip 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 10 | DEFAULT_JVM_OPTS="" 11 | 12 | APP_NAME="Gradle" 13 | APP_BASE_NAME=`basename "$0"` 14 | 15 | # Use the maximum available, or set MAX_FD != -1 to use that value. 16 | MAX_FD="maximum" 17 | 18 | warn ( ) { 19 | echo "$*" 20 | } 21 | 22 | die ( ) { 23 | echo 24 | echo "$*" 25 | echo 26 | exit 1 27 | } 28 | 29 | # OS specific support (must be 'true' or 'false'). 30 | cygwin=false 31 | msys=false 32 | darwin=false 33 | case "`uname`" in 34 | CYGWIN* ) 35 | cygwin=true 36 | ;; 37 | Darwin* ) 38 | darwin=true 39 | ;; 40 | MINGW* ) 41 | msys=true 42 | ;; 43 | esac 44 | 45 | # Attempt to set APP_HOME 46 | # Resolve links: $0 may be a link 47 | PRG="$0" 48 | # Need this for relative symlinks. 49 | while [ -h "$PRG" ] ; do 50 | ls=`ls -ld "$PRG"` 51 | link=`expr "$ls" : '.*-> \(.*\)$'` 52 | if expr "$link" : '/.*' > /dev/null; then 53 | PRG="$link" 54 | else 55 | PRG=`dirname "$PRG"`"/$link" 56 | fi 57 | done 58 | SAVED="`pwd`" 59 | cd "`dirname \"$PRG\"`/" >/dev/null 60 | APP_HOME="`pwd -P`" 61 | cd "$SAVED" >/dev/null 62 | 63 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 64 | 65 | # Determine the Java command to use to start the JVM. 66 | if [ -n "$JAVA_HOME" ] ; then 67 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 68 | # IBM's JDK on AIX uses strange locations for the executables 69 | JAVACMD="$JAVA_HOME/jre/sh/java" 70 | else 71 | JAVACMD="$JAVA_HOME/bin/java" 72 | fi 73 | if [ ! -x "$JAVACMD" ] ; then 74 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 75 | 76 | Please set the JAVA_HOME variable in your environment to match the 77 | location of your Java installation." 78 | fi 79 | else 80 | JAVACMD="java" 81 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 82 | 83 | Please set the JAVA_HOME variable in your environment to match the 84 | location of your Java installation." 85 | fi 86 | 87 | # Increase the maximum file descriptors if we can. 88 | if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then 89 | MAX_FD_LIMIT=`ulimit -H -n` 90 | if [ $? -eq 0 ] ; then 91 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 92 | MAX_FD="$MAX_FD_LIMIT" 93 | fi 94 | ulimit -n $MAX_FD 95 | if [ $? -ne 0 ] ; then 96 | warn "Could not set maximum file descriptor limit: $MAX_FD" 97 | fi 98 | else 99 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 100 | fi 101 | fi 102 | 103 | # For Darwin, add options to specify how the application appears in the dock 104 | if $darwin; then 105 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 106 | fi 107 | 108 | # For Cygwin, switch paths to Windows format before running java 109 | if $cygwin ; then 110 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 111 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 112 | JAVACMD=`cygpath --unix "$JAVACMD"` 113 | 114 | # We build the pattern for arguments to be converted via cygpath 115 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 116 | SEP="" 117 | for dir in $ROOTDIRSRAW ; do 118 | ROOTDIRS="$ROOTDIRS$SEP$dir" 119 | SEP="|" 120 | done 121 | OURCYGPATTERN="(^($ROOTDIRS))" 122 | # Add a user-defined pattern to the cygpath arguments 123 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 124 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 125 | fi 126 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 127 | i=0 128 | for arg in "$@" ; do 129 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 130 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 131 | 132 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 133 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 134 | else 135 | eval `echo args$i`="\"$arg\"" 136 | fi 137 | i=$((i+1)) 138 | done 139 | case $i in 140 | (0) set -- ;; 141 | (1) set -- "$args0" ;; 142 | (2) set -- "$args0" "$args1" ;; 143 | (3) set -- "$args0" "$args1" "$args2" ;; 144 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 145 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 146 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 147 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 148 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 149 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 150 | esac 151 | fi 152 | 153 | # Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules 154 | function splitJvmOpts() { 155 | JVM_OPTS=("$@") 156 | } 157 | eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS 158 | JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" 159 | 160 | exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" 161 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 12 | set DEFAULT_JVM_OPTS= 13 | 14 | set DIRNAME=%~dp0 15 | if "%DIRNAME%" == "" set DIRNAME=. 16 | set APP_BASE_NAME=%~n0 17 | set APP_HOME=%DIRNAME% 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windowz variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | if "%@eval[2+2]" == "4" goto 4NT_args 53 | 54 | :win9xME_args 55 | @rem Slurp the command line arguments. 56 | set CMD_LINE_ARGS= 57 | set _SKIP=2 58 | 59 | :win9xME_args_slurp 60 | if "x%~1" == "x" goto execute 61 | 62 | set CMD_LINE_ARGS=%* 63 | goto execute 64 | 65 | :4NT_args 66 | @rem Get arguments from the 4NT Shell from JP Software 67 | set CMD_LINE_ARGS=%$ 68 | 69 | :execute 70 | @rem Setup the command line 71 | 72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 73 | 74 | @rem Execute Gradle 75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 76 | 77 | :end 78 | @rem End local scope for the variables with windows NT shell 79 | if "%ERRORLEVEL%"=="0" goto mainEnd 80 | 81 | :fail 82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 83 | rem the _cmd.exe /c_ return code! 84 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 85 | exit /b 1 86 | 87 | :mainEnd 88 | if "%OS%"=="Windows_NT" endlocal 89 | 90 | :omega 91 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * This settings file was auto generated by the Gradle buildInit task 3 | * by 'jtqiu' at '4/29/16 8:39 AM' with Gradle 2.9 4 | * 5 | * The settings file is used to specify which projects to include in your build. 6 | * In a single project build this file can be empty or even removed. 7 | * 8 | * Detailed information about configuring a multi-project build in Gradle can be found 9 | * in the user guide at https://docs.gradle.org/2.9/userguide/multi_project_builds.html 10 | */ 11 | 12 | /* 13 | // To declare projects as part of a multi-project build use the 'include' method 14 | include 'shared' 15 | include 'api' 16 | include 'services:webservice' 17 | */ 18 | 19 | rootProject.name = 'spring-rbac' 20 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/Application.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/config/RestAuthenticationEntryPoint.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.config; 2 | 3 | import org.springframework.security.core.AuthenticationException; 4 | import org.springframework.security.web.AuthenticationEntryPoint; 5 | import org.springframework.stereotype.Component; 6 | 7 | import javax.servlet.http.HttpServletRequest; 8 | import javax.servlet.http.HttpServletResponse; 9 | import java.io.IOException; 10 | 11 | @Component 12 | public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint { 13 | 14 | @Override 15 | public void commence(HttpServletRequest request, HttpServletResponse response, 16 | AuthenticationException authException ) throws IOException { 17 | response.sendError( HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized" ); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/config/SecurityConfig.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.config; 2 | 3 | import com.thoughtworks.spring.rbac.demo.filter.KanBanPreAuthenticationFilter; 4 | import com.thoughtworks.spring.rbac.demo.service.KanBanAuthenticationUserDetailsService; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.security.authentication.AuthenticationProvider; 7 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 8 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 9 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 12 | import org.springframework.security.config.http.SessionCreationPolicy; 13 | import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; 14 | import org.springframework.stereotype.Component; 15 | 16 | @Component 17 | @EnableWebSecurity 18 | @EnableGlobalMethodSecurity(prePostEnabled = true) 19 | public class SecurityConfig extends WebSecurityConfigurerAdapter { 20 | 21 | @Override 22 | protected void configure(AuthenticationManagerBuilder builder) throws Exception { 23 | builder.authenticationProvider(preAuthenticationProvider()); 24 | } 25 | 26 | private AuthenticationProvider preAuthenticationProvider() { 27 | PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider(); 28 | provider.setPreAuthenticatedUserDetailsService(new KanBanAuthenticationUserDetailsService()); 29 | 30 | return provider; 31 | } 32 | 33 | @Override 34 | protected void configure(HttpSecurity http) throws Exception { 35 | http. 36 | csrf().disable(). 37 | sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS). 38 | and(). 39 | authorizeRequests() 40 | .antMatchers("/auth").permitAll() 41 | .anyRequest().authenticated() 42 | .and() 43 | .exceptionHandling() 44 | .authenticationEntryPoint(new RestAuthenticationEntryPoint()); 45 | 46 | http.addFilter(headerAuthenticationFilter()); 47 | } 48 | 49 | @Bean 50 | public KanBanPreAuthenticationFilter headerAuthenticationFilter() throws Exception { 51 | return new KanBanPreAuthenticationFilter(authenticationManager()); 52 | } 53 | 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/controller/AuthController.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.controller; 2 | 3 | import org.springframework.http.HttpStatus; 4 | import org.springframework.http.ResponseEntity; 5 | import org.springframework.util.StringUtils; 6 | import org.springframework.web.bind.annotation.RequestHeader; 7 | import org.springframework.web.bind.annotation.RequestMapping; 8 | import org.springframework.web.bind.annotation.RestController; 9 | 10 | @RestController 11 | @RequestMapping("/auth") 12 | public class AuthController { 13 | 14 | @RequestMapping 15 | public ResponseEntity simpleAuth(@RequestHeader(value="X-KANBAN-TOKEN", defaultValue = "") String token) { 16 | if(StringUtils.isEmpty(token)) { 17 | return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED); 18 | } else { 19 | return new ResponseEntity<>("Authorized", HttpStatus.OK); 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/controller/ProtectedResourceController.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.controller; 2 | 3 | import com.thoughtworks.spring.rbac.demo.entity.Message; 4 | import org.springframework.web.bind.annotation.PathVariable; 5 | import org.springframework.web.bind.annotation.RequestMapping; 6 | import org.springframework.web.bind.annotation.RestController; 7 | 8 | import java.security.Principal; 9 | 10 | @RestController 11 | @RequestMapping("/protected") 12 | public class ProtectedResourceController { 13 | 14 | @RequestMapping("/{id}") 15 | public Message getOne(Principal principal, @PathVariable("id") String id) { 16 | return new Message("Protected resource for: "+principal.getName()); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/entity/KanBanUser.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.entity; 2 | 3 | public class KanBanUser { 4 | private String name; 5 | 6 | public KanBanUser(String name) { 7 | this.name = name; 8 | } 9 | 10 | public String getName() { 11 | return name; 12 | } 13 | 14 | public void setName(String name) { 15 | this.name = name; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/entity/KanBanUserDetails.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.entity; 2 | 3 | import org.springframework.security.core.GrantedAuthority; 4 | import org.springframework.security.core.userdetails.UserDetails; 5 | 6 | import java.util.Collection; 7 | 8 | public class KanBanUserDetails implements UserDetails { 9 | private KanBanUser user; 10 | 11 | public KanBanUserDetails(KanBanUser user) { 12 | this.user = user; 13 | } 14 | 15 | @Override 16 | public Collection getAuthorities() { 17 | return null; 18 | } 19 | 20 | @Override 21 | public String getPassword() { 22 | return null; 23 | } 24 | 25 | @Override 26 | public String getUsername() { 27 | return user.getName(); 28 | } 29 | 30 | @Override 31 | public boolean isAccountNonExpired() { 32 | return true; 33 | } 34 | 35 | @Override 36 | public boolean isAccountNonLocked() { 37 | return true; 38 | } 39 | 40 | @Override 41 | public boolean isCredentialsNonExpired() { 42 | return true; 43 | } 44 | 45 | @Override 46 | public boolean isEnabled() { 47 | return true; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/entity/Message.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.entity; 2 | 3 | public class Message { 4 | public Message(String content) { 5 | this.content = content; 6 | } 7 | 8 | public String getContent() { 9 | return content; 10 | } 11 | 12 | public void setContent(String content) { 13 | this.content = content; 14 | } 15 | 16 | private String content; 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/filter/KanBanPreAuthenticationFilter.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.filter; 2 | 3 | import org.springframework.security.authentication.AuthenticationManager; 4 | import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; 5 | 6 | import javax.servlet.http.HttpServletRequest; 7 | 8 | public class KanBanPreAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter { 9 | public static final String SSO_TOKEN = "X-KANBAN-TOKEN"; 10 | public static final String SSO_CREDENTIALS = "N/A"; 11 | 12 | public KanBanPreAuthenticationFilter(AuthenticationManager authenticationManager) { 13 | setAuthenticationManager(authenticationManager); 14 | } 15 | 16 | @Override 17 | protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) { 18 | return request.getHeader(SSO_TOKEN); 19 | } 20 | 21 | @Override 22 | protected Object getPreAuthenticatedCredentials(HttpServletRequest request) { 23 | return SSO_CREDENTIALS; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/thoughtworks/spring/rbac/demo/service/KanBanAuthenticationUserDetailsService.java: -------------------------------------------------------------------------------- 1 | package com.thoughtworks.spring.rbac.demo.service; 2 | 3 | import com.thoughtworks.spring.rbac.demo.entity.KanBanUser; 4 | import com.thoughtworks.spring.rbac.demo.entity.KanBanUserDetails; 5 | import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; 6 | import org.springframework.security.core.userdetails.UserDetails; 7 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 8 | import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; 9 | import org.springframework.util.StringUtils; 10 | 11 | public class KanBanAuthenticationUserDetailsService 12 | implements AuthenticationUserDetailsService { 13 | 14 | @Override 15 | public UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) throws UsernameNotFoundException { 16 | String principal = (String) token.getPrincipal(); 17 | 18 | if(!StringUtils.isEmpty(principal)) { 19 | return new KanBanUserDetails(new KanBanUser(principal)); 20 | } 21 | 22 | return null; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port=9000 2 | server.context-path=/api 3 | spring.data.mongodb.uri=mongodb://127.0.0.1:27017/security -------------------------------------------------------------------------------- /src/main/resources/kanban-sso.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8000; 3 | server_name kanban.com; 4 | 5 | root /usr/local/var/www/kanban/; 6 | 7 | error_page 500 = @error401; 8 | error_page 401 = @error401; 9 | 10 | location @error401 { 11 | return 302 http://sso.kanban.com:8100/sso?return=$scheme://$http_host$request_uri; 12 | } 13 | 14 | auth_request /api/auth; 15 | 16 | location /api { 17 | proxy_pass http://api.kanban.com:9000; 18 | 19 | proxy_set_header X-Original-URI $request_uri; 20 | proxy_set_header Host $http_host; 21 | proxy_set_header X-Real-IP $remote_addr; 22 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 23 | proxy_set_header X-Forwarded-Proto $scheme; 24 | 25 | if ($http_cookie ~* "w3=(\w+)") { 26 | set $token "$1"; 27 | } 28 | 29 | proxy_set_header X-KANBAN-TOKEN $token; 30 | } 31 | 32 | location = /api/auth { 33 | internal; 34 | 35 | proxy_pass http://api.kanban.com:9000; 36 | 37 | proxy_pass_request_body off; 38 | 39 | proxy_set_header Content-Length ""; 40 | proxy_set_header X-Original-URI $request_uri; 41 | proxy_set_header Host $http_host; 42 | proxy_set_header X-Real-IP $remote_addr; 43 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 44 | proxy_set_header X-Forwarded-Proto $scheme; 45 | 46 | if ($http_cookie ~* "w3=(\w+)") { 47 | set $token "$1"; 48 | } 49 | 50 | proxy_set_header X-KANBAN-TOKEN $token; 51 | } 52 | } 53 | --------------------------------------------------------------------------------