OpenID Connect support (#865)

* Added OpenID Connect support

Utilized Spring Security's OAuth2 respectively OIDC support as another
possibility to manage users and their permissions.

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>

* Document OpenID Connect Support

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>

* Updated license in OidcUserManagementAutoConfiguration.java

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>

* Revert updated license notice and add Kiwigrid license file

This reverts commit 23d36245

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>

* Resolve SonarQube issues

- Explicitly import the needed specific classes
- Document public methods
- Add `static` to the constant `JwtAuthoritiesOidcUserService.INVALID_REQUEST`
- Remove superfluous runtime exception `OAuth2AuthenticationException`

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>

* Add OidcUser support in SpringSecurityAuditorAware

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>

* Secure Management API using OpenID Connect, too.

Signed-off-by: Brandon Schmitt <Brandon.Schmitt@kiwigrid.com>
This commit is contained in:
Brandon Schmitt
2020-01-14 13:09:13 +01:00
committed by Dominic Schabel
parent 38017ba7bc
commit 1bcced9838
11 changed files with 492 additions and 38 deletions

View File

@@ -12,14 +12,18 @@ import java.util.Collections;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
import org.eclipse.hawkbit.repository.model.BaseEntity;
import org.eclipse.hawkbit.ui.utils.SpringContextHelper;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import com.vaadin.server.VaadinService;
@@ -187,7 +191,20 @@ public final class UserDetailsFormatter {
public static UserDetails getCurrentUser() {
final SecurityContext context = (SecurityContext) VaadinService.getCurrentRequest().getWrappedSession()
.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
return (UserDetails) context.getAuthentication().getPrincipal();
Authentication authentication = context.getAuthentication();
if (authentication instanceof OAuth2AuthenticationToken) {
OidcUser oidcUser = (OidcUser) authentication.getPrincipal();
Object details = authentication.getDetails();
String tenant = "DEFAULT";
if (details instanceof TenantAwareAuthenticationDetails) {
tenant = ((TenantAwareAuthenticationDetails) details).getTenant();
}
return new UserPrincipal(oidcUser.getPreferredUsername(), "***", oidcUser.getGivenName(),
oidcUser.getFamilyName(), oidcUser.getPreferredUsername(), oidcUser.getEmail(), tenant,
oidcUser.getAuthorities());
} else {
return (UserDetails) authentication.getPrincipal();
}
}
private static String trimAndFormatDetail(final String formatString, final int expectedDetailLength) {