JAVA-29298: Update spring-security-opa to parent-boot-3. (#15827)

2024-02-12 21:15:52 +01:00 · 2024-02-12 21:15:52 +01:00 · 3cd8d990e3
commit 3cd8d990e3
parent 831acaf8cf
10 changed files with 107 additions and 137 deletions
--- a/spring-security-modules/spring-security-opa/README.md
+++ b/spring-security-modules/spring-security-opa/README.md
@ -1,3 +1,4 @@
 Note: For integration testing get the OPA server running first. Check the official [OPA documentation](https://www.openpolicyagent.org/docs/latest/) for instructions on how to run the OPA server.
 ### Relevant Articles:
--- a/spring-security-modules/spring-security-opa/pom.xml
+++ b/spring-security-modules/spring-security-opa/pom.xml
@ -1,5 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://maven.apache.org/POM/4.0.0"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <artifactId>spring-security-opa</artifactId>
@ -7,8 +7,9 @@
    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>spring-security-modules</artifactId>
+        <artifactId>parent-boot-3</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <relativePath>../../parent-boot-3</relativePath>
    </parent>
    <dependencies>
@ -28,7 +29,7 @@
        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>guava</artifactId>
-            <version>31.0.1-jre</version>
+            <version>${guava.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
--- a/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/config/OpaConfiguration.java
+++ b/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/config/OpaConfiguration.java
@ -17,8 +17,7 @@ public class OpaConfiguration {
    @Bean
    public WebClient opaWebClient(WebClient.Builder builder) {
-        return builder
+        return builder.baseUrl(opaProperties.getEndpoint())
          .baseUrl(opaProperties.getEndpoint())
            .build();
    }
--- a/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/config/OpaProperties.java
+++ b/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/config/OpaProperties.java
@ -1,14 +1,14 @@
 package com.baeldung.security.opa.config;
 import javax.annotation.Nonnull;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import jakarta.annotation.Nonnull;
 import lombok.Data;
@ConfigurationProperties(prefix = "opa")
@Data
 public class OpaProperties {
    @Nonnull
    private String endpoint = "http://localhost:8181";
 }
--- a/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/config/SecurityConfiguration.java
+++ b/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/config/SecurityConfiguration.java
@ -1,8 +1,6 @@
 package com.baeldung.security.opa.config;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
@ -11,17 +9,16 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.MediaType;
 import org.springframework.http.client.reactive.ClientHttpRequest;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authorization.AuthorizationContext;
 import org.springframework.web.reactive.function.BodyInserter;
 import org.springframework.web.reactive.function.BodyInserters;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.WebClient;
@ -33,78 +30,64 @@ import reactor.core.publisher.Mono;
@Configuration
 public class SecurityConfiguration {
    @Bean
    public SecurityWebFilterChain accountAuthorization(ServerHttpSecurity http, @Qualifier("opaWebClient") WebClient opaWebClient) {
-        
+        return http.httpBasic(Customizer.withDefaults())
-        // @formatter:on
+            .authorizeExchange(exchanges -> exchanges.pathMatchers("/account/*")
-        return http
+                .access(opaAuthManager(opaWebClient)))
          .httpBasic()
          .and()
          .authorizeExchange(exchanges -> {
              exchanges
                .pathMatchers("/account/*")
                .access(opaAuthManager(opaWebClient));
          })
            .build();
        // @formatter:on
    }
    @Bean
    public ReactiveAuthorizationManager<AuthorizationContext> opaAuthManager(WebClient opaWebClient) {
-        
+        return (auth, context) -> opaWebClient.post()
        return (auth, context) -> {
            return opaWebClient.post()
            .accept(MediaType.APPLICATION_JSON)
            .contentType(MediaType.APPLICATION_JSON)
            .body(toAuthorizationPayload(auth, context), Map.class)
            .exchangeToMono(this::toDecision);
        };
    }
    private Mono<AuthorizationDecision> toDecision(ClientResponse response) {
-        
+        if (!response.statusCode()
-        if ( !response.statusCode().is2xxSuccessful()) {
+            .is2xxSuccessful()) {
            return Mono.just(new AuthorizationDecision(false));
        }
-        return response
+        return response.bodyToMono(ObjectNode.class)
         .bodyToMono(ObjectNode.class)
            .map(node -> {
-             boolean authorized = node.path("result").path("authorized").asBoolean(false);
+                boolean authorized = node.path("result")
                    .path("authorized")
                    .asBoolean(false);
                return new AuthorizationDecision(authorized);
            });
    }
    private Publisher<Map<String, Object>> toAuthorizationPayload(Mono<Authentication> auth, AuthorizationContext context) {
-        // @formatter:off
+        return auth.defaultIfEmpty(
-        return auth
+                new AnonymousAuthenticationToken("**ANONYMOUS**", new Object(), Collections.singletonList(new SimpleGrantedAuthority("ANONYMOUS"))))
          .defaultIfEmpty(new AnonymousAuthenticationToken("**ANONYMOUS**", new Object(), Arrays.asList(new SimpleGrantedAuthority("ANONYMOUS"))))
            .map(a -> {
-              
+                Map<String, String> headers = context.getExchange()
-              Map<String,String> headers = context.getExchange().getRequest()
+                    .getRequest()
                    .getHeaders()
                    .toSingleValueMap();
                Map<String, Object> attributes = ImmutableMap.<String, Object> builder()
                    .put("principal", a.getName())
-                .put("authorities",
+                    .put("authorities", a.getAuthorities()
                   a.getAuthorities()
                        .stream()
-                     .map(g -> g.getAuthority())
+                        .map(GrantedAuthority::getAuthority)
                        .collect(Collectors.toList()))
-                .put("uri", context.getExchange().getRequest().getURI().getPath())
+                    .put("uri", context.getExchange()
                        .getRequest()
                        .getURI()
                        .getPath())
                    .put("headers", headers)
                    .build();
-              Map<String,Object> input = ImmutableMap.<String,Object>builder()
+                return ImmutableMap.<String, Object> builder()
                    .put("input", attributes)
                    .build();
              return input;
            });
        // @formatter:on
    }
 }
--- a/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/domain/Account.java
+++ b/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/domain/Account.java
@ -11,15 +11,12 @@ public class Account {
    private BigDecimal balance;
    private String currency;
    public static Account of(String id, BigDecimal balance, String currency) {
-        Account acc = new Account();
+        Account account = new Account();
-        acc.setId(id);
+        account.setId(id);
-        acc.setBalance(balance);
+        account.setBalance(balance);
-        acc.setCurrency(currency);
+        account.setCurrency(currency);
-        
+        return account;
        return acc;
    }
 }
--- a/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/service/AccountService.java
+++ b/spring-security-modules/spring-security-opa/src/main/java/com/baeldung/security/opa/service/AccountService.java
@ -1,6 +1,3 @@
 /**
 * 
 */
 package com.baeldung.security.opa.service;
 import java.math.BigDecimal;
@ -13,10 +10,6 @@ import com.google.common.collect.ImmutableMap;
 import reactor.core.publisher.Mono;
 /**
 * @author Philippe
 *
 */
@Service
 public class AccountService {
@ -28,7 +21,6 @@ public class AccountService {
        .put("0005", Account.of("0005", BigDecimal.valueOf(10400.00), "JPY"))
        .build();
    public Mono<Account> findByAccountId(String accountId) {
        return Mono.just(accounts.get(accountId))
            .switchIfEmpty(Mono.error(new IllegalArgumentException("invalid.account")));
--- a/spring-security-modules/spring-security-opa/src/test/java/com/baeldung/security/opa/controller/AccountControllerLiveTest.java
+++ b/spring-security-modules/spring-security-opa/src/test/java/com/baeldung/security/opa/controller/AccountControllerLiveTest.java
@ -12,7 +12,6 @@ import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.reactive.server.WebTestClient;
 // !!! NOTICE: Start OPA server before running this test class !!!
@SpringBootTest
@ActiveProfiles("test")
 class AccountControllerLiveTest {
@ -29,7 +28,6 @@ class AccountControllerLiveTest {
            .build();
    }
    @Test
    @WithMockUser(username = "user1", roles = { "account:read:0001" })
    void testGivenValidUser_thenSuccess() {
@ -63,5 +61,4 @@ class AccountControllerLiveTest {
            .isForbidden();
    }
 }
`@ -1,3 +1,4 @@`
		`Note: For integration testing get the OPA server running first. Check the official [OPA documentation](https://www.openpolicyagent.org/docs/latest/) for instructions on how to run the OPA server.`

	`### Relevant Articles:`	`### Relevant Articles:`