1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.bremersee.security.authentication;
18
19 import lombok.extern.slf4j.Slf4j;
20 import org.bremersee.web.CorsProperties;
21 import org.springframework.beans.factory.ObjectProvider;
22 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
23 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
24 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
25 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
26 import org.springframework.boot.context.event.ApplicationReadyEvent;
27 import org.springframework.boot.context.properties.EnableConfigurationProperties;
28 import org.springframework.context.annotation.Bean;
29 import org.springframework.context.annotation.Conditional;
30 import org.springframework.context.annotation.Configuration;
31 import org.springframework.context.event.EventListener;
32 import org.springframework.core.env.Environment;
33 import org.springframework.security.authentication.ReactiveAuthenticationManager;
34 import org.springframework.security.config.web.server.ServerHttpSecurity;
35 import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec;
36 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
37 import org.springframework.security.crypto.password.PasswordEncoder;
38 import org.springframework.security.web.server.SecurityWebFilterChain;
39
40
41
42
43
44
45 @ConditionalOnWebApplication(type = Type.REACTIVE)
46 @Conditional({ResourceServerAutoSecurityCondition.class})
47 @ConditionalOnClass({
48 ServerHttpSecurity.class,
49 ReactiveAuthenticationManager.class,
50 PasswordFlowProperties.class
51 })
52 @ConditionalOnMissingBean(type = {
53 "org.bremersee.actuator.security.authentication.ReactiveResourceServerWithActuatorAutoConfiguration"
54 })
55 @EnableConfigurationProperties({CorsProperties.class, AuthProperties.class})
56 @Configuration
57 @Slf4j
58 public class ReactiveResourceServerAutoConfiguration
59 extends AbstractReactiveResourceServerAutoConfiguration {
60
61
62
63
64
65
66
67
68
69
70
71 public ReactiveResourceServerAutoConfiguration(
72 Environment environment,
73 CorsProperties corsProperties,
74 AuthProperties securityProperties,
75 ObjectProvider<JsonPathReactiveJwtConverter> jwtConverterProvider,
76 ObjectProvider<ReactiveUserDetailsService> userDetailsServiceProvider,
77 ObjectProvider<PasswordEncoder> passwordEncoderProvider) {
78 super(environment, corsProperties, securityProperties, jwtConverterProvider,
79 userDetailsServiceProvider, passwordEncoderProvider);
80 }
81
82 @EventListener(ApplicationReadyEvent.class)
83 @Override
84 public void init() {
85 super.init();
86 }
87
88 @Override
89 protected AuthorizeExchangeSpec init(ServerHttpSecurity http) {
90 return http.authorizeExchange();
91 }
92
93
94
95
96
97
98
99 @Bean
100 public SecurityWebFilterChain resourceServerFilterChain(
101 ObjectProvider<ServerHttpSecurity> httpProvider) {
102 return super.resourceServerFilterChain(httpProvider.getIfAvailable());
103 }
104
105 }