personal-finances/pefi-login-service/src/main/java/dev/mvvasilev/configuration/SecurityConfiguration.java

package dev.mvvasilev.configuration;

import dev.mvvasilev.service.TokenRefreshService;
import dev.mvvasilev.utils.CookieUtils;
import jakarta.servlet.http.Cookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Value("${auth.success.redirect}")
    private String redirect;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http, OAuth2AuthorizedClientRepository repository) throws Exception {
        return http
                .authorizeHttpRequests(authorize -> {
                    authorize.requestMatchers(HttpMethod.POST, "/refresh-token").permitAll();
                    authorize.anyRequest().authenticated();
                })
                .oauth2Login(l -> l.successHandler((req, res, auth) -> {
                    OAuth2AuthenticationToken oauth = (OAuth2AuthenticationToken) auth;

                    OAuth2AuthorizedClient authorizedClient = repository.loadAuthorizedClient(
                            oauth.getAuthorizedClientRegistrationId(),
                            auth,
                            req
                    );

                    res.addCookie(
                            CookieUtils.createAccessTokenCookie(authorizedClient.getAccessToken().getTokenValue())
                    );

                    if (authorizedClient.getRefreshToken() != null) {
                        res.addCookie(
                                CookieUtils.createRefreshTokenCookie(authorizedClient.getRefreshToken().getTokenValue())
                        );
                    }

                    res.setStatus(HttpStatus.TEMPORARY_REDIRECT.value());
                    res.addHeader("Location", redirect);

                }))
                .build();
    }
}
Add Kafka, zookeeper. Add nginx. 2024-02-07 14:10:53 +02:00			`package dev.mvvasilev.configuration;`

			`import dev.mvvasilev.service.TokenRefreshService;`
			`import dev.mvvasilev.utils.CookieUtils;`
			`import jakarta.servlet.http.Cookie;`
			`import org.springframework.beans.factory.annotation.Autowired;`
			`import org.springframework.beans.factory.annotation.Value;`
			`import org.springframework.context.annotation.Bean;`
			`import org.springframework.context.annotation.Configuration;`
			`import org.springframework.http.HttpMethod;`
			`import org.springframework.http.HttpStatus;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;`
			`import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;`
			`import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;`
			`import org.springframework.security.web.SecurityFilterChain;`

			`@Configuration`
			`@EnableWebSecurity`
			`public class SecurityConfiguration {`

			`@Value("${auth.success.redirect}")`
			`private String redirect;`

			`@Bean`
			`public SecurityFilterChain filterChain(HttpSecurity http, OAuth2AuthorizedClientRepository repository) throws Exception {`
			`return http`
			`.authorizeHttpRequests(authorize -> {`
			`authorize.requestMatchers(HttpMethod.POST, "/refresh-token").permitAll();`
			`authorize.anyRequest().authenticated();`
			`})`
			`.oauth2Login(l -> l.successHandler((req, res, auth) -> {`
			`OAuth2AuthenticationToken oauth = (OAuth2AuthenticationToken) auth;`

			`OAuth2AuthorizedClient authorizedClient = repository.loadAuthorizedClient(`
			`oauth.getAuthorizedClientRegistrationId(),`
			`auth,`
			`req`
			`);`

			`res.addCookie(`
			`CookieUtils.createAccessTokenCookie(authorizedClient.getAccessToken().getTokenValue())`
			`);`

			`if (authorizedClient.getRefreshToken() != null) {`
			`res.addCookie(`
			`CookieUtils.createRefreshTokenCookie(authorizedClient.getRefreshToken().getTokenValue())`
			`);`
			`}`

			`res.setStatus(HttpStatus.TEMPORARY_REDIRECT.value());`
			`res.addHeader("Location", redirect);`

			`}))`
			`.build();`
			`}`
			`}`