This CoffeeNet starter secures your application with spring security and provides access with OAuth2 and the CoffeeNet Auth Server. By default all endpoints are secured, but can be configured.
This is a module in the starter set, so you first need to declare your project
as a child of the starter parent by editing the pom.xml file.
<parent>
<groupId>rocks.coffeenet</groupId>
<artifactId>coffeenet-starter-parent</artifactId>
<version>${parent.version}</version>
<relativePath />
</parent>Now you can enable security in your project, by first adding the dependency:
<dependency>
<groupId>rocks.coffeenet</groupId>
<artifactId>coffeenet-starter-security</artifactId>
</dependency>In order to get everything up and running there are some requirements that your project must fulfill.
coffeenet:
application-name:
profile: development
security:
enabled: true
logout-success-url: http://localhost:9999/logout
default-login-success-url:
default-login-failure-url: /
resource:
id: oauth2-resource
user-info-uri: http://localhost:9999/user
client:
client-id:
client-secret:
user-authorization-uri: http://localhost:9999/oauth/authorize
access-token-uri: http://localhost:9999/oauth/tokenThe configuration with their default values.
In production you need to declare all *-uri and *-url properties to point
to your OAuth2 server instance (${authServerURL}).
You need to specify your OAuth2 client credentials (${clientId} and ${clientSecret}),
that were provided by the OAuth2 service, under coffeenet.security.client
coffeenet:
profile: integration
security:
resource:
user-info-uri: https://${authServerURL}/user
client:
client-id: ${clientId}
client-secret: ${clientSecret}
user-authorization-uri: https://${authServerURL}/oauth/authorize
access-token-uri: https://${authServerURL}/oauth/token
logout-success-url: https://${authServerURL}/logoutThe Single-Sign-On mechanism is activated if
coffeenet:
profile: integrationis set to integration. That means that the your application will
search at the given uri/urls under coffeenet.security for a
OAuth2 Server and tries to authenticate and authorize any request.
If you are in development mode
coffeenet
profile: developmentthere will be just a form login and no external dependencies/services are needed.
| User | Passwort | Rollen | |
|---|---|---|---|
| admin | admin | admin@coffeenet | COFFEENET-ADMIN & USER |
| user | user | user@coffeenet | USER |
If you want to change the default security configuration and maybe want to not secure an endpoints e.g. than you can create your own beans.
Create your own MySecurityConfig bean, extend IntegrationCoffeeNetWebSecurityConfigurerAdapter
and expose it via @Bean or via @Configuration like in the example below.
To use provided OAuth2 Single-Sign-On mechanism just call enableSso(http) and
than you can configure your application with the default spring security behaviour.
@Configuration
@ConditionalOnProperty(prefix = "coffeenet", name = "profile", havingValue = "integration")
public class MySecurityConfig extends IntegrationCoffeeNetWebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
enableSso(http)
.authorizeRequests()
...
}
}@Configuration
@ConditionalOnProperty(prefix = "coffeenet", name = "profile", havingValue = "development", matchIfMissing = true)
public class MyDevSecurityConfig extends DevelopmentCoffeeNetWebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("username").password("password").roles("COFFEENET-ADMIN")
.and()
.withUser("anotherUsername").password("anotherPassword").roles("EMPLOYEE");
}
}If you want to override the CoffeeNet default development securiy configuration just
create a bean MyDevSecurityConfig, extend from DevelopmentCoffeeNetWebSecurityConfigurerAdapter
and expose it via @Bean or via @Configuration like in the example below.