Skip to content

Commit 2fabcdc

Browse files
Sheikah45Brutus5000
authored andcommitted
Split classic and hydra jwtAccessTokenConverters so they can each have their own scope attribute
1 parent 6e17cf8 commit 2fabcdc

3 files changed

Lines changed: 32 additions & 8 deletions

File tree

src/main/java/com/faforever/api/config/security/oauth2/OAuthJwtConfig.java

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import com.faforever.api.config.FafApiProperties;
44
import com.faforever.api.security.FafMultiTokenStore;
55
import com.faforever.api.security.FafUserAuthenticationConverter;
6+
import org.springframework.beans.factory.annotation.Qualifier;
67
import org.springframework.context.annotation.Bean;
78
import org.springframework.context.annotation.Configuration;
89
import org.springframework.context.annotation.Primary;
@@ -33,11 +34,16 @@ public DefaultTokenServices tokenServices(TokenStore tokenStore) {
3334
}
3435

3536
@Bean
36-
public TokenStore tokenStore(FafApiProperties properties, JwtAccessTokenConverter jwtAccessTokenConverter) {
37-
return new FafMultiTokenStore(properties, jwtAccessTokenConverter);
37+
public TokenStore tokenStore(FafApiProperties properties,
38+
@Qualifier("classicAccessTokenConverter")
39+
JwtAccessTokenConverter jwtAccessTokenConverter,
40+
@Qualifier("hydraAccessTokenConverter")
41+
JwtAccessTokenConverter hydraAccessTokenConverter) {
42+
return new FafMultiTokenStore(properties, jwtAccessTokenConverter, hydraAccessTokenConverter);
3843
}
3944

40-
@Bean
45+
@Bean(name = "classicAccessTokenConverter")
46+
@Primary
4147
protected JwtAccessTokenConverter jwtAccessTokenConverter() throws IOException {
4248
String secretKey = Files.readString(fafApiProperties.getJwt().getSecretKeyPath());
4349
String publicKey = Files.readString(fafApiProperties.getJwt().getPublicKeyPath());
@@ -48,4 +54,17 @@ protected JwtAccessTokenConverter jwtAccessTokenConverter() throws IOException {
4854
((DefaultAccessTokenConverter) jwtAccessTokenConverter.getAccessTokenConverter()).setUserTokenConverter(new FafUserAuthenticationConverter());
4955
return jwtAccessTokenConverter;
5056
}
57+
58+
@Bean(name = "hydraAccessTokenConverter")
59+
protected JwtAccessTokenConverter hydraAccessTokenConverter() throws IOException {
60+
String secretKey = Files.readString(fafApiProperties.getJwt().getSecretKeyPath());
61+
String publicKey = Files.readString(fafApiProperties.getJwt().getPublicKeyPath());
62+
63+
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
64+
jwtAccessTokenConverter.setSigningKey(secretKey);
65+
jwtAccessTokenConverter.setVerifierKey(publicKey);
66+
((DefaultAccessTokenConverter) jwtAccessTokenConverter.getAccessTokenConverter()).setUserTokenConverter(new FafUserAuthenticationConverter());
67+
((DefaultAccessTokenConverter) jwtAccessTokenConverter.getAccessTokenConverter()).setScopeAttribute("scp");
68+
return jwtAccessTokenConverter;
69+
}
5170
}

src/main/java/com/faforever/api/security/FafMultiTokenStore.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package com.faforever.api.security;
22

33
import com.faforever.api.config.FafApiProperties;
4+
import org.springframework.beans.factory.annotation.Qualifier;
45
import org.springframework.security.jwt.Jwt;
56
import org.springframework.security.jwt.JwtHelper;
67
import org.springframework.security.oauth2.common.OAuth2AccessToken;
@@ -35,11 +36,15 @@ public class FafMultiTokenStore implements TokenStore {
3536

3637
private final FafApiProperties fafApiProperties;
3738

38-
public FafMultiTokenStore(FafApiProperties fafApiProperties, JwtAccessTokenConverter jwtAccessTokenConverter) {
39+
public FafMultiTokenStore(FafApiProperties fafApiProperties,
40+
@Qualifier("classicAccessTokenConverter")
41+
JwtAccessTokenConverter jwtAccessTokenConverter,
42+
@Qualifier("hydraAccessTokenConverter")
43+
JwtAccessTokenConverter hydraAccessTokenConverter) {
3944
this.fafApiProperties = fafApiProperties;
4045

4146
classicTokenStore = new JwtTokenStore(jwtAccessTokenConverter);
42-
hydraTokenStore = new JwkTokenStore(fafApiProperties.getJwt().getFafHydraJwksUrl(), jwtAccessTokenConverter);
47+
hydraTokenStore = new JwkTokenStore(fafApiProperties.getJwt().getFafHydraJwksUrl(), hydraAccessTokenConverter);
4348
}
4449

4550
@Override

src/main/resources/config/application-dev.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ faf-api:
22
jwt:
33
secretKeyPath: ${JWT_PRIVATE_KEY_PATH:test-pki-private.key}
44
publicKeyPath: ${JWT_PUBLIC_KEY_PATH:test-pki-public.key}
5-
fafHydraJwksUrl: ${JWT_FAF_HYDRA_JWKS_URL:https://hydra.test.faforever.com/.well-known/jwks.json}
6-
fafHydraIssuer: ${JWT_FAF_HYDRA_ISSUER:https://hydra.test.faforever.com/}
5+
fafHydraJwksUrl: ${JWT_FAF_HYDRA_JWKS_URL:http://localhost:4444/.well-known/jwks.json}
6+
fafHydraIssuer: ${JWT_FAF_HYDRA_ISSUER:http://localhost:4444/}
77
map:
88
target-directory: ${MAP_UPLOAD_PATH:build/cache/map/maps}
99
directory-preview-path-small: ${MAP_PREVIEW_PATH_SMALL:build/cache/map_previews/small}
@@ -46,7 +46,7 @@ faf-api:
4646
password-reset:
4747
password-reset-url-format: ${PASSWORD_RESET_URL_FORMAT:http://localhost:8020/account/password/confirmReset?username=%s&token=%s}
4848
subject: ${PASSWORD_RESET_EMAIL_SUBJECT:FAF password reset}
49-
html-format: ${PASSWORD_RESET_EMAIL_BODY:Registration email body}
49+
html-format: ${PASSWORD_RESET_EMAIL_BODY:Reset email body for user {0} with reset link {1}}
5050
steam:
5151
realm: ${STEAM_REALM:http://localhost}
5252
api-key: ${STEAM_API_KEY:banana}

0 commit comments

Comments
 (0)