update security module

2024-09-10 17:21:09 +10:00
parent 41102b7453
commit cefddb61e1
10 changed files with 260 additions and 1 deletions
--- a/security/pom.xml
+++ b/security/pom.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>sydney.cheng</groupId>
+        <artifactId>ec-microservice-commons</artifactId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>ec-microservice-commons-security</artifactId>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>sydney.cheng</groupId>
+            <artifactId>ec-microservice-commons-configuration</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>sydney.cheng</groupId>
+            <artifactId>ec-microservice-commons-exceptions</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
+    </dependencies>
+</project>
--- a/security/src/main/java/sydney/cheng/microservice/commons/security/config/FeignConfig.java
+++ b/security/src/main/java/sydney/cheng/microservice/commons/security/config/FeignConfig.java
@@ -0,0 +1,14 @@
+package sydney.cheng.microservice.commons.security.config;
+
+import feign.codec.ErrorDecoder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import sydney.cheng.microservice.commons.security.utils.FeignErrorDecoder;
+
+@Configuration
+public class FeignConfig {
+    @Bean
+    public ErrorDecoder errorDecoder() {
+        return new FeignErrorDecoder();
+    }
+}
--- a/security/src/main/java/sydney/cheng/microservice/commons/security/config/SecurityConfig.java
+++ b/security/src/main/java/sydney/cheng/microservice/commons/security/config/SecurityConfig.java
@@ -0,0 +1,60 @@
+package sydney.cheng.microservice.commons.security.config;
+
+import lombok.AllArgsConstructor;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import sydney.cheng.microservice.commons.configuration.properties.auth.CorsProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+@AllArgsConstructor
+public class SecurityConfig {
+    private final CorsProperties corsProperties;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        return http
+                .formLogin(AbstractHttpConfigurer::disable)
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+                .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
+                .authorizeHttpRequests(authorize ->
+                        authorize
+                                .requestMatchers(HttpMethod.OPTIONS, "*").permitAll()
+                                .requestMatchers("/actuator/**",
+                                        "/swagger-ui/**", "/swagger-resources/**", "/api-docs/**",
+                                        "/config/**"
+                                ).permitAll()
+                                .anyRequest().authenticated()
+                )
+                .exceptionHandling(exceptionHandling -> exceptionHandling.accessDeniedHandler(new AccessDeniedHandlerImpl()))
+                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .httpBasic(Customizer.withDefaults())
+
+                .build();
+    }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+        corsConfiguration.setAllowCredentials(corsProperties.isAllowCredentials());
+        corsConfiguration.setAllowedOrigins(corsProperties.getAllowedUrlList());
+        corsConfiguration.setAllowedHeaders(corsProperties.getAllowedHeaders());
+        corsConfiguration.setAllowedMethods(corsProperties.getAllowedMethods());
+        corsConfiguration.setMaxAge(corsProperties.getAllowedMaxAge());
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", corsConfiguration);
+        return source;
+    }
+}
--- a/security/src/main/java/sydney/cheng/microservice/commons/security/utils/FeignErrorDecoder.java
+++ b/security/src/main/java/sydney/cheng/microservice/commons/security/utils/FeignErrorDecoder.java
@@ -0,0 +1,41 @@
+package sydney.cheng.microservice.commons.security.utils;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import feign.Response;
+import feign.codec.ErrorDecoder;
+import org.apache.commons.io.IOUtils;
+import org.springframework.http.HttpStatus;
+import sydney.cheng.microservice.commons.exceptions.feign.FeignBadRequestException;
+import sydney.cheng.microservice.commons.exceptions.feign.FeignErrorException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+
+public class FeignErrorDecoder implements ErrorDecoder {
+    private final ObjectMapper mapper = new ObjectMapper();
+
+    @Override
+    public Exception decode(String methodKey, Response response) {
+        try (InputStream body = response.body().asInputStream()) {
+            Map<String, String> errors =
+                    mapper.readValue(IOUtils.toString(body, StandardCharsets.UTF_8), Map.class);
+            if (response.status() == 400) {
+                return FeignBadRequestException.builder()
+                        .errors(errors).build();
+            } else
+                return FeignErrorException
+                        .builder()
+                        .httpStatus(HttpStatus.valueOf(response.status()))
+                        .message(errors.get("error"))
+                        .build();
+
+        } catch (IOException exception) {
+            throw FeignErrorException.builder()
+                    .httpStatus(HttpStatus.valueOf(response.status()))
+                    .message(exception.getMessage())
+                    .build();
+        }
+    }
+}