diff --git a/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/AuthConfig.java b/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/AuthConfig.java index ff1553ea28..1453207266 100644 --- a/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/AuthConfig.java +++ b/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/AuthConfig.java @@ -1,11 +1,11 @@ package co.airy.core.chat_plugin.config; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; @@ -24,9 +24,11 @@ ) public class AuthConfig extends WebSecurityConfigurerAdapter { private final Jwt jwt; + private final String systemToken; - public AuthConfig(Jwt jwt) { + public AuthConfig(Jwt jwt, @Value("${system_token:#{null}}") String systemToken) { this.jwt = jwt; + this.systemToken = systemToken; } @Override @@ -34,17 +36,13 @@ protected void configure(final HttpSecurity http) throws Exception { http.cors().and().csrf().disable() // Don't let Spring create its own session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - .addFilter(new JwtAuthenticationFilter(authenticationManager(), jwt)) + .addFilter(new JwtAuthenticationFilter(authenticationManager(), jwt, systemToken)) .authorizeRequests() + .antMatchers("/actuator/**", "/ws.chatplugin").permitAll() + .mvcMatchers("/chatplugin.authenticate", "/chatplugin.resumeToken").permitAll() .anyRequest().authenticated(); } - @Override - public void configure(WebSecurity web) { - web.ignoring() - .antMatchers("/actuator/**", "/ws.chatplugin") - .mvcMatchers("/chatplugin.authenticate", "/chatplugin.resumeToken"); - } @Bean CorsConfigurationSource corsConfigurationSource(final Environment environment) { diff --git a/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/JwtAuthenticationFilter.java b/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/JwtAuthenticationFilter.java index ed032bc457..fac6b7b66b 100644 --- a/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/JwtAuthenticationFilter.java +++ b/backend/sources/chat-plugin/src/main/java/co/airy/core/chat_plugin/config/JwtAuthenticationFilter.java @@ -1,7 +1,6 @@ package co.airy.core.chat_plugin.config; import co.airy.core.chat_plugin.Principal; -import org.springframework.http.HttpHeaders; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; @@ -18,10 +17,14 @@ public class JwtAuthenticationFilter extends BasicAuthenticationFilter { private final Jwt jwt; + private final String systemToken; + private final String systemTokenPrincipal; - public JwtAuthenticationFilter(AuthenticationManager authManager, Jwt jwt) { + public JwtAuthenticationFilter(AuthenticationManager authManager, Jwt jwt, String systemToken) { super(authManager); this.jwt = jwt; + this.systemToken = systemToken; + this.systemTokenPrincipal = systemToken == null ? null : String.format("system-token-%s", systemToken.substring(0, Math.min(systemToken.length(), 4))); } @Override @@ -42,6 +45,10 @@ protected void doFilterInternal(HttpServletRequest req, } private UsernamePasswordAuthenticationToken getAuthentication(String token) { + if (systemToken != null && systemToken.equals(token)) { + return new UsernamePasswordAuthenticationToken(systemTokenPrincipal, null, List.of()); + } + final Principal principal = jwt.authenticate(token); if (principal != null) { diff --git a/lib/java/spring/auth/src/main/java/co/airy/spring/auth/AuthConfig.java b/lib/java/spring/auth/src/main/java/co/airy/spring/auth/AuthConfig.java index bba74d9a39..e77d813c9f 100644 --- a/lib/java/spring/auth/src/main/java/co/airy/spring/auth/AuthConfig.java +++ b/lib/java/spring/auth/src/main/java/co/airy/spring/auth/AuthConfig.java @@ -26,11 +26,11 @@ public class AuthConfig extends WebSecurityConfigurerAdapter { private final Jwt jwt; private final String[] ignoreAuthPatterns; - private final String apiToken; + private final String systemToken; - public AuthConfig(Jwt jwt, @Value("${system_token:#{null}}") String apiToken, List ignorePatternBeans) { + public AuthConfig(Jwt jwt, @Value("${system_token:#{null}}") String systemToken, List ignorePatternBeans) { this.jwt = jwt; - this.apiToken = apiToken; + this.systemToken = systemToken; this.ignoreAuthPatterns = ignorePatternBeans.stream() .flatMap((ignoreAuthPatternBean -> ignoreAuthPatternBean.getIgnorePattern().stream())) .toArray(String[]::new); @@ -42,7 +42,7 @@ protected void configure(final HttpSecurity http) throws Exception { .csrf().disable() // Don't let Spring create its own session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - .addFilter(new JwtAuthenticationFilter(authenticationManager(), jwt, this.apiToken)) + .addFilter(new JwtAuthenticationFilter(authenticationManager(), jwt, this.systemToken)) .authorizeRequests(authorize -> authorize .antMatchers("/actuator/**", "/ws*").permitAll() .antMatchers(ignoreAuthPatterns).permitAll() diff --git a/lib/java/spring/auth/src/main/java/co/airy/spring/auth/JwtAuthenticationFilter.java b/lib/java/spring/auth/src/main/java/co/airy/spring/auth/JwtAuthenticationFilter.java index 75bd49b774..933777d811 100644 --- a/lib/java/spring/auth/src/main/java/co/airy/spring/auth/JwtAuthenticationFilter.java +++ b/lib/java/spring/auth/src/main/java/co/airy/spring/auth/JwtAuthenticationFilter.java @@ -1,7 +1,6 @@ package co.airy.spring.auth; import co.airy.spring.jwt.Jwt; -import lombok.Value; import org.springframework.http.HttpHeaders; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -18,14 +17,14 @@ public class JwtAuthenticationFilter extends BasicAuthenticationFilter { private final Jwt jwt; - private final String apiToken; + private final String systemToken; private final String apiTokenPrincipal; - public JwtAuthenticationFilter(AuthenticationManager authManager, Jwt jwt, String apiToken) { + public JwtAuthenticationFilter(AuthenticationManager authManager, Jwt jwt, String systemToken) { super(authManager); this.jwt = jwt; - this.apiToken = apiToken; - this.apiTokenPrincipal = apiToken == null ? null : String.format("api-token-%s", apiToken.substring(0, Math.min(apiToken.length(), 4))); + this.systemToken = systemToken; + this.apiTokenPrincipal = systemToken == null ? null : String.format("system-token-%s", systemToken.substring(0, Math.min(systemToken.length(), 4))); } @Override @@ -53,7 +52,7 @@ protected void doFilterInternal(HttpServletRequest req, } private UsernamePasswordAuthenticationToken getAuthentication(String token) { - if (apiToken != null && apiToken.equals(token)) { + if (systemToken != null && systemToken.equals(token)) { return new UsernamePasswordAuthenticationToken(apiTokenPrincipal, null, List.of()); }