From dbee64258dd9e4f19088cee184f113cef5575442 Mon Sep 17 00:00:00 2001
From: Andrej Zabka <andrej.zabka@mavenir.com>
Date: Tue, 25 Apr 2023 00:24:08 +0200
Subject: [PATCH] security - moved to next problem

---
 core/openapi.yaml                             | 16 -------
 .../cz/muni/pa165/config/SecurityConfig.java  | 43 +++++++++++++++++--
 .../src/main/resources/application.properties | 32 ++++----------
 3 files changed, 47 insertions(+), 44 deletions(-)

diff --git a/core/openapi.yaml b/core/openapi.yaml
index 80ac4e0..5b3c627 100644
--- a/core/openapi.yaml
+++ b/core/openapi.yaml
@@ -12,19 +12,7 @@ tags:
   - name: DriverService
   - name: EngineerService
 
-#toto by malo byt dolezite, to nejak definuje tu securitu, a potom by malo stacit pri kazdej metode definovat jej potrebny scope
-#teraz je ten scope test_5 definovany pre vsetky metody lebo je to globalne nastavene (riadok 365)
-#ked tam je ta security nastavena v swaggeri to ukazuje tie zamky, bud pri metodach alebo globalne na vsetky
 components:
-  securitySchemes:
-    oauth2:
-      type: oauth2
-      flows:
-        authorizationCode:
-          authorizationUrl: https://oidc.muni.cz/oidc/authorize
-          tokenUrl: https://oidc.muni.cz/oidc/token
-          scopes:
-            test_5: testing scope
 
   schemas:
     CarComponentType:
@@ -361,10 +349,6 @@ components:
               message:
                 type: string
 
-security:
-  - oauth2:
-      - test_5
-
 paths:
   /driver:
     post:
diff --git a/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java b/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
index e068489..263e0d1 100644
--- a/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
+++ b/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
@@ -1,21 +1,56 @@
 package cz.muni.pa165.config;
 
+import io.swagger.v3.oas.models.security.OAuthFlow;
+import io.swagger.v3.oas.models.security.OAuthFlows;
+import io.swagger.v3.oas.models.security.Scopes;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import org.springdoc.core.customizers.OpenApiCustomizer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 
 @Configuration
+@EnableWebSecurity
+@EnableWebMvc
 public class SecurityConfig {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.
-                authorizeHttpRequests()
-                .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
-                .anyRequest().authenticated();
+        http
+                .authorizeHttpRequests(x -> x
+                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**")
+                        .permitAll().anyRequest().authenticated()
+                )
+                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken)
+        ;
         return http.build();
     }
 
+    @Bean
+    public OpenApiCustomizer openAPICustomizer() {
+        return openApi -> openApi.getComponents()
+                .addSecuritySchemes("OAuth2",
+                        new SecurityScheme()
+                                .type(SecurityScheme.Type.OAUTH2)
+                                .description("get access token with Authorization Code Grant")
+                                .flows(new OAuthFlows()
+                                        .authorizationCode(new OAuthFlow()
+                                                .authorizationUrl("https://oidc.muni.cz/oidc/authorize")
+                                                .tokenUrl("https://oidc.muni.cz/oidc/token")
+                                                .scopes(new Scopes()
+                                                        .addString("openid", "idk")
+                                                        .addString("test_5", "deleting events")
+                                                )
+                                        )
+                                )
+                );
+    }
+
+
 }
\ No newline at end of file
diff --git a/core/src/main/resources/application.properties b/core/src/main/resources/application.properties
index e85de08..1a74968 100644
--- a/core/src/main/resources/application.properties
+++ b/core/src/main/resources/application.properties
@@ -14,34 +14,18 @@ appconfig.enablecache=false
 
 #resource server nastavenia - toto by malo len znamenat ze ta nasa appka si na tejto adrese bude overovat tie tokeny co dostane v requestoch
 #skopirovane z cvika
-#spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://oidc.muni.cz/oidc/introspect
-#spring.security.oauth2.resourceserver.opaquetoken.client-id=d57b3a8f-156e-46de-9f27-39c4daee05e1
-#spring.security.oauth2.resourceserver.opaquetoken.client-secret=fa228ebc-4d54-4cda-901e-4d6287f8b1652a9c9c44-73c9-4502-973f-bcdb4a8ec96a
+spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=https://oidc.muni.cz/oidc/introspect
+spring.security.oauth2.resourceserver.opaquetoken.client-id=d57b3a8f-156e-46de-9f27-39c4daee05e1
+spring.security.oauth2.resourceserver.opaquetoken.client-secret=fa228ebc-4d54-4cda-901e-4d6287f8b1652a9c9c44-73c9-4502-973f-bcdb4a8ec96a
 
-
-#client nastavenia - toto spravi tu login screen na zaciatku a getne to ten token, podla logov v conzole vyzera ze to funguje tie scopy tam su spravne nastavene
-#neviem ci toto vobec my potrebujeme, lebo my nemame clienta nas client je swagger, neviem ci swagger dokaze narabat s tym co sa pomocou tohto nacita
-#ten openid scope tam byt musi bez toho to nejde
-#myslim ze tam toto nema byt, ta autentikacia sa spravi cez swagger len ot treba opravit
-#spring.security.oauth2.client.registration.google.client-id=487495688780-ueip6ipilfbnvhfvon4cmc6pa764dgf2.apps.googleusercontent.com
-#spring.security.oauth2.client.registration.google.client-secret=qwlcvnsmJT7YnVcW0xuyOGVw
-#spring.security.oauth2.client.registration.muni.client-id=7e02a0a9-446a-412d-ad2b-90add47b0fdd
-#spring.security.oauth2.client.registration.muni.client-secret=48a2b2e3-4b2b-471e-b7b7-b81a85b6eeef22f347f2-3fc9-4e16-8698-3e2492701a89
-#spring.security.oauth2.client.registration.muni.client-name=MUNI Unified Login
-#spring.security.oauth2.client.registration.muni.provider=muni
-#spring.security.oauth2.client.registration.muni.scope=openid, test_5
-#spring.security.oauth2.client.provider.muni.issuer-uri=https://oidc.muni.cz/oidc/
-
-#logovanie security kktin do console
+#logovanie security do console
 logging.level.org.springframework.security=DEBUG
-logging.level.io.swagger=DEBUG
-
-#random veci co som skusal a nepomohli
 
+#swagger nastavenia
 springdoc.swagger-ui.oauth.client-id=7e02a0a9-446a-412d-ad2b-90add47b0fdd
 springdoc.swagger-ui.oauth.client-secret=48a2b2e3-4b2b-471e-b7b7-b81a85b6eeef22f347f2-3fc9-4e16-8698-3e2492701a89
 springdoc.swagger-ui.oauth.scopes=openid, test_5
-springdoc.swagger-ui.oauth2-redirect-url=https://oidc.muni.cz/oidc/
-#springdoc.swagger-ui.csrf.enabled=true
-#spring.security.csrf.enabled=false
 
+#bez tejto url to nefunguje - ta muni stranka vypise error, lenze tato url znamena ze po tej autentizacii to redirectne na hentaku neexistujucu url
+#myslim si ze je to chyba toho typka co to nastavoval a proste by to malo povolovat aj ine redirect adresy, ale neviem
+springdoc.swagger-ui.oauth2-redirect-url=http://localhost:8080/login/oauth2/code/muni
-- 
GitLab