Removed .yml oauth2 configs
This commit is contained in:
vzikratyi
parent
a6eefa903e
commit
ac8cfebe31
@ -207,7 +207,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
|
||||
.addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
||||
.addFilterBefore(buildWsJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
|
||||
.addFilterAfter(rateLimitProcessingFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
if (oauth2Configuration != null && oauth2Configuration.isEnabled()) {
|
||||
if (oauth2Configuration != null) {
|
||||
http.oauth2Login()
|
||||
.loginPage("/oauth2Login")
|
||||
.loginProcessingUrl(oauth2Configuration.getLoginProcessingUrl())
|
||||
|
||||
@ -107,62 +107,8 @@ security:
|
||||
basic:
|
||||
enabled: "${SECURITY_BASIC_ENABLED:false}"
|
||||
oauth2:
|
||||
# Enable/disable OAuth 2 login functionality
|
||||
# For details please refer to https://thingsboard.io/docs/user-guide/oauth-2-support/
|
||||
enabled: "${SECURITY_OAUTH2_ENABLED:false}"
|
||||
# Redirect URL where access code from external user management system will be processed
|
||||
loginProcessingUrl: "${SECURITY_OAUTH2_LOGIN_PROCESSING_URL:/login/oauth2/code/}"
|
||||
# List of SSO clients
|
||||
clients:
|
||||
default:
|
||||
# Label that going to be show on login button - 'Login with {loginButtonLabel}'
|
||||
loginButtonLabel: "${SECURITY_OAUTH2_DEFAULT_LOGIN_BUTTON_LABEL:Default}"
|
||||
# Icon that going to be show on login button. Material design icon ID (https://material.angularjs.org/latest/api/directive/mdIcon)
|
||||
loginButtonIcon: "${SECURITY_OAUTH2_DEFAULT_LOGIN_BUTTON_ICON:}"
|
||||
clientName: "${SECURITY_OAUTH2_DEFAULT_CLIENT_NAME:ClientName}"
|
||||
clientId: "${SECURITY_OAUTH2_DEFAULT_CLIENT_ID:}"
|
||||
clientSecret: "${SECURITY_OAUTH2_DEFAULT_CLIENT_SECRET:}"
|
||||
accessTokenUri: "${SECURITY_OAUTH2_DEFAULT_ACCESS_TOKEN_URI:}"
|
||||
authorizationUri: "${SECURITY_OAUTH2_DEFAULT_AUTHORIZATION_URI:}"
|
||||
scope: "${SECURITY_OAUTH2_DEFAULT_SCOPE:}"
|
||||
# Redirect URL that must be in sync with 'security.oauth2.loginProcessingUrl', but domain name added
|
||||
redirectUriTemplate: "${SECURITY_OAUTH2_DEFAULT_REDIRECT_URI_TEMPLATE:http://localhost:8080/login/oauth2/code/}"
|
||||
jwkSetUri: "${SECURITY_OAUTH2_DEFAULT_JWK_SET_URI:}"
|
||||
# 'authorization_code', 'implicit', 'refresh_token' or 'client_credentials'
|
||||
authorizationGrantType: "${SECURITY_OAUTH2_DEFAULT_AUTHORIZATION_GRANT_TYPE:authorization_code}"
|
||||
clientAuthenticationMethod: "${SECURITY_OAUTH2_DEFAULT_CLIENT_AUTHENTICATION_METHOD:post}" # basic or post
|
||||
userInfoUri: "${SECURITY_OAUTH2_DEFAULT_USER_INFO_URI:}"
|
||||
userNameAttributeName: "${SECURITY_OAUTH2_DEFAULT_USER_NAME_ATTRIBUTE_NAME:email}"
|
||||
mapperConfig:
|
||||
# Allows to create user if it not exists
|
||||
allowUserCreation: "${SECURITY_OAUTH2_DEFAULT_MAPPER_ALLOW_USER_CREATION:true}"
|
||||
# Allows user to setup ThingsBoard internal password and login over default Login window
|
||||
activateUser: "${SECURITY_OAUTH2_DEFAULT_MAPPER_ACTIVATE_USER:false}"
|
||||
# Mapper type of converter from external user into internal - 'basic' or 'custom'
|
||||
type: "${SECURITY_OAUTH2_DEFAULT_MAPPER_TYPE:basic}"
|
||||
basic:
|
||||
# Key from attributes of external user object to use as email
|
||||
emailAttributeKey: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_EMAIL_ATTRIBUTE_KEY:email}"
|
||||
firstNameAttributeKey: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_FIRST_NAME_ATTRIBUTE_KEY:}"
|
||||
lastNameAttributeKey: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_LAST_NAME_ATTRIBUTE_KEY:}"
|
||||
# Strategy for generating Tenant from external user object - 'domain', 'email' or 'custom'
|
||||
# 'domain' - name of the Tenant will be extracted as domain from the email of the user
|
||||
# 'email' - name of the Tenant will email of the user
|
||||
# 'custom' - please configure 'tenantNamePattern' for custom mapping
|
||||
tenantNameStrategy: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_TENANT_NAME_STRATEGY:domain}"
|
||||
# %{attribute_key} as placeholder for attribute value of attributes of external user object
|
||||
tenantNamePattern: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_TENANT_NAME_PATTERN:}"
|
||||
# If this field is not empty, user will be created as a user under defined Customer
|
||||
# %{attribute_key} as placeholder for attribute value of attributes of external user object
|
||||
customerNamePattern: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_CUSTOMER_NAME_PATTERN:}"
|
||||
# If this field is not empty, user will be created with default defined Dashboard
|
||||
defaultDashboardName: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_DEFAULT_DASHBOARD_NAME:}"
|
||||
# If this field is set 'true' along with non-empty 'defaultDashboardName', user will start from the defined Dashboard in fullscreen mode
|
||||
alwaysFullScreen: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_ALWAYS_FULL_SCREEN:false}"
|
||||
custom:
|
||||
url: "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_URL:}"
|
||||
username: "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_USERNAME:}"
|
||||
password: "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_PASSWORD:}"
|
||||
|
||||
# Dashboard parameters
|
||||
dashboard:
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
/**
|
||||
* Copyright © 2016-2020 The Thingsboard Authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.thingsboard.server.dao.oauth2;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class OAuth2Client {
|
||||
|
||||
private String loginButtonLabel;
|
||||
private String loginButtonIcon;
|
||||
private String clientName;
|
||||
private String clientId;
|
||||
private String clientSecret;
|
||||
private String accessTokenUri;
|
||||
private String authorizationUri;
|
||||
private String scope;
|
||||
private String redirectUriTemplate;
|
||||
private String jwkSetUri;
|
||||
private String authorizationGrantType;
|
||||
private String clientAuthenticationMethod;
|
||||
private String userInfoUri;
|
||||
private String userNameAttributeName;
|
||||
private OAuth2ClientMapperConfig mapperConfig;
|
||||
|
||||
}
|
||||
@ -1,47 +0,0 @@
|
||||
/**
|
||||
* Copyright © 2016-2020 The Thingsboard Authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.thingsboard.server.dao.oauth2;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class OAuth2ClientMapperConfig {
|
||||
|
||||
private boolean allowUserCreation;
|
||||
private boolean activateUser;
|
||||
private String type;
|
||||
private BasicOAuth2ClientMapperConfig basic;
|
||||
private CustomOAuth2ClientMapperConfig custom;
|
||||
|
||||
@Data
|
||||
public static class BasicOAuth2ClientMapperConfig {
|
||||
private String emailAttributeKey;
|
||||
private String firstNameAttributeKey;
|
||||
private String lastNameAttributeKey;
|
||||
private String tenantNameStrategy;
|
||||
private String tenantNamePattern;
|
||||
private String customerNamePattern;
|
||||
private boolean alwaysFullScreen;
|
||||
private String defaultDashboardName;
|
||||
}
|
||||
|
||||
@Data
|
||||
public static class CustomOAuth2ClientMapperConfig {
|
||||
private String url;
|
||||
private String username;
|
||||
private String password;
|
||||
}
|
||||
}
|
||||
@ -17,29 +17,13 @@ package org.thingsboard.server.dao.oauth2;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Configuration
|
||||
@ConditionalOnProperty(prefix = "security.oauth2", value = "enabled", havingValue = "true")
|
||||
@ConfigurationProperties(prefix = "security.oauth2")
|
||||
@Data
|
||||
@Slf4j
|
||||
public class OAuth2Configuration {
|
||||
|
||||
private boolean enabled;
|
||||
private String loginProcessingUrl;
|
||||
private Map<String, OAuth2Client> clients = new HashMap<>();
|
||||
}
|
||||
|
||||
@ -39,20 +39,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
|
||||
|
||||
@Override
|
||||
public List<OAuth2ClientInfo> getOAuth2Clients() {
|
||||
if (oauth2Configuration == null || !oauth2Configuration.isEnabled()) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
Stream<OAuth2ClientInfo> startUpConfiguration = oauth2Configuration.getClients().entrySet().stream()
|
||||
.map(entry -> {
|
||||
OAuth2ClientInfo client = new OAuth2ClientInfo();
|
||||
client.setName(entry.getValue().getLoginButtonLabel());
|
||||
client.setUrl(String.format(OAUTH2_AUTHORIZATION_PATH_TEMPLATE, entry.getKey()));
|
||||
client.setIcon(entry.getValue().getLoginButtonIcon());
|
||||
return client;
|
||||
});
|
||||
|
||||
return startUpConfiguration.collect(Collectors.toList());
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -102,64 +89,6 @@ public class OAuth2ServiceImpl implements OAuth2Service {
|
||||
|
||||
@Override
|
||||
public OAuth2ClientRegistration getClientRegistration(String registrationId) {
|
||||
if (oauth2Configuration == null || !oauth2Configuration.isEnabled()) return null;
|
||||
OAuth2Client oAuth2Client = oauth2Configuration.getClients() == null ? null : oauth2Configuration.getClients().get(registrationId);
|
||||
if (oAuth2Client != null){
|
||||
return toClientRegistration(registrationId, oAuth2Client);
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private OAuth2ClientRegistration toClientRegistration(String registrationId, OAuth2Client oAuth2Client) {
|
||||
OAuth2ClientMapperConfig mapperConfig = oAuth2Client.getMapperConfig();
|
||||
OAuth2ClientMapperConfig.BasicOAuth2ClientMapperConfig basicConfig = mapperConfig.getBasic();
|
||||
OAuth2ClientMapperConfig.CustomOAuth2ClientMapperConfig customConfig = mapperConfig.getCustom();
|
||||
|
||||
return OAuth2ClientRegistration.builder()
|
||||
.registrationId(registrationId)
|
||||
.mapperConfig(OAuth2MapperConfig.builder()
|
||||
.allowUserCreation(mapperConfig.isAllowUserCreation())
|
||||
.activateUser(mapperConfig.isActivateUser())
|
||||
.type(MapperType.valueOf(
|
||||
mapperConfig.getType().toUpperCase()
|
||||
))
|
||||
.basicConfig(
|
||||
OAuth2BasicMapperConfig.builder()
|
||||
.emailAttributeKey(basicConfig.getEmailAttributeKey())
|
||||
.firstNameAttributeKey(basicConfig.getFirstNameAttributeKey())
|
||||
.lastNameAttributeKey(basicConfig.getLastNameAttributeKey())
|
||||
.tenantNameStrategy(TenantNameStrategyType.valueOf(
|
||||
basicConfig.getTenantNameStrategy().toUpperCase()
|
||||
))
|
||||
.tenantNamePattern(basicConfig.getTenantNamePattern())
|
||||
.customerNamePattern(basicConfig.getCustomerNamePattern())
|
||||
.defaultDashboardName(basicConfig.getDefaultDashboardName())
|
||||
.alwaysFullScreen(basicConfig.isAlwaysFullScreen())
|
||||
.build()
|
||||
)
|
||||
.customConfig(
|
||||
OAuth2CustomMapperConfig.builder()
|
||||
.url(customConfig.getUrl())
|
||||
.username(customConfig.getUsername())
|
||||
.password(customConfig.getPassword())
|
||||
.build()
|
||||
)
|
||||
.build())
|
||||
.clientId(oAuth2Client.getClientId())
|
||||
.clientSecret(oAuth2Client.getClientSecret())
|
||||
.authorizationUri(oAuth2Client.getAuthorizationUri())
|
||||
.tokenUri(oAuth2Client.getAccessTokenUri())
|
||||
.redirectUriTemplate(oAuth2Client.getRedirectUriTemplate())
|
||||
.scope(oAuth2Client.getScope())
|
||||
.authorizationGrantType(oAuth2Client.getAuthorizationGrantType())
|
||||
.userInfoUri(oAuth2Client.getUserInfoUri())
|
||||
.userNameAttributeName(oAuth2Client.getUserNameAttributeName())
|
||||
.jwkSetUri(oAuth2Client.getJwkSetUri())
|
||||
.clientAuthenticationMethod(oAuth2Client.getClientAuthenticationMethod())
|
||||
.clientName(oAuth2Client.getClientName())
|
||||
.loginButtonLabel(oAuth2Client.getLoginButtonLabel())
|
||||
.loginButtonIcon(oAuth2Client.getLoginButtonIcon())
|
||||
.build();
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user