Removed .yml oauth2 configs

2020-06-22 18:20:51 +03:00 · 2020-06-22 18:20:51 +03:00 · ac8cfebe31
commit ac8cfebe31
parent a6eefa903e
6 changed files with 3 additions and 230 deletions
--- a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
@ -207,7 +207,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
                .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(buildWsJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
                .addFilterAfter(rateLimitProcessingFilter, UsernamePasswordAuthenticationFilter.class);
-        if (oauth2Configuration != null && oauth2Configuration.isEnabled()) {
+        if (oauth2Configuration != null) {
            http.oauth2Login()
                    .loginPage("/oauth2Login")
                    .loginProcessingUrl(oauth2Configuration.getLoginProcessingUrl())
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -107,62 +107,8 @@ security:
  basic:
    enabled: "${SECURITY_BASIC_ENABLED:false}"
  oauth2:
    # Enable/disable OAuth 2 login functionality
    # For details please refer to https://thingsboard.io/docs/user-guide/oauth-2-support/
    enabled: "${SECURITY_OAUTH2_ENABLED:false}"
    # Redirect URL where access code from external user management system will be processed
    loginProcessingUrl: "${SECURITY_OAUTH2_LOGIN_PROCESSING_URL:/login/oauth2/code/}"
    # List of SSO clients
    clients:
      default:
        # Label that going to be show on login button - 'Login with {loginButtonLabel}'
        loginButtonLabel: "${SECURITY_OAUTH2_DEFAULT_LOGIN_BUTTON_LABEL:Default}"
        # Icon that going to be show on login button. Material design icon ID (https://material.angularjs.org/latest/api/directive/mdIcon)
        loginButtonIcon: "${SECURITY_OAUTH2_DEFAULT_LOGIN_BUTTON_ICON:}"
        clientName: "${SECURITY_OAUTH2_DEFAULT_CLIENT_NAME:ClientName}"
        clientId: "${SECURITY_OAUTH2_DEFAULT_CLIENT_ID:}"
        clientSecret: "${SECURITY_OAUTH2_DEFAULT_CLIENT_SECRET:}"
        accessTokenUri: "${SECURITY_OAUTH2_DEFAULT_ACCESS_TOKEN_URI:}"
        authorizationUri: "${SECURITY_OAUTH2_DEFAULT_AUTHORIZATION_URI:}"
        scope: "${SECURITY_OAUTH2_DEFAULT_SCOPE:}"
        # Redirect URL that must be in sync with 'security.oauth2.loginProcessingUrl', but domain name added
        redirectUriTemplate: "${SECURITY_OAUTH2_DEFAULT_REDIRECT_URI_TEMPLATE:http://localhost:8080/login/oauth2/code/}"
        jwkSetUri: "${SECURITY_OAUTH2_DEFAULT_JWK_SET_URI:}"
        # 'authorization_code', 'implicit', 'refresh_token' or 'client_credentials'
        authorizationGrantType: "${SECURITY_OAUTH2_DEFAULT_AUTHORIZATION_GRANT_TYPE:authorization_code}"
        clientAuthenticationMethod: "${SECURITY_OAUTH2_DEFAULT_CLIENT_AUTHENTICATION_METHOD:post}" # basic or post
        userInfoUri: "${SECURITY_OAUTH2_DEFAULT_USER_INFO_URI:}"
        userNameAttributeName: "${SECURITY_OAUTH2_DEFAULT_USER_NAME_ATTRIBUTE_NAME:email}"
        mapperConfig:
          # Allows to create user if it not exists
          allowUserCreation: "${SECURITY_OAUTH2_DEFAULT_MAPPER_ALLOW_USER_CREATION:true}"
          # Allows user to setup ThingsBoard internal password and login over default Login window
          activateUser: "${SECURITY_OAUTH2_DEFAULT_MAPPER_ACTIVATE_USER:false}"
          # Mapper type of converter from external user into internal - 'basic' or 'custom'
          type: "${SECURITY_OAUTH2_DEFAULT_MAPPER_TYPE:basic}"
          basic:
            # Key from attributes of external user object to use as email
            emailAttributeKey: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_EMAIL_ATTRIBUTE_KEY:email}"
            firstNameAttributeKey: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_FIRST_NAME_ATTRIBUTE_KEY:}"
            lastNameAttributeKey: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_LAST_NAME_ATTRIBUTE_KEY:}"
            # Strategy for generating Tenant from external user object - 'domain', 'email' or 'custom'
            # 'domain' - name of the Tenant will be extracted as domain from the email of the user
            # 'email' - name of the Tenant will email of the user
            # 'custom' - please configure 'tenantNamePattern' for custom mapping
            tenantNameStrategy: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_TENANT_NAME_STRATEGY:domain}"
            # %{attribute_key} as placeholder for attribute value of attributes of external user object
            tenantNamePattern: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_TENANT_NAME_PATTERN:}"
            # If this field is not empty, user will be created as a user under defined Customer
            # %{attribute_key} as placeholder for attribute value of attributes of external user object
            customerNamePattern: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_CUSTOMER_NAME_PATTERN:}"
            # If this field is not empty, user will be created with default defined Dashboard
            defaultDashboardName: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_DEFAULT_DASHBOARD_NAME:}"
            # If this field is set 'true' along with non-empty 'defaultDashboardName', user will start from the defined Dashboard in fullscreen mode
            alwaysFullScreen: "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_ALWAYS_FULL_SCREEN:false}"
          custom:
            url: "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_URL:}"
            username: "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_USERNAME:}"
            password: "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_PASSWORD:}"
 # Dashboard parameters
 dashboard:
--- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Client.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Client.java
@ -1,39 +0,0 @@
 /**
 * Copyright © 2016-2020 The Thingsboard Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.thingsboard.server.dao.oauth2;
 import lombok.Data;
@Data
 public class OAuth2Client {
    private String loginButtonLabel;
    private String loginButtonIcon;
    private String clientName;
    private String clientId;
    private String clientSecret;
    private String accessTokenUri;
    private String authorizationUri;
    private String scope;
    private String redirectUriTemplate;
    private String jwkSetUri;
    private String authorizationGrantType;
    private String clientAuthenticationMethod;
    private String userInfoUri;
    private String userNameAttributeName;
    private OAuth2ClientMapperConfig mapperConfig;
 }
--- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ClientMapperConfig.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ClientMapperConfig.java
@ -1,47 +0,0 @@
 /**
 * Copyright © 2016-2020 The Thingsboard Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.thingsboard.server.dao.oauth2;
 import lombok.Data;
@Data
 public class OAuth2ClientMapperConfig {
    private boolean allowUserCreation;
    private boolean activateUser;
    private String type;
    private BasicOAuth2ClientMapperConfig basic;
    private CustomOAuth2ClientMapperConfig custom;
    @Data
    public static class BasicOAuth2ClientMapperConfig {
        private String emailAttributeKey;
        private String firstNameAttributeKey;
        private String lastNameAttributeKey;
        private String tenantNameStrategy;
        private String tenantNamePattern;
        private String customerNamePattern;
        private boolean alwaysFullScreen;
        private String defaultDashboardName;
    }
    @Data
    public static class CustomOAuth2ClientMapperConfig {
        private String url;
        private String username;
        private String password;
    }
 }
--- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Configuration.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2Configuration.java
@ -17,29 +17,13 @@ package org.thingsboard.server.dao.oauth2;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@Configuration
@ConditionalOnProperty(prefix = "security.oauth2", value = "enabled", havingValue = "true")
@ConfigurationProperties(prefix = "security.oauth2")
@Data
@Slf4j
 public class OAuth2Configuration {
    private boolean enabled;
    private String loginProcessingUrl;
    private Map<String, OAuth2Client> clients = new HashMap<>();
 }
--- a/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.java
@ -39,22 +39,9 @@ public class OAuth2ServiceImpl implements OAuth2Service {
    @Override
    public List<OAuth2ClientInfo> getOAuth2Clients() {
        if (oauth2Configuration == null || !oauth2Configuration.isEnabled()) {
        return Collections.emptyList();
    }
        Stream<OAuth2ClientInfo> startUpConfiguration = oauth2Configuration.getClients().entrySet().stream()
                .map(entry -> {
                    OAuth2ClientInfo client = new OAuth2ClientInfo();
                    client.setName(entry.getValue().getLoginButtonLabel());
                    client.setUrl(String.format(OAUTH2_AUTHORIZATION_PATH_TEMPLATE, entry.getKey()));
                    client.setIcon(entry.getValue().getLoginButtonIcon());
                    return client;
                });
        return startUpConfiguration.collect(Collectors.toList());
    }
    @Override
    public List<OAuth2ClientRegistration> getSystemOAuth2ClientRegistrations(TenantId tenantId) {
        return null;
@ -102,64 +89,6 @@ public class OAuth2ServiceImpl implements OAuth2Service {
    @Override
    public OAuth2ClientRegistration getClientRegistration(String registrationId) {
        if (oauth2Configuration == null || !oauth2Configuration.isEnabled()) return null;
        OAuth2Client oAuth2Client = oauth2Configuration.getClients() == null ? null : oauth2Configuration.getClients().get(registrationId);
        if (oAuth2Client != null){
            return toClientRegistration(registrationId, oAuth2Client);
        } else {
        return null;
    }
    }
    private OAuth2ClientRegistration toClientRegistration(String registrationId, OAuth2Client oAuth2Client) {
        OAuth2ClientMapperConfig mapperConfig = oAuth2Client.getMapperConfig();
        OAuth2ClientMapperConfig.BasicOAuth2ClientMapperConfig basicConfig = mapperConfig.getBasic();
        OAuth2ClientMapperConfig.CustomOAuth2ClientMapperConfig customConfig = mapperConfig.getCustom();
        return OAuth2ClientRegistration.builder()
                .registrationId(registrationId)
                .mapperConfig(OAuth2MapperConfig.builder()
                        .allowUserCreation(mapperConfig.isAllowUserCreation())
                        .activateUser(mapperConfig.isActivateUser())
                        .type(MapperType.valueOf(
                                mapperConfig.getType().toUpperCase()
                        ))
                        .basicConfig(
                                OAuth2BasicMapperConfig.builder()
                                        .emailAttributeKey(basicConfig.getEmailAttributeKey())
                                        .firstNameAttributeKey(basicConfig.getFirstNameAttributeKey())
                                        .lastNameAttributeKey(basicConfig.getLastNameAttributeKey())
                                        .tenantNameStrategy(TenantNameStrategyType.valueOf(
                                                basicConfig.getTenantNameStrategy().toUpperCase()
                                        ))
                                        .tenantNamePattern(basicConfig.getTenantNamePattern())
                                        .customerNamePattern(basicConfig.getCustomerNamePattern())
                                        .defaultDashboardName(basicConfig.getDefaultDashboardName())
                                        .alwaysFullScreen(basicConfig.isAlwaysFullScreen())
                                        .build()
                        )
                        .customConfig(
                                OAuth2CustomMapperConfig.builder()
                                        .url(customConfig.getUrl())
                                        .username(customConfig.getUsername())
                                        .password(customConfig.getPassword())
                                        .build()
                        )
                        .build())
                .clientId(oAuth2Client.getClientId())
                .clientSecret(oAuth2Client.getClientSecret())
                .authorizationUri(oAuth2Client.getAuthorizationUri())
                .tokenUri(oAuth2Client.getAccessTokenUri())
                .redirectUriTemplate(oAuth2Client.getRedirectUriTemplate())
                .scope(oAuth2Client.getScope())
                .authorizationGrantType(oAuth2Client.getAuthorizationGrantType())
                .userInfoUri(oAuth2Client.getUserInfoUri())
                .userNameAttributeName(oAuth2Client.getUserNameAttributeName())
                .jwkSetUri(oAuth2Client.getJwkSetUri())
                .clientAuthenticationMethod(oAuth2Client.getClientAuthenticationMethod())
                .clientName(oAuth2Client.getClientName())
                .loginButtonLabel(oAuth2Client.getLoginButtonLabel())
                .loginButtonIcon(oAuth2Client.getLoginButtonIcon())
                .build();
    }
 }