mzottola · mzottola · Jan 8, 2022
diff --git a/...kotlin/com/microservice/arch/authenticationservice/controller/AuthenticationController.kt b/...kotlin/com/microservice/arch/authenticationservice/controller/AuthenticationController.kt
@@ -1,5 +1,6 @@
 package com.microservice.arch.authenticationservice.controller
 
+import com.microservice.arch.authenticationservice.repository.ApiKeyRepositoryStub
 import com.microservice.arch.authenticationservice.repository.UserRepository
 import com.microservice.arch.authenticationservice.service.JwtParseException
 import com.microservice.arch.authenticationservice.service.JwtService
@@ -10,7 +11,6 @@ import org.springframework.web.bind.annotation.ControllerAdvice
 import org.springframework.web.bind.annotation.ExceptionHandler
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RequestBody
-import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.context.request.WebRequest
 import javax.servlet.http.HttpServletRequest
@@ -19,6 +19,7 @@ import javax.servlet.http.HttpServletRequest
 @RestController
 class AuthenticationController(
     private val userRepository: UserRepository,
+    private val apiKeyRepositoryStub: ApiKeyRepositoryStub,
     private val jwtService: JwtService
 ) {
 
@@ -45,18 +46,27 @@ class AuthenticationController(
     @GetMapping("/user-info")
     fun userInfo(request: HttpServletRequest): ResponseEntity<UserInformationDto> {
         val jwt = request.getHeader("Authorization").substring("Bearer ".length)
-            ?: return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(null)
         return jwtService
             .extractUserFromJwt(jwt).let {
                 ResponseEntity.ok(
                     UserInformationDto(it.username, it.authorities)
                 )
             }
     }
+
+    @GetMapping("/api-key-info")
+    fun apiKeyInfo(request: HttpServletRequest): ResponseEntity<ApiKeyInformationDto> {
+        val apiKeyStr = request.getHeader("X-API-KEY")
+            ?: return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(null)
+        return apiKeyRepositoryStub.validate(apiKeyStr).let {
+            ResponseEntity.ok(ApiKeyInformationDto(it))
+        }
+    }
 }
 
 data class UserPasswordDto(var username: String, var password: String)
 data class UserInformationDto(val username: String, val authorities: Set<String>)
+data class ApiKeyInformationDto(val authorities: Set<String>)
 
 @ControllerAdvice
 class ExceptionControllerAdvice {

diff --git a/...tion-service/src/main/kotlin/com/microservice/arch/authenticationservice/domain/ApiKey.kt b/...tion-service/src/main/kotlin/com/microservice/arch/authenticationservice/domain/ApiKey.kt
@@ -0,0 +1,7 @@
+package com.microservice.arch.authenticationservice.domain
+
+class ApiKey(
+    val content: String,
+    val authorities: Set<String>,
+)
+
diff --git a/...rc/main/kotlin/com/microservice/arch/authenticationservice/repository/ApiKeyRepository.kt b/...rc/main/kotlin/com/microservice/arch/authenticationservice/repository/ApiKeyRepository.kt
@@ -0,0 +1,5 @@
+package com.microservice.arch.authenticationservice.repository
+
+interface ApiKeyRepository {
+    fun validate(apiKey: String): Set<String>
+}
diff --git a/...ain/kotlin/com/microservice/arch/authenticationservice/repository/ApiKeyRepositoryStub.kt b/...ain/kotlin/com/microservice/arch/authenticationservice/repository/ApiKeyRepositoryStub.kt
@@ -0,0 +1,15 @@
+package com.microservice.arch.authenticationservice.repository
+
+import com.microservice.arch.authenticationservice.domain.ApiKey
+import org.springframework.stereotype.Repository
+
+@Repository
+class ApiKeyRepositoryStub : ApiKeyRepository {
+
+    private val apiKeys = setOf(
+        ApiKey("AZERTYUIOP12345", setOf("ROLE_API_KEY"))
+    )
+
+    override fun validate(apiKey: String): Set<String> =
+        apiKeys.find { it.content == apiKey }!!.authorities
+}
diff --git a/foobar-service/pom.xml b/foobar-service/pom.xml
@@ -39,10 +39,6 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
         </dependency>
-<!--        <dependency>-->
-<!--            <groupId>org.springframework.cloud</groupId>-->
-<!--            <artifactId>spring-cloud-starter-loadbalancer</artifactId>-->
-<!--        </dependency>-->
 
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>

diff --git a/...r-service/src/main/kotlin/com/microservice/arch/foobarservice/FoobarServiceApplication.kt b/...r-service/src/main/kotlin/com/microservice/arch/foobarservice/FoobarServiceApplication.kt
@@ -34,7 +34,7 @@ class FooBarController {
     }
 
     @GetMapping("/admin")
-    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('ROLE_ADMIN', 'ROLE_API_KEY')")
     fun admin(): String {
         return "Admin restricted"
     }

diff --git a/...-service/src/main/kotlin/com/microservice/arch/foobarservice/security/JwtRequestFilter.kt b/...-service/src/main/kotlin/com/microservice/arch/foobarservice/security/JwtRequestFilter.kt
@@ -21,17 +21,27 @@ class JwtRequestFilter(
         filterChain: FilterChain
     ) {
         val header = request.getHeader("Authorization")
-        println("Jwt : $header")
-        if (header == null) {
+        val apiKey = request.getHeader("X-API-KEY")
+        if (header == null && apiKey == null) {
             response.status = HttpStatus.UNAUTHORIZED.value()
         } else {
-            val userDto = authenticationService.findUser(header)
-            SecurityContextHolder.getContext().authentication =
-                UsernamePasswordAuthenticationToken(
-                    userDto.username,
-                    null,
-                    userDto.authorities.map { SimpleGrantedAuthority(it) }
-                )
+            if (header != null) {
+                val userDto = authenticationService.findUser(header)
+                SecurityContextHolder.getContext().authentication =
+                    UsernamePasswordAuthenticationToken(
+                        userDto.username,
+                        null,
+                        userDto.authorities.map { SimpleGrantedAuthority(it) }
+                    )
+            } else {
+                val apiKeyAuthorities = authenticationService.findApiKeyAuthorities(apiKey)
+                SecurityContextHolder.getContext().authentication =
+                    UsernamePasswordAuthenticationToken(
+                        null,
+                        null,
+                        apiKeyAuthorities.authorities.map { SimpleGrantedAuthority(it) }
+                    )
+            }
         }
         filterChain.doFilter(request, response)
     }

diff --git a/...vice/src/main/kotlin/com/microservice/arch/foobarservice/service/AuthenticationService.kt b/...vice/src/main/kotlin/com/microservice/arch/foobarservice/service/AuthenticationService.kt
@@ -9,9 +9,16 @@ import org.springframework.web.bind.annotation.RequestMethod
 interface AuthenticationService {
     @RequestMapping(value = ["/user-info"], method = [RequestMethod.GET])
     fun findUser(@RequestHeader("Authorization") jwt: String): UserDto
+
+    @RequestMapping(value = ["/api-key-info"], method = [RequestMethod.GET])
+    fun findApiKeyAuthorities(@RequestHeader("X-API-KEY") apiKey: String): ApiKeyInformationDto
 }
 
 data class UserDto(
     val username: String,
     val authorities: Set<String>
 )
+
+data class ApiKeyInformationDto(
+    val authorities: Set<String>
+)
diff --git a/gateway/src/main/kotlin/com/microservice/arch/gateway/AuthenticationFeignClient.kt b/gateway/src/main/kotlin/com/microservice/arch/gateway/AuthenticationFeignClient.kt
diff --git a/gateway/src/main/kotlin/com/microservice/arch/gateway/GatewayApplication.kt b/gateway/src/main/kotlin/com/microservice/arch/gateway/GatewayApplication.kt
@@ -3,11 +3,9 @@ package com.microservice.arch.gateway
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.runApplication
 import org.springframework.cloud.netflix.eureka.EnableEurekaClient
-import org.springframework.cloud.openfeign.EnableFeignClients
 
 @SpringBootApplication
 @EnableEurekaClient
-@EnableFeignClients(basePackages = ["com.microservice.arch.gateway"])
 class GatewayApplication
 
 fun main(args: Array<String>) {

diff --git a/gateway/src/main/kotlin/com/microservice/arch/gateway/GatewayGlobalFilter.kt b/gateway/src/main/kotlin/com/microservice/arch/gateway/GatewayGlobalFilter.kt
@@ -20,10 +20,25 @@ class GatewayGlobalFilter : GlobalFilter, Ordered {
         }
         val path = request.path.toString()
 
-        if (path.startsWith("/auth")) {
+        if (path.startsWith("/auth/login")) {
             return chain!!.filter(exchange)
         }
 
+        if (request.headers.getOrEmpty("X-API-KEY").isNotEmpty()) {
+            return WebClient
+                .create("http://localhost:8083/")
+                .get()
+                .uri("/api-key-info")
+                .accept(MediaType.APPLICATION_JSON)
+                .headers { httpHeaders -> httpHeaders.addAll(request.headers)}
+                .exchangeToMono {
+                    if (it.statusCode() != HttpStatus.OK) {
+                        exchange.response.statusCode = HttpStatus.UNAUTHORIZED
+                        return@exchangeToMono exchange.response.setComplete()
+                    }
+                    chain!!.filter(exchange)
+                }
+        }
         return WebClient
             .create("http://localhost:8083/")
             .get()