Skip to content

Commit

Permalink
change/clientcredential_factory (#3695)
Browse files Browse the repository at this point in the history
Lagt til ClientCredentialAutoConfiguration og TokenServiceAutoConfiguration for lettere håndtering av config fra NAIS.
  • Loading branch information
rfc3092 authored Dec 19, 2024
1 parent 8f6bf98 commit 879a1b8
Show file tree
Hide file tree
Showing 64 changed files with 561 additions and 261 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ spring:
application:
version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle
name: endringsmelding-service
desciption: Tjeneste for å sende endringsmeldinger
description: Tjeneste for å sende endringsmeldinger
security:
oauth2:
resourceserver:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ spring:
application:
version: application.version.todo
name: testnav-organisasjon-tilgang-service
desciption: Tjeneste for hente og sette tilganger for orgnisasjoner
description: Tjeneste for hente og sette tilganger for orgnisasjoner
security:
oauth2:
resourceserver:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package no.nav.registre.testnorge.profil.service;

import lombok.extern.slf4j.Slf4j;
import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
Expand All @@ -15,21 +16,19 @@

import no.nav.testnav.libs.securitycore.command.azuread.OnBehalfOfExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedToken;

@Slf4j
@Service
public class AzureAdTokenService {
private final WebClient webClient;
private final ClientCredential clientCredential;
private final AzureClientCredential clientCredential;
private final GetAuthenticatedToken getAuthenticatedToken;

public AzureAdTokenService(
@Value("${http.proxy:#{null}}") String proxyHost,
@Value("${AAD_ISSUER_URI}") String issuerUrl,
AzureNavClientCredential clientCredential,
AzureClientCredential clientCredential,
GetAuthenticatedToken getAuthenticatedToken
) {
log.info("Init custom AzureAd token exchange.");
Expand Down
2 changes: 1 addition & 1 deletion apps/profil-api/src/main/resources/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ spring:
application:
version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle
name: testnorge-profil-api
desciption: API for hente ut profil fra Azure Ad
description: API for hente ut profil fra Azure Ad
cluster: dev-gcp
namespace: dolly
security:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ spring:
application:
version: 1
name: testnav-tenor-search-service
desciption: Tjeneste som formidler søk til Tenor testdata hos Skatteetaten
description: Tjeneste som formidler søk til Tenor testdata hos Skatteetaten
security:
oauth2:
resourceserver:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,48 +1,35 @@
package no.nav.testnav.libs.reactivesecurity.config;

import no.nav.testnav.libs.reactivesecurity.domain.AzureNavProxyClientCredential;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService;
import no.nav.testnav.libs.reactivesecurity.properties.TrygdeetatenAzureAdResourceServerProperties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;

import java.util.List;

import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedResourceServerType;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedToken;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId;
import no.nav.testnav.libs.reactivesecurity.domain.AzureTrygdeetatenClientCredential;
import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureAdTokenService;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
import no.nav.testnav.libs.reactivesecurity.exchange.tokenx.TokenXService;
import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager;
import no.nav.testnav.libs.reactivesecurity.properties.AzureAdResourceServerProperties;
import no.nav.testnav.libs.reactivesecurity.properties.ResourceServerProperties;
import no.nav.testnav.libs.reactivesecurity.properties.TokenxResourceServerProperties;
import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
import no.nav.testnav.libs.reactivesecurity.properties.TrygdeetatenAzureAdResourceServerProperties;
import no.nav.testnav.libs.securitycore.domain.tokenx.TokenXProperties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;

import java.util.List;

@Configuration
@Import({
AzureNavClientCredential.class,
TokenXService.class,
TokenxResourceServerProperties.class,
AzureAdResourceServerProperties.class,
TrygdeetatenAzureAdResourceServerProperties.class,
AzureAdTokenService.class,
TokenExchange.class,
GetAuthenticatedUserId.class,
GetAuthenticatedResourceServerType.class,
GetAuthenticatedToken.class,
TokenXProperties.class,
AzureTrygdeetatenClientCredential.class,
TrygdeetatenAzureAdTokenService.class,
AzureNavProxyClientCredential.class,
NavAzureAdTokenService.class
TokenXProperties.class
})
public class SecureOAuth2ServerToServerConfiguration {

Expand Down

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
package no.nav.testnav.libs.reactivesecurity.exchange;

import com.fasterxml.jackson.databind.ObjectMapper;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedToken;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTokenService;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureNavTokenService;
import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.azuread.*;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Profile;
import org.springframework.util.Assert;

@AutoConfiguration(after = ClientCredentialAutoConfiguration.class)
public class TokenServiceAutoConfiguration {

@Value("${HTTP_PROXY:#{null}}")
private String httpProxy;

@Primary
@Bean
@Profile("test")
AzureTokenService azureAdTokenServiceTest(
AzureClientCredential clientCredential,
GetAuthenticatedToken getAuthenticatedToken
) {
return new AzureTokenService(null, null, clientCredential, getAuthenticatedToken);
}

@Bean
@ConditionalOnDollyApplicationConfiguredForAzure
@ConditionalOnMissingBean(AzureTokenService.class)
AzureTokenService azureAdTokenService(
@Value("${AAD_ISSUER_URI:#{null}}") String issuerUrl,
AzureClientCredential clientCredential,
GetAuthenticatedToken getAuthenticatedToken
) {
Assert.notNull(issuerUrl, "AAD_ISSUER_URI must be set");
return new AzureTokenService(httpProxy, issuerUrl, clientCredential, getAuthenticatedToken);
}

@Primary
@Bean
@Profile("test")
AzureNavTokenService azureNavTokenServiceTest(
AzureNavClientCredential azureNavClientCredential
) {
return new AzureNavTokenService(null, azureNavClientCredential);
}

@Bean
@ConditionalOnDollyApplicationConfiguredForNav
@ConditionalOnMissingBean(AzureNavTokenService.class)
AzureNavTokenService azureNavTokenService(
AzureNavClientCredential azureNavClientCredential
) {
return new AzureNavTokenService(httpProxy, azureNavClientCredential);
}

@Primary
@Bean
@Profile("test")
AzureTrygdeetatenTokenService trygdeetatenAzureAdTokenServiceTest(
AzureTrygdeetatenClientCredential clientCredential,
GetAuthenticatedUserId getAuthenticatedUserId,
ObjectMapper objectMapper
) {
return new AzureTrygdeetatenTokenService(null, clientCredential, getAuthenticatedUserId, objectMapper);
}

@Bean
@ConditionalOnDollyApplicationConfiguredForTrygdeetaten
@ConditionalOnMissingBean(AzureTrygdeetatenTokenService.class)
AzureTrygdeetatenTokenService trygdeetatenAzureAdTokenService(
AzureTrygdeetatenClientCredential clientCredential,
GetAuthenticatedUserId getAuthenticatedUserId,
ObjectMapper objectMapper
) {
return new AzureTrygdeetatenTokenService(httpProxy, clientCredential, getAuthenticatedUserId, objectMapper);
}

}
Original file line number Diff line number Diff line change
@@ -1,58 +1,60 @@
package no.nav.testnav.libs.reactivesecurity.exchange.azuread;

import lombok.extern.slf4j.Slf4j;
import no.nav.testnav.libs.reactivesecurity.domain.AzureNavProxyClientCredential;
import org.springframework.beans.factory.annotation.Value;
import no.nav.testnav.libs.reactivesecurity.exchange.TokenService;
import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ResourceServerType;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;
import reactor.netty.transport.ProxyProvider;

import java.net.URI;

import no.nav.testnav.libs.reactivesecurity.exchange.ExchangeToken;
import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;

@Slf4j
@Service
public class NavAzureAdTokenService implements ExchangeToken {
public class AzureNavTokenService implements TokenService {

private final WebClient webClient;
private final ClientCredential clientCredential;

public NavAzureAdTokenService(
@Value("${http.proxy:#{null}}") String proxyHost,
AzureNavProxyClientCredential azureNavProxyClientCredential
public AzureNavTokenService(
String proxyHost,
AzureNavClientCredential azureNavClientCredential
) {
this.clientCredential = azureNavProxyClientCredential;
this.clientCredential = azureNavClientCredential;
log.info("Init AzureAd Nav token service.");
WebClient.Builder builder = WebClient
.builder()
.baseUrl(azureNavProxyClientCredential.getTokenEndpoint())
.baseUrl(azureNavClientCredential.getTokenEndpoint())
.defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE);

if (proxyHost != null) {
log.trace("Setter opp proxy host {} for Client Credentials", proxyHost);
var uri = URI.create(proxyHost);
HttpClient httpClient = HttpClient
.create()
.proxy(proxy -> proxy
.type(ProxyProvider.Proxy.HTTP)
.host(uri.getHost())
.port(uri.getPort()));
.create()
.proxy(proxy -> proxy
.type(ProxyProvider.Proxy.HTTP)
.host(uri.getHost())
.port(uri.getPort()));
builder.clientConnector(new ReactorClientHttpConnector(httpClient));
}
this.webClient = builder.build();

}

@Override
public ResourceServerType getType() {
return ResourceServerType.AZURE_AD;
}

@Override
public Mono<AccessToken> exchange(ServerProperties serverProperties) {
return new ClientCredentialExchangeCommand(
Expand Down
Loading

0 comments on commit 879a1b8

Please sign in to comment.