-
Notifications
You must be signed in to change notification settings - Fork 430
/
GrpcSecurity.java
93 lines (77 loc) · 3.94 KB
/
GrpcSecurity.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package org.lognet.springboot.grpc.security;
import io.grpc.Context;
import io.grpc.ServerInterceptor;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityBuilder;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import java.util.Arrays;
public class GrpcSecurity extends AbstractConfiguredSecurityBuilder<ServerInterceptor, GrpcSecurity>
implements SecurityBuilder<ServerInterceptor>, ApplicationContextAware {
private ApplicationContext applicationContext;
public static final Context.Key<Authentication> AUTHENTICATION_CONTEXT_KEY = Context.key("AUTHENTICATION");
public GrpcSecurity(ObjectPostProcessor<Object> objectPostProcessor) {
super(objectPostProcessor);
}
public GrpcServiceAuthorizationConfigurer.Registry authorizeRequests()
throws Exception {
return getOrApply(new GrpcServiceAuthorizationConfigurer (applicationContext))
.getRegistry();
}
public GrpcSecurity userDetailsService(UserDetailsService userDetailsService)
throws Exception {
getAuthenticationRegistry().userDetailsService(userDetailsService);
return this;
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
public ApplicationContext getApplicationContext() {
return applicationContext;
}
public GrpcSecurity authenticationSchemeSelector(AuthenticationSchemeSelector selector) {
getAuthenticationSchemeService().register(selector);
return this;
}
public GrpcSecurity authenticationProvider(AuthenticationProvider authenticationProvider) {
getAuthenticationRegistry().authenticationProvider(authenticationProvider);
return this;
}
@Override
protected void beforeConfigure() throws Exception {
}
@Override
protected ServerInterceptor performBuild() throws Exception {
final SecurityInterceptor securityInterceptor = new SecurityInterceptor(getSharedObject(GrpcSecurityMetadataSource.class),
getAuthenticationSchemeService());
securityInterceptor.setAuthenticationManager(getSharedObject(AuthenticationManagerBuilder.class).build());
final RoleVoter scopeVoter = new RoleVoter();
scopeVoter.setRolePrefix("SCOPE_");
securityInterceptor.setAccessDecisionManager(new AffirmativeBased(Arrays.asList(new RoleVoter(),scopeVoter, new AuthenticatedAttributeVoter())));
return securityInterceptor;
}
@SuppressWarnings("unchecked")
private <C extends SecurityConfigurerAdapter<ServerInterceptor, GrpcSecurity>> C getOrApply(C configurer) throws Exception {
C existingConfig = (C) getConfigurer(configurer.getClass());
if (existingConfig != null) {
return existingConfig;
}
return apply(configurer);
}
private AuthenticationManagerBuilder getAuthenticationRegistry() {
return getSharedObject(AuthenticationManagerBuilder.class);
}
private AuthenticationSchemeService getAuthenticationSchemeService() {
return getSharedObject(AuthenticationSchemeService.class);
}
}