feat: set up config for oauth resource server with custom jwt decoder

Author: joshbaskaran

services/localega-tsd-proxy/src/main/java/no/elixir/fega/ltp/LocalEGATSDProxyApplication.java

@@ -81,6 +81,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     .authenticated()
                     .requestMatchers("/user")
                     .authenticated())
+        .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
         .oauth2Login(
             auth ->
                 auth.redirectionEndpoint(endpoint -> endpoint.baseUri("/oidc-protected"))

services/localega-tsd-proxy/src/main/java/no/elixir/fega/ltp/config/JwtDecoderConfig.java

@@ -0,0 +1,26 @@
+package no.elixir.fega.ltp.config;
+
+import com.github.benmanes.caffeine.cache.Caffeine;
+import java.util.concurrent.TimeUnit;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cache.Cache;
+import org.springframework.cache.caffeine.CaffeineCache;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+
+@Configuration
+public class JwtDecoderConfig {
+
+  @Bean
+  public JwtDecoder jwtDecoder(@Value("${aai.service-base-url}") String aaiBase) {
+
+    com.github.benmanes.caffeine.cache.Cache<Object, Object> nativeCache =
+        Caffeine.newBuilder().expireAfterWrite(60, TimeUnit.MINUTES).maximumSize(100).build();
+
+    Cache jwkCache = new CaffeineCache("jwkCache", nativeCache);
+
+    return NimbusJwtDecoder.withJwkSetUri(aaiBase + "/oidc/jwk").cache(jwkCache).build();
+  }
+}