Merge pull request #37 from FrogDevelopment/feature/extended_authentication

FrogDevelopper · web-flow · commit 7b2f5c77bfc3 · 2020-09-17T22:52:02.000+02:00
Feature/extended authentication
diff --git a/build.gradle b/build.gradle
@@ -16,8 +16,6 @@ sourceCompatibility = JavaVersion.VERSION_11
 targetCompatibility = JavaVersion.VERSION_11
 
 repositories {
-    mavenLocal()
-    mavenCentral()
     jcenter()
 }
 
@@ -38,7 +36,8 @@ dependencies {
     implementation 'javax.servlet:javax.servlet-api:4.0.1'
     implementation 'javax.xml.bind:jaxb-api:2.3.1'
 
-    compileOnly 'org.jetbrains:annotations:20.0.0'
+    compileOnly 'org.jetbrains:annotations:20.1.0'
+    compileOnly 'org.springframework.security:spring-security-test'
 
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.springframework.security:spring-security-test'
@@ -101,24 +100,24 @@ artifacts {
 
 // To specify a license in the pom:
 install {
-  repositories.mavenInstaller {
-    pom.project {
-      licenses {
-        license {
-          name 'The Apache Software License, Version 2.0'
-          url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
-          distribution 'repo'
+    repositories.mavenInstaller {
+        pom.project {
+            licenses {
+                license {
+                    name 'The Apache Software License, Version 2.0'
+                    url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
+                    distribution 'repo'
+                }
+            }
         }
-      }
     }
-  }
 }
 
 jar {
     enabled true
 }
 
 wrapper {
-    gradleVersion = "6.4"
+    gradleVersion = "6.6.1"
     distributionType = Wrapper.DistributionType.ALL
 }
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.4-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.6.1-all.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/src/main/java/fr/frogdevelopment/jwt/JwtAuthenticationToken.java b/src/main/java/fr/frogdevelopment/jwt/JwtAuthenticationToken.java
@@ -1,27 +1,58 @@
 package fr.frogdevelopment.jwt;
 
+import static java.util.Collections.emptyList;
+import static java.util.stream.Collectors.toUnmodifiableList;
+import static java.util.stream.Collectors.toUnmodifiableMap;
+
+import io.jsonwebtoken.Claims;
 import java.util.Collection;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-public class JwtAuthenticationToken extends AbstractAuthenticationToken {
+public class JwtAuthenticationToken implements Authentication {
+
+    public static final String AUTHORITIES_KEY = "authorities";
 
+    @Getter
     private final String principal;
+    @Getter
+    private final String name;
+    @Getter
+    private final Collection<GrantedAuthority> authorities;
+    @Getter
+    private final Map<String, Object> details;
+    @Getter
+    @Setter
+    private boolean authenticated;
 
-    JwtAuthenticationToken(String principal, Collection<SimpleGrantedAuthority> authorities) {
-        super(authorities);
-        this.principal = principal;
-        super.setAuthenticated(true);
+    public JwtAuthenticationToken(Claims claims) {
+        this.principal = claims.getSubject();
+        this.name = claims.getSubject();
+        //noinspection unchecked
+        this.authorities = ((List<String>) claims.getOrDefault(AUTHORITIES_KEY, emptyList()))
+                .stream()
+                .map(SimpleGrantedAuthority::new)
+                .collect(toUnmodifiableList());
+        this.details = claims.entrySet()
+                .stream()
+                .filter(entry -> !AUTHORITIES_KEY.equals(entry.getKey()))
+                .collect(toUnmodifiableMap(Entry::getKey, Entry::getValue));
+        this.authenticated = true;
     }
 
-    @Override
-    public String getCredentials() {
-        return null;
+    public Object getDetail(String key) {
+        return details.get(key);
     }
 
     @Override
-    public String getPrincipal() {
-        return principal;
+    public String getCredentials() {
+        return null;
     }
 
 }
diff --git a/src/main/java/fr/frogdevelopment/jwt/JwtProcessTokenFilter.java b/src/main/java/fr/frogdevelopment/jwt/JwtProcessTokenFilter.java
@@ -34,7 +34,7 @@ private void resolveTokenAndSetAuthenticationOnSpringSecurityContext(@NonNull Ht
         try {
             log.debug("Resolve token and set authentication on Spring Security Context for request {}",
                     request.getRequestURL());
-            Authentication authentication = resolveTokenToAuthentication.call(request);
+            var authentication = resolveTokenToAuthentication.call(request);
 
             if (authentication != null) {
                 SecurityContextHolder.getContext().setAuthentication(authentication);
diff --git a/src/main/java/fr/frogdevelopment/jwt/ResolveTokenToAuthentication.java b/src/main/java/fr/frogdevelopment/jwt/ResolveTokenToAuthentication.java
@@ -1,18 +1,11 @@
 package fr.frogdevelopment.jwt;
 
-import io.jsonwebtoken.Claims;
-import java.util.List;
-import java.util.stream.Collectors;
 import javax.servlet.http.HttpServletRequest;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 class ResolveTokenToAuthentication {
 
-    static final String AUTHORITIES_KEY = "authorities";
-
     private final ResolveClaimsFromToken resolveClaimsFromToken;
     private final RetrieveTokenFromRequest retrieveTokenFromRequest;
 
@@ -22,22 +15,16 @@ class ResolveTokenToAuthentication {
         this.retrieveTokenFromRequest = retrieveTokenFromRequest;
     }
 
-    @Nullable Authentication call(@NotNull HttpServletRequest request) {
+    @Nullable
+    JwtAuthenticationToken call(@NotNull HttpServletRequest request) {
         var token = retrieveTokenFromRequest.call(request);
         if (token == null) {
             return null;
         }
 
         var claims = resolveClaimsFromToken.call(token);
 
-        return new JwtAuthenticationToken(claims.getSubject(), resolveAuthorities(claims));
+        return new JwtAuthenticationToken(claims);
     }
 
-    private List<SimpleGrantedAuthority> resolveAuthorities(@NotNull Claims claims) {
-        //noinspection unchecked
-        return ((List<String>) claims.get(AUTHORITIES_KEY, List.class))
-                .stream()
-                .map(SimpleGrantedAuthority::new)
-                .collect(Collectors.toList());
-    }
 }
diff --git a/src/main/java/fr/frogdevelopment/jwt/test/context/support/Claim.java b/src/main/java/fr/frogdevelopment/jwt/test/context/support/Claim.java
@@ -0,0 +1,15 @@
+package fr.frogdevelopment.jwt.test.context.support;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Claim {
+
+    String name() default "";
+
+    String value() default "";
+}
diff --git a/src/main/java/fr/frogdevelopment/jwt/test/context/support/WithMockJwtUser.java b/src/main/java/fr/frogdevelopment/jwt/test/context/support/WithMockJwtUser.java
@@ -0,0 +1,29 @@
+package fr.frogdevelopment.jwt.test.context.support;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.springframework.core.annotation.AliasFor;
+import org.springframework.security.test.context.support.TestExecutionEvent;
+import org.springframework.security.test.context.support.WithSecurityContext;
+
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+@WithSecurityContext(factory = WithMockJwtUserSecurityContextFactory.class)
+public @interface WithMockJwtUser {
+
+    String username() default "user";
+
+    String[] roles() default { "USER" };
+
+    Claim[] claims() default {};
+
+    @AliasFor(annotation = WithSecurityContext.class)
+    TestExecutionEvent setupBefore() default TestExecutionEvent.TEST_METHOD;
+
+}
diff --git a/src/main/java/fr/frogdevelopment/jwt/test/context/support/WithMockJwtUserSecurityContextFactory.java b/src/main/java/fr/frogdevelopment/jwt/test/context/support/WithMockJwtUserSecurityContextFactory.java
@@ -0,0 +1,40 @@
+package fr.frogdevelopment.jwt.test.context.support;
+
+import static fr.frogdevelopment.jwt.JwtAuthenticationToken.AUTHORITIES_KEY;
+
+import fr.frogdevelopment.jwt.JwtAuthenticationToken;
+import io.jsonwebtoken.impl.DefaultClaims;
+import java.util.ArrayList;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.test.context.support.WithSecurityContextFactory;
+
+public final class WithMockJwtUserSecurityContextFactory implements WithSecurityContextFactory<WithMockJwtUser> {
+
+    @Override
+    public SecurityContext createSecurityContext(WithMockJwtUser withUser) {
+        if (withUser.username() == null || withUser.username().strip().length() == 0) {
+            throw new IllegalArgumentException("Username required");
+        }
+
+        var claims = new DefaultClaims();
+        claims.setSubject(withUser.username());
+
+        var authorities = new ArrayList<String>();
+        for (String role : withUser.roles()) {
+            if (!role.startsWith("ROLE_")) {
+                role = "ROLE_" + role;
+            }
+            authorities.add(role);
+        }
+        claims.put(AUTHORITIES_KEY, authorities);
+
+        for (var claim : withUser.claims()) {
+            claims.put(claim.name(), claim.value());
+        }
+
+        var context = SecurityContextHolder.createEmptyContext();
+        context.setAuthentication(new JwtAuthenticationToken(claims));
+        return context;
+    }
+}
diff --git a/src/test/java/fr/frogdevelopment/jwt/ResolveTokenToAuthenticationTest.java b/src/test/java/fr/frogdevelopment/jwt/ResolveTokenToAuthenticationTest.java
@@ -1,9 +1,10 @@
 package fr.frogdevelopment.jwt;
 
-import static fr.frogdevelopment.jwt.ResolveTokenToAuthentication.AUTHORITIES_KEY;
+import static fr.frogdevelopment.jwt.JwtAuthenticationToken.AUTHORITIES_KEY;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 
@@ -48,6 +49,9 @@ void createAuthentication_should_return_authentication() {
         // then
         assertNotNull(authentication);
         assertEquals(USERNAME, authentication.getPrincipal());
+        assertEquals(USERNAME, authentication.getName());
+        assertNotNull(authentication.getDetails());
+        assertTrue(authentication.isAuthenticated());
         assertNull(authentication.getCredentials());
         var authorities = ROLES.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
         assertEquals(authentication.getAuthorities(), authorities);
