Externalize user configuration

Author: MarcialRosales

selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java

@@ -36,9 +36,6 @@
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 
-import static com.rabbitmq.authorization_server.ScopeAuthority.scope;
-import static com.rabbitmq.authorization_server.AudienceAuthority.aud;
-
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
@@ -88,38 +85,10 @@ public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
 	}
 
 	@Bean 
-	public UserDetailsService userDetailsService() {
-		UserDetails userDetails = User.withDefaultPasswordEncoder()
-				.username("rabbit_admin")
-				.password("rabbit_admin")
-				.authorities(List.of(
-					scope("openid"),
-					scope("profile"),
-					scope("rabbitmq.tag:administrator"),
-					aud("rabbitmq")))
-				.build();
-
-		return new InMemoryUserDetailsManager(userDetails);
+	public UserDetailsService userDetailsService(UsersConfiguration users) {
+		return new InMemoryUserDetailsManager(users.getUserDetails());
 	}
-/*
-	@Bean 
-	public RegisteredClientRepository registeredClientRepository() {
-		RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
-				.clientId("oidc-client")
-				.clientSecret("{noop}secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
-				.redirectUri("http://127.0.0.1:8080/login/oauth2/code/oidc-client")
-				.postLogoutRedirectUri("http://127.0.0.1:8080/")
-				.scope(OidcScopes.OPENID)
-				.scope(OidcScopes.PROFILE)
-				.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
-				.build();
 
-		return new InMemoryRegisteredClientRepository(oidcClient);
-	}
- */
 	@Bean 
 	public JWKSource<SecurityContext> jwkSource() {
 		KeyPair keyPair = generateRsaKey();

selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SimpleCORSFilter.java

@@ -1,11 +1,7 @@
 package com.rabbitmq.authorization_server;
 
 import java.io.IOException;
-import java.util.Optional;
-import java.util.Set;
-
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -29,13 +25,12 @@ public SimpleCORSFilter() {
 
     @Override
     public void init(FilterConfig fc) throws ServletException {
-        System.out.println("Init SimpleCORSFilter");
+        
     }
 
     @Override
     public void doFilter(ServletRequest req, ServletResponse resp,
-                         FilterChain chain) throws IOException, ServletException {
-        System.out.println("doFilter SimpleCORSFilter");
+                         FilterChain chain) throws IOException, ServletException {        
         HttpServletResponse response = (HttpServletResponse) resp;
         HttpServletRequest request = (HttpServletRequest) req;
         response.setHeader("Access-Control-Allow-Origin", "*");

selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/UsersConfiguration.java

@@ -0,0 +1,93 @@
+package com.rabbitmq.authorization_server;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import static com.rabbitmq.authorization_server.AudienceAuthority.aud;
+import static com.rabbitmq.authorization_server.ScopeAuthority.scope;
+
+@Component
+@ConfigurationProperties(prefix = "spring.security.oauth2")
+public class UsersConfiguration {
+
+    private List<ConfigUser> users;
+    
+    public UsersConfiguration() {
+    }
+
+    @Override
+    public String toString() {
+        return "UsersConfiguration [users=" + users + "]";
+    }
+
+    public List<UserDetails> getUserDetails() {
+        return users.stream().map(u -> 
+             User.withDefaultPasswordEncoder()
+				.username(u.getUsername())
+				.password(u.getPassword())
+				.authorities(u.getAuthorities())
+				.build()).toList();
+    }
+    
+    public static class ConfigUser {
+
+        private String username;
+        private String password;
+        private List<String> scopes;
+        private List<String> audiencies;
+        
+        public ConfigUser() {
+        }
+        
+        public void setUsername(String username) {
+            this.username = username;
+        }
+        public void setPassword(String password) {
+            this.password = password;
+        }
+        public void setScopes(List<String> scopes) {
+            this.scopes = scopes;
+        }
+        public void setAudiencies(List<String> audiencies) {
+            this.audiencies = audiencies;
+        }
+        public String getUsername() {
+            return username;
+        }
+        public String getPassword() {
+            return password;
+        }
+        public List<String> getScopes() {
+            return scopes;
+        }
+        public List<String> getAudiencies() {
+            return audiencies;
+        }
+        public List<GrantedAuthority> getAuthorities() {
+            return Stream.concat(scopes.stream().map(s -> scope(s)),
+                audiencies.stream().map(s -> aud(s))).toList();
+        }
+
+        @Override
+        public String toString() {
+            return "User [username=" + username + ", password=" + password + ", scopes=" + scopes + ", audiencies="
+                    + audiencies + "]";
+        }
+
+       
+    }
+
+    public List<ConfigUser> getUsers() {
+        return users;
+    }
+
+    public void setUsers(List<ConfigUser> users) {
+        this.users = users;
+    }
+}

selenium/authorization-server/src/main/resources/application.yml

@@ -17,6 +17,15 @@ spring:
             type: PKCS12
   security:
     oauth2:
+      users:
+        - username: rabbit_admin
+          password: rabbit_admin 
+          scopes: 
+            - openid 
+            - profile 
+            - rabbitmq.tag:administrator
+          audiencies: 
+            - rabbitmq
       authorizationserver:
         client:
           mgt_api_client: