Downgrade springboot version - build kotlin-service

Author: rodrigorodrigues

authentication-service/src/main/java/com/microservice/authentication/AuthenticationServiceApplication.java

@@ -1,29 +1,42 @@
 package com.microservice.authentication;
 
+import java.nio.charset.StandardCharsets;
 import java.security.KeyPair;
 import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
+import java.time.Instant;
 import java.util.Collections;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Optional;
 import java.util.Properties;
 import java.util.UUID;
 import java.util.concurrent.Executors;
 
+import javax.crypto.spec.SecretKeySpec;
+
+import com.microservice.authentication.autoconfigure.AuthenticationProperties;
 import com.microservice.authentication.common.model.Authentication;
 import com.microservice.authentication.common.model.Authority;
 import com.microservice.authentication.common.repository.AuthenticationCommonRepository;
 import com.microservice.authentication.config.SpringSecurityConfiguration;
 import com.microservice.web.common.util.constants.DefaultUsers;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.crypto.MACSigner;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
-import jakarta.servlet.http.Cookie;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import net.minidev.json.JSONObject;
+import org.apache.commons.lang.StringUtils;
 
 import org.springframework.beans.BeansException;
 import org.springframework.boot.CommandLineRunner;
@@ -39,6 +52,7 @@
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
 import org.springframework.core.task.AsyncTaskExecutor;
 import org.springframework.core.task.support.TaskExecutorAdapter;
 import org.springframework.data.mongodb.core.MongoTemplate;
@@ -49,10 +63,11 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtEncoder;
+import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
-import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
-import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
 import org.springframework.session.MapSessionRepository;
@@ -76,23 +91,6 @@ public static void main(String[] args) {
 		SpringApplication.run(AuthenticationServiceApplication.class, args);
 	}
 
-    @Bean
-    BearerTokenResolver bearerTokenResolver() {
-        DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
-        return request -> {
-            var cookies = request.getCookies();
-            log.debug("Getting Bearer Token resolver: cookies: {}", cookies);
-            if (cookies == null) {
-                cookies = new Cookie[] {};
-            }
-            return Arrays
-                    .stream(cookies)
-                    .filter(c -> c.getName().equals("SESSIONID"))
-                    .map(Cookie::getValue)
-                    .findFirst().orElseGet(() -> defaultBearerTokenResolver.resolve(request));
-        };
-    }
-
     @Bean
     @ConditionalOnMissingBean
     public SessionRepository defaultSessionRepository() {
@@ -114,16 +112,85 @@ public PasswordEncoder encoder() {
         return PasswordEncoderFactories.createDelegatingPasswordEncoder();
     }
 
+    @ConditionalOnProperty(prefix = "com.microservice.authentication.jwt", name = "key-value")
+    @Primary
+    @ConditionalOnMissingBean
+    @Bean
+    public JwtDecoder jwtDecoder(AuthenticationProperties properties) throws JOSEException {
+        AuthenticationProperties.Jwt jwt = properties.getJwt();
+        byte[] secret = jwt.getKeyValue().getBytes(StandardCharsets.UTF_8);
+
+        MACSigner macSigner = new MACSigner(secret);
+        return NimbusJwtDecoder.withSecretKey(macSigner.getSecretKey()).build();
+    }
+
     @Bean
     @ConditionalOnMissingBean
-    JwtEncoder jwtEncoder() {
-        KeyPair keyPair = applicationContext.getBean(KeyPair.class);
+    JwtEncoder jwtEncoder(AuthenticationProperties properties) {
+        AuthenticationProperties.Jwt jwt = properties.getJwt();
+        String keyValue = jwt.getKeyValue();
+        if (StringUtils.isNotBlank(keyValue)) {
+            return parameters -> {
+                byte[] secret = jwt.getKeyValue().getBytes(StandardCharsets.UTF_8);
+                SecretKeySpec secretKeySpec = new SecretKeySpec(secret, "HMACSHA256");
+
+                try {
+                    MACSigner signer = new MACSigner(secretKeySpec);
+
+                    JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder();
+                    parameters.getClaims().getClaims().forEach((key, value) ->
+                        claimsSetBuilder.claim(key, value instanceof Instant ? Date.from((Instant) value) : value)
+                    );
+                    JWTClaimsSet claimsSet = claimsSetBuilder.build();
 
-        JWK jwk = new RSAKey.Builder((RSAPublicKey) keyPair.getPublic())
-            .privateKey(keyPair.getPrivate())
+                    JSONObject jsonObject = new JSONObject();
+                    jsonObject.put("alg", JWSAlgorithm.HS256.getName());
+                    jsonObject.put("typ", "JWT");
+
+                    JWSHeader header = JWSHeader.parse(jsonObject);
+                    SignedJWT signedJWT = new SignedJWT(header, claimsSet);
+                    signedJWT.sign(signer);
+
+                    return Jwt.withTokenValue(signedJWT.serialize())
+                        .header("alg", header.getAlgorithm().getName())
+                        .header("typ", "JWT")
+                        .subject(claimsSet.getSubject())
+                        .issuer(claimsSet.getIssuer())
+                        .claims(claims -> claims.putAll(claimsSet.getClaims()))
+                        .issuedAt(claimsSet.getIssueTime().toInstant())
+                        .expiresAt(claimsSet.getExpirationTime().toInstant())
+                        .build();
+                }
+                catch (Exception e) {
+                    throw new IllegalStateException("Error while signing the JWT", e);
+                }
+            };
+        } else {
+            KeyPair keyPair = applicationContext.getBean(KeyPair.class);
+
+            JWK jwk = new RSAKey.Builder((RSAPublicKey) keyPair.getPublic())
+                .privateKey(keyPair.getPrivate())
+                .build();
+            JWKSource<SecurityContext> jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
+            return new NimbusJwtEncoder(jwks);
+        }
+    }
+
+    @ConditionalOnProperty(prefix = "com.microservice.authentication.jwt", name = "key-value")
+    @Bean
+    @ConditionalOnMissingBean
+    public JWKSource<SecurityContext> jwkSource(AuthenticationProperties properties) {
+        AuthenticationProperties.Jwt jwt = properties.getJwt();
+        byte[] secret = jwt.getKeyValue().getBytes(StandardCharsets.UTF_8);
+
+        OctetSequenceKey octetKey = new OctetSequenceKey.Builder(secret)
+            .keyID(UUID.randomUUID().toString())
+            .algorithm(JWSAlgorithm.HS256)
             .build();
-        JWKSource<SecurityContext> jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
-        return new NimbusJwtEncoder(jwks);
+
+        JWKSet jwkSet = new JWKSet(octetKey);
+
+        return (jwkSelector, context) -> jwkSelector.select(jwkSet);
     }
 
     @Bean

authentication-service/src/test/java/com/microservice/authentication/AuthenticationServiceApplicationIntegrationTest.java

@@ -93,7 +93,7 @@
         "logging.level.com.microservice=debug",
         "spring.cloud.consul.config.enabled=false",
         "de.flapdoodle.mongodb.embedded.version=5.0.5",
-    "logging.level.org.springframework.security=trace"})
+        "logging.level.org.springframework.security=trace"})
 @ContextConfiguration(initializers = AuthenticationServiceApplicationIntegrationTest.GenerateKeyPairInitializer.class,
     classes = {AuthenticationServiceApplicationIntegrationTest.MockConfiguration.class})
 @AutoConfigureMockMvc
@@ -206,14 +206,10 @@ public void shouldUserBeAuthenticatedWhenCallingApi() throws Exception {
         LinkedMultiValueMap<String, String> formData = new LinkedMultiValueMap<>();
         formData.add("username", "master@gmail.com");
         formData.add("password", "password123");
-        var response = mockMvc.perform(post("/login")
-            .params(formData)
-            .with(csrf()))
-            .andExpect(status().is3xxRedirection())
-            .andReturn()
-            .getResponse();
-
-        assertThat(response.getCookies()).isNotEmpty();
+        mockMvc.perform(post("/login")
+                .params(formData)
+                .with(csrf()))
+            .andExpect(status().is3xxRedirection());
     }
 
     @Test
@@ -237,7 +233,7 @@ public void shouldWorkLogoutUrl() throws Exception {
     @DisplayName("Test - When Calling GET - /api/authenticatedUser without jwt should return 401 - Unauthorized")
     public void shouldReturnUnauthorizedWhenCallingApiWithoutAuthorizationHeader() throws Exception {
         mockMvc.perform(get("/api/authenticatedUser")
-            .with(csrf()))
+                .with(csrf()))
             .andExpect(status().is4xxClientError());
     }
 
@@ -249,8 +245,8 @@ public void shouldReturnUnauthorizedWhenCallingAuthenticateApiWithDefaultSystemU
         formData.add("password", "noPassword");
 
         mockMvc.perform(post("/api/authenticate")
-            .params(formData)
-            .with(csrf()))
+                .params(formData)
+                .with(csrf()))
             .andExpect(status().is4xxClientError())
             .andExpect(content().contentTypeCompatibleWith(MediaType.APPLICATION_JSON_VALUE))
             .andExpect(header().doesNotExist(HttpHeaders.AUTHORIZATION))
@@ -278,7 +274,7 @@ public void shouldReturnOkWithToken() throws Exception {
         String authorizationHeader = "Bearer " + signedJWT.serialize();
 
         mockMvc.perform(get("/")
-            .header(HttpHeaders.AUTHORIZATION, authorizationHeader))
+                .header(HttpHeaders.AUTHORIZATION, authorizationHeader))
             .andExpect(status().is2xxSuccessful());
     }
 
@@ -289,15 +285,15 @@ public void shouldWorkLoginWithoutCsrf() throws Exception {
         formData.add("password", "password123");
 
         String content = mockMvc.perform(get("/api/csrf"))
-                .andExpect(status().is2xxSuccessful())
-                .andDo(print())
-                .andExpect(content().contentTypeCompatibleWith(MediaType.APPLICATION_JSON_VALUE))
-                .andExpect(jsonPath("$.headerName", is(notNullValue())))
-                .andExpect(jsonPath("$.parameterName", is(notNullValue())))
-                .andExpect(jsonPath("$.token", is(notNullValue())))
-                .andReturn()
-                .getResponse()
-                .getContentAsString();
+            .andExpect(status().is2xxSuccessful())
+            .andDo(print())
+            .andExpect(content().contentTypeCompatibleWith(MediaType.APPLICATION_JSON_VALUE))
+            .andExpect(jsonPath("$.headerName", is(notNullValue())))
+            .andExpect(jsonPath("$.parameterName", is(notNullValue())))
+            .andExpect(jsonPath("$.token", is(notNullValue())))
+            .andReturn()
+            .getResponse()
+            .getContentAsString();
 
         assertThat(content).isNotEmpty();
 
@@ -308,7 +304,7 @@ public void shouldWorkLoginWithoutCsrf() throws Exception {
         mockMvc.perform(post("/api/authenticate")
                 .params(formData)
                 .with(csrf()))
-                //.header(csrfToken.getHeaderName(), csrfToken.getToken()))
+            //.header(csrfToken.getHeaderName(), csrfToken.getToken()))
             .andExpect(status().isOk())
             .andExpect(content().contentTypeCompatibleWith(MediaType.APPLICATION_JSON_VALUE))
             .andExpect(header().exists(HttpHeaders.AUTHORIZATION))
@@ -342,16 +338,6 @@ public void shouldWorkLoginAndLogout() throws Exception {
         assertThat(accessToken).isNotEmpty();
         assertThat(accessToken.get("tokenValue")).isNotNull();
 
-        mockMvc.perform(get("/api/authenticatedUser")
-                .with(csrf())
-                .cookie(response.getCookies())
-                .header("sessionId", response.getHeader("sessionId")))
-            .andDo(print())
-            .andExpect(status().isOk())
-            .andExpect(content().contentTypeCompatibleWith(MediaType.APPLICATION_JSON_VALUE))
-            .andExpect(header().exists(HttpHeaders.AUTHORIZATION))
-            .andExpect(jsonPath("$.tokenValue", is(notNullValue())));
-
         String authorization = "Bearer " + accessToken.get("tokenValue").toString();
         mockMvc.perform(get("/api/authenticatedUser")
                 .with(csrf())

authentication-service/src/test/resources/application.yml

@@ -39,11 +39,6 @@ spring:
                     google:
                         client-id: test
                         client-secret: test
-            resourceserver:
-                jwt:
-                    jwk-set-uri: http://localhost:${server.port}/.well-known/jwks.json
-                opaquetoken:
-                    client-id:
     data:
         redis:
             repositories: