Next try for remember me

2026-03-12 22:11:08 +01:00 · 2025-06-27 14:41:48 +02:00
parent 9621360647
commit 3df5670015
4 changed files with 86 additions and 5 deletions
--- a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfig.java
+++ b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfig.java
@@ -0,0 +1,20 @@
+package org.kickerelo.kickerelo.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+
+@Profile("prod")
+@Configuration
+public class SecurityConfig {
+    @Bean
+    public OAuth2AuthorizedClientService authorizedClientService(
+            JdbcTemplate jdbcTemplate,
+            ClientRegistrationRepository clientRegistrationRepository) {
+        return new JdbcOAuth2AuthorizedClientService(jdbcTemplate, clientRegistrationRepository);
+    }
+}
--- a/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java
+++ b/src/main/java/org/kickerelo/kickerelo/config/SecurityConfiguration.java
@@ -2,31 +2,77 @@ package org.kickerelo.kickerelo.config;

 import java.security.SecureRandom;
 import java.util.Base64;
+
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
+import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

 import com.vaadin.flow.spring.security.VaadinWebSecurity;
+import org.springframework.security.oauth2.client.*;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
+import org.springframework.security.web.SecurityFilterChain;

@Profile("prod")
@Configuration
-class SecurityConfiguration extends VaadinWebSecurity {
+class SecurityConfiguration {
+
+    private final OAuth2AuthorizedClientService authorizedClientService;
+
+    // Inject the persistent authorized client service we configured previously
+    public SecurityConfiguration(OAuth2AuthorizedClientService authorizedClientService) {
+        this.authorizedClientService = authorizedClientService;
+    }

    private static String rememberMeSecret = null;

-    @Override
    protected void configure(HttpSecurity http) throws Exception {
        if (rememberMeSecret == null) rememberMeSecret = generateSecret();

        http.authorizeHttpRequests(auth -> auth
                .requestMatchers("/app/admin/**", "/app/admin", "/app/app/admin/**", "/app/app/admin").hasAuthority("Kicker Admin")
                .anyRequest().permitAll())
-            .rememberMe(rememberMe -> rememberMe.key(rememberMeSecret))
            .oauth2Login(org.springframework.security.config.Customizer.withDefaults())
            .logout(logout -> logout.logoutSuccessUrl("/"))
            .csrf(csrf -> csrf.disable());
    }

+
+    @Bean
+    public OAuth2AuthorizedClientManager authorizedClientManager(
+            ClientRegistrationRepository clientRegistrationRepository,
+            OAuth2AuthorizedClientRepository authorizedClientRepository) {
+
+        OAuth2AuthorizedClientProvider authorizedClientProvider =
+                OAuth2AuthorizedClientProviderBuilder.builder()
+                        .authorizationCode()
+                        .refreshToken()
+                        .clientCredentials()
+                        .build();
+
+        DefaultOAuth2AuthorizedClientManager authorizedClientManager =
+                new DefaultOAuth2AuthorizedClientManager(
+                        clientRegistrationRepository, authorizedClientRepository);
+        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
+
+        return authorizedClientManager;
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/app/admin/**", "/app/admin", "/app/app/admin/**", "/app/app/admin").hasAuthority("Kicker Admin")
+                        .anyRequest().permitAll())
+                .oauth2Login(org.springframework.security.config.Customizer.withDefaults())
+                .logout(logout -> logout.logoutSuccessUrl("/"))
+                .csrf(csrf -> csrf.disable());
+
+        return http.build();
+    }
+
    private String generateSecret() {
        SecureRandom random = new SecureRandom();
        byte[] bytes = new byte[24];