From c5cb48f99562d22bb83c2bdb3e4b3f6df95c8149 Mon Sep 17 00:00:00 2001
From: unknown <Jerrypan44@gmail.com>
Date: Tue, 5 Nov 2019 15:35:59 +0200
Subject: [PATCH] initial wip

---
 pom.xml                                            | 12 ++++++++++++
 src/main/application.properties                    | 14 ++++++++++++++
 .../mip/configuration/SecurityConfiguration.java   | 11 ++++++++---
 3 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 src/main/application.properties

diff --git a/pom.xml b/pom.xml
index 33287a67e..1d8ac0d6c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -249,6 +249,18 @@
             <artifactId>java-jwt</artifactId>
             <version>3.8.3</version>
         </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>3.8.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-spring-boot-2-starter</artifactId>
+            <version>4.0.0.Final</version>
+        </dependency>
+
+
     </dependencies>
 
     <build>
diff --git a/src/main/application.properties b/src/main/application.properties
new file mode 100644
index 000000000..a2a68cdc6
--- /dev/null
+++ b/src/main/application.properties
@@ -0,0 +1,14 @@
+keycloak.realm=Demo
+keycloak.resource=vanilla
+keycloak.auth-server-url=http://localhost:8080/auth
+keycloak.ssl-required=external
+keycloak.public-client=true
+
+#keycloak.securityConstraints[0].authRoles[0]=Member
+#keycloak.securityConstraints[0].authRoles[1]=Librarian
+#keycloak.securityConstraints[0].securityCollections[0].name=member resource
+#keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/books
+
+#keycloak.securityConstraints[1].authRoles[0]=Librarian
+#keycloak.securityConstraints[1].securityCollections[0].name=librarian resource
+#keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/manager
\ No newline at end of file
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index d8ec1acfb..adacd7a81 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -88,6 +88,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Value("#{'${hbp.resource.revokeTokenUri:https://services.humanbrainproject.eu/oidc/revoke}'}")
     private String revokeTokenURI;
 
+    @Autowired
+    private HttpServletRequest request;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         // @formatter:off
@@ -108,9 +111,11 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                     .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
         }
         else {
-            http.antMatcher("/**")
-                    .authorizeRequests()
-                    .antMatchers("/**").permitAll().and().csrf().disable();
+            //keycloak
+            (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
+//            http.antMatcher("/**")
+//                    .authorizeRequests()
+//                    .antMatchers("/**").permitAll().and().csrf().disable();
         }
     }
 
-- 
GitLab