Add Okta dependency

Author: NeftaliYagua

pom.xml

@@ -32,10 +32,16 @@
 		<spring-cloud.version>2024.0.0</spring-cloud.version>
 	</properties>
 	<dependencies>
+
 		<dependency>
+			<groupId>com.okta.spring</groupId>
+			<artifactId>okta-spring-boot-starter</artifactId>
+			<version>3.0.7</version>
+		</dependency>
+		<!--dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
-		</dependency>
+		</dependency-->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>

src/main/java/net/coderic/core/api/config/MvcConfig.java

@@ -7,12 +7,7 @@
 
 @Configuration
 public class MvcConfig implements WebMvcConfigurer {
-    /*
-    @Override
-    public void addViewControllers(ViewControllerRegistry registry) {
-        registry.addViewController("/").setViewName("home");
-    }
-*/
+
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler(

src/main/java/net/coderic/core/api/config/SecurityConfiguration.java

@@ -37,18 +37,13 @@
 @EnableWebSecurity
 public class SecurityConfiguration {
 
-    private final String loginPage;
-
-    public SecurityConfiguration(@Value("${app.login-page}") String loginPage) {
-        this.loginPage = loginPage;
-    }
-
+    @Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
+    private String jwksUri;
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
         http
         .cors(AbstractHttpConfigurer::disable)
-                //.cors(cors -> cors.configurationSource(corsConfigurationSource()))
         .authorizeHttpRequests((authorize) -> authorize
                 .requestMatchers(
                         "/",
@@ -67,38 +62,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                         .maximumSessions(10)
                 )
-/*
-                .oauth2Client(Customizer.withDefaults())
-
-        .oauth2Login((oauth2Login) -> oauth2Login
-                //.loginPage()
-                        .loginProcessingUrl("/swagger-ui/index.html")
-
-                //.loginPage(this.loginPage)
-        )*/
-                /*
-        .logout((logout) -> logout
-                .logoutUrl("/logout")
-                .logoutSuccessUrl("/")
-                .invalidateHttpSession(true)
-                .deleteCookies("JSESSIONID")
-                .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
-                .permitAll()
-        )*/
-        /*.logout(logout -> logout
-                .addLogoutHandler(
-                        new HeaderWriterLogoutHandler(
-                                new ClearSiteDataHeaderWriter(
-                                        ClearSiteDataHeaderWriter.Directive.CACHE,
-                                        ClearSiteDataHeaderWriter.Directive.COOKIES
-                                )
-                        )
-                )
-                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
-                .deleteCookies()
-                .permitAll()
-        )*/
-
         .headers(headers -> headers
             .httpStrictTransportSecurity((hsts) -> hsts
                     .includeSubDomains(true)
@@ -109,10 +72,11 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                     new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY)
             )
         )
+
         .oauth2ResourceServer(oauth2 -> oauth2
             .jwt(jwt -> jwt
                     .jwtAuthenticationConverter(jwtAuthenticationConverter())
-                    .jwkSetUri("https://auth.coderic.org/.well-known/jwks.json")
+                    .jwkSetUri(jwksUri)
             )
         )
         .requiresChannel(
@@ -138,24 +102,6 @@ public CorsConfigurationSource corsConfigurationSource() {
 
     private JwtAuthenticationConverter jwtAuthenticationConverter() {
         JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
-        // Configura cómo deseas mapear los claims del token JWT a roles/autorizaciones
         return converter;
     }
-    @Bean
-    public JwtDecoder jwtDecoder() throws IOException, JOSEException, ParseException {
-        // URL del JWKS de Auth0
-        String jwkSetUri = "https://auth.coderic.org/.well-known/jwks.json";
-        JWKSet jwkSet = JWKSet.load(new URL(jwkSetUri));
-        JWK jwk = jwkSet.getKeys().get(0);
-        RSAKey rsaKey = (RSAKey) jwk;
-        RSAPublicKey publicKey = rsaKey.toRSAPublicKey();
-        return NimbusJwtDecoder.withPublicKey(publicKey).build();
-    }
-    /*
-    @Bean
-    public JwtDecoder jwtDecoder() {
-        // URI del JWKS de Auth0
-        String jwkSetUri = "https://auth.coderic.org/.well-known/jwks.json";
-        return NimbusJwtDecoder.withJwkSetUri(jwkSetUri).build();
-    }*/
 }

src/main/java/net/coderic/core/api/controllers/HelloController.java

@@ -18,6 +18,10 @@ public class HelloController {
     public ResponseEntity<Principal> getUser(@AuthenticationPrincipal Principal principal) {
         return new ResponseEntity<Principal>(principal, HttpStatus.OK);
     }
+    @GetMapping("/hello")
+    public String hello(Principal principal) {
+        return "Hello, " + principal.getName() + "!";
+    }
     /*
     @GetMapping("/logout")
     public ResponseEntity<Boolean> getLogout(Authentication authentication, HttpServletRequest request, HttpServletResponse response) {

src/main/resources/application.properties

@@ -1,10 +1,9 @@
 server.port=${PORT}
 server.http.port=${PORT}
 server.http2.enabled=true
-spring.security.oauth2.resourceserver.jwt.issuer-uri= https://auth.coderic.org/
-
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://auth.coderic.org/
+spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://auth.coderic.org/.well-known/jwks.json
 logging.level.org.springframework.security=trace
-
 messages.base-url=http://localhost:8090
 
 app.login-page=/oauth2/authorization/okta
@@ -30,3 +29,5 @@ memcached.username=${MEMCACHIER_USERNAME}
 memcached.password=${MEMCACHIER_PASSWORD}
 
 security.require-ssl=true
+okta.oauth2.issuer=https://auth.coderic.org/
+okta.oauth2.audience=https://coderic.eu.auth0.com/api/v2/