feat: add webClientToken interceptor

InseeFr · Jan 26, 2024 · 63e8e8d · 63e8e8d
1 parent b5520ff
commit 63e8e8d
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 62 deletions.
diff --git a/src/main/java/fr/insee/publicenemy/api/configuration/AppConfig.java b/src/main/java/fr/insee/publicenemy/api/configuration/AppConfig.java
@@ -1,8 +1,12 @@
 package fr.insee.publicenemy.api.configuration;
 
+import fr.insee.publicenemy.api.application.web.auth.AuthenticationHelper;
+import fr.insee.publicenemy.api.configuration.rest.WebClientTokenInterceptor;
 import io.netty.handler.logging.LogLevel;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.cache.annotation.EnableCaching;
@@ -28,6 +32,10 @@
 @Slf4j
 public class AppConfig implements WebMvcConfigurer {
 
+    @Autowired
+    private AuthenticationHelper authenticationHelper;
+
+
     /**
      * 
      * @param proxyUrl proxy url
@@ -36,9 +44,12 @@ public class AppConfig implements WebMvcConfigurer {
      * @return webclient configured with proxy
      */
     @Bean
-    @ConditionalOnProperty(name="application.proxy.enable", havingValue="true")
-    public WebClient webClientProxy(@Value("${application.proxy.url}") String proxyUrl, 
-            @Value("${application.proxy.port}") Integer proxyPort, @Value("${application.debug.webclient}") boolean debug,
+    @ConditionalOnProperty(name="feature.proxy.enabled", havingValue="true")
+    public WebClient webClientProxy(
+            @Value("${feature.proxy.url}") String proxyUrl,
+            @Value("${feature.proxy.port}") Integer proxyPort,
+            @Value("${feature.debug.webclient}") boolean debug,
+            @Value("${feature.oidc.enabled}") boolean oidcEnabled,
             WebClient.Builder builder) {
         HttpClient httpClient = HttpClient.create()
                 .proxy(proxy -> proxy
@@ -55,6 +66,8 @@ public WebClient webClientProxy(@Value("${application.proxy.url}") String proxyU
             .clientConnector(new ReactorClientHttpConnector(httpClient))
             .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) 
             .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE);
+
+        if(oidcEnabled) builder.filter(new WebClientTokenInterceptor(authenticationHelper));
         return builder.build();
     }
 
@@ -64,11 +77,14 @@ public WebClient webClientProxy(@Value("${application.proxy.url}") String proxyU
      * @return webclient with json default headers
      */
     @Bean
-    @ConditionalOnProperty(name="application.proxy.enable", havingValue="false")
-    public WebClient webClient(WebClient.Builder builder) {
+    @ConditionalOnProperty(name="feature.proxy.enabled", havingValue="false")
+    public WebClient webClient(
+            @Value("${feature.oidc.enabled}") boolean oidcEnabled,
+            WebClient.Builder builder) {
         builder
-            .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) 
-            .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE);
+                .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+                .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE);
+        if(oidcEnabled)  builder.filter(new WebClientTokenInterceptor(authenticationHelper));
         return builder.build();
     }
 }
diff --git a/src/main/java/fr/insee/publicenemy/api/configuration/auth/OidcSecurityConfiguration.java b/src/main/java/fr/insee/publicenemy/api/configuration/auth/OidcSecurityConfiguration.java
@@ -1,11 +1,8 @@
 package fr.insee.publicenemy.api.configuration.auth;
 
-import fr.insee.publicenemy.api.application.web.auth.AuthenticationHelper;
 import fr.insee.publicenemy.api.configuration.properties.ApplicationProperties;
 import fr.insee.publicenemy.api.configuration.properties.OidcProperties;
 import fr.insee.publicenemy.api.configuration.properties.RoleProperties;
-import fr.insee.publicenemy.api.configuration.rest.RestTemplateAddJsonHeaderInterceptor;
-import fr.insee.publicenemy.api.configuration.rest.RestTemplateTokenInterceptor;
 import lombok.AllArgsConstructor;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
@@ -24,7 +21,6 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
 import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
-import org.springframework.web.client.RestTemplate;
 
 import java.util.Collection;
 

diff --git a/...ava/fr/insee/publicenemy/api/configuration/rest/RestTemplateAddJsonHeaderInterceptor.java b/...ava/fr/insee/publicenemy/api/configuration/rest/RestTemplateAddJsonHeaderInterceptor.java
diff --git a/src/main/java/fr/insee/publicenemy/api/configuration/rest/RestTemplateTokenInterceptor.java b/src/main/java/fr/insee/publicenemy/api/configuration/rest/RestTemplateTokenInterceptor.java
diff --git a/src/main/java/fr/insee/publicenemy/api/configuration/rest/WebClientTokenInterceptor.java b/src/main/java/fr/insee/publicenemy/api/configuration/rest/WebClientTokenInterceptor.java
@@ -0,0 +1,27 @@
+package fr.insee.publicenemy.api.configuration.rest;
+
+import fr.insee.publicenemy.api.application.web.auth.AuthenticationHelper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.reactive.function.client.ClientRequest;
+import org.springframework.web.reactive.function.client.ClientResponse;
+import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
+import org.springframework.web.reactive.function.client.ExchangeFunction;
+import reactor.core.publisher.Mono;
+
+@RequiredArgsConstructor
+@Slf4j
+public class WebClientTokenInterceptor implements ExchangeFilterFunction {
+
+    private final AuthenticationHelper authenticationHelper;
+
+    @Override
+    public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
+        String jwt = authenticationHelper.getUserToken();
+        ClientRequest newRequest = ClientRequest.from(request)
+                .headers(h -> h.setBearerAuth(jwt))
+                .build();
+        return next.exchange(newRequest);
+    }
+}
diff --git a/src/main/java/fr/insee/publicenemy/api/configuration/swagger/SpringDocConfiguration.java b/src/main/java/fr/insee/publicenemy/api/configuration/swagger/SpringDocConfiguration.java
@@ -28,7 +28,6 @@ protected OpenAPI noAuthOpenAPI(BuildProperties buildProperties) {
     @Bean
     @ConditionalOnProperty(name = "feature.oidc.enabled", havingValue = "true")
     protected OpenAPI oidcOpenAPI(OidcProperties oidcProperties, BuildProperties buildProperties) {
-        System.out.println("JKjclkdj");
         String authUrl = oidcProperties.authServerUrl() + "/realms/" + oidcProperties.realm() + "/protocol/openid-connect";
         String securitySchemeName = "oauth2";