fix issues during authentication tests, related with using 2 differen…

…t clients
benjaminpochat · Feb 11, 2024 · a19d4d0 · a19d4d0
1 parent e3cd205
commit a19d4d0
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 16 deletions.
diff --git a/...ain/java/eu/viandeendirect/security/configuration/KeycloakJwtAuthenticationConverter.java b/...ain/java/eu/viandeendirect/security/configuration/KeycloakJwtAuthenticationConverter.java
@@ -19,34 +19,40 @@
 
 public class KeycloakJwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
 
-    private final String resourceId;
-
-    public KeycloakJwtAuthenticationConverter(String resourceId) {
-        this.resourceId = resourceId;
-    }
+    public static final String CUSTOMER_FRONTEND_CLIENT_ID = "viandeendirect-customer-frontend";
+    public static final String PRODUCER_FRONTEND_CLIENT_ID = "viandeendirect-producer-frontend";
 
     @Override
     public AbstractAuthenticationToken convert(final Jwt source) {
         Collection<GrantedAuthority> authorities = Stream.concat(
                         defaultGrantedAuthoritiesConverter.convert(source).stream(),
-                        extractResourceRoles(source, resourceId).stream())
+                        extractResourceRoles(source).stream())
                 .collect(Collectors.toSet());
         JwtAuthenticationToken jwtAuthenticationToken = new JwtAuthenticationToken(source, authorities);
         return jwtAuthenticationToken;
     }
 
-    private static Collection<? extends GrantedAuthority> extractResourceRoles(final Jwt jwt, final String resourceId) {
+    private static Collection<? extends GrantedAuthority> extractResourceRoles(final Jwt jwt) {
         Map<String, Object> resourceAccess = jwt.getClaim("resource_access");
-        Map<String, Object> resource;
+        if (resourceAccess == null) {
+            return Collections.emptySet();
+        }
+        Map<String, Object> customerResourceAccess = (Map<String, Object>) resourceAccess.get(CUSTOMER_FRONTEND_CLIENT_ID);
+        Map<String, Object> producerResourceAccess = (Map<String, Object>) resourceAccess.get(PRODUCER_FRONTEND_CLIENT_ID);
         Collection<String> resourceRoles;
-        if (resourceAccess != null && (resource = (Map<String, Object>) resourceAccess.get(resourceId)) != null &&
-                (resourceRoles = (Collection<String>) resource.get("roles")) != null)
-            return resourceRoles.stream()
-                    .map(resourceRole -> new SimpleGrantedAuthority("ROLE_" + resourceRole.toUpperCase()))
-                    .collect(Collectors.toSet());
+        if (producerResourceAccess != null && (resourceRoles = (Collection<String>) producerResourceAccess.get("roles")) != null)
+            return getGrantedAuthorities(resourceRoles);
+        if (customerResourceAccess != null && (resourceRoles = (Collection<String>) customerResourceAccess.get("roles")) != null)
+            return getGrantedAuthorities(resourceRoles);
         return Collections.emptySet();
     }
 
+    private static Set<SimpleGrantedAuthority> getGrantedAuthorities(Collection<String> resourceRoles) {
+        return resourceRoles.stream()
+                .map(resourceRole -> new SimpleGrantedAuthority("ROLE_" + resourceRole.toUpperCase()))
+                .collect(Collectors.toSet());
+    }
+
     private final JwtGrantedAuthoritiesConverter defaultGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
 
 }
diff --git a/...end/app/src/main/java/eu/viandeendirect/security/configuration/SecurityConfiguration.java b/...end/app/src/main/java/eu/viandeendirect/security/configuration/SecurityConfiguration.java
@@ -89,7 +89,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .logoutSuccessUrl("/");
         http.oauth2ResourceServer()
                 .jwt()
-                .jwtAuthenticationConverter(new KeycloakJwtAuthenticationConverter("viandeendirect-frontend"));
+                .jwtAuthenticationConverter(new KeycloakJwtAuthenticationConverter());
         return http.build();
     }
 }
diff --git a/backend/app/src/main/resources/application.properties b/backend/app/src/main/resources/application.properties
@@ -1,3 +1,4 @@
 server.port=8080
 spring.jackson.date-format=eu.viandeendirect.RFC3339DateFormat
 spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false
+logging.level.org.springframework.security=TRACE
diff --git a/frontend/.dockerignore b/frontend/.dockerignore
@@ -0,0 +1 @@
+app/public/*
diff --git a/frontend/app/public/config/keycloak.json b/frontend/app/public/config/keycloak.json
@@ -2,7 +2,7 @@
   "realm": "viandeendirect",
   "auth-server-url": "http://localhost:8180/",
   "ssl-required": "external",
-  "resource": "viandeendirect-frontend",
+  "resource": "viandeendirect-producer-frontend",
   "public-client": true,
   "confidential-port": 0
 }
diff --git a/frontend/app/src/api/ApiBuilder.ts b/frontend/app/src/api/ApiBuilder.ts
@@ -36,7 +36,9 @@ export class ApiBuilder {
         if(process.env.REACT_APP_MOCK_API) {
             return new MockApi()
         } else {
-            return new DefaultApi(ApiClient.instance)
+            let apiClient = ApiClient.instance
+            apiClient.basePath = await this.getBackendUrl()   
+            return new DefaultApi(apiClient)
         }
     }