SpringBoot (10) Authentication (1). Server certificate, application.yml and Application.java

 0. Introduction

The goal is to use a certificate for client authentication. So the HTTPS protocol should be used. 

To use this protocol, a server certificate is needed.

Let's see the steps to accomplish this target:

1. Server certificate

Get a server certificate in "p12" format with a password. 

Create a folder (keystores) in src/main/resources and place the server certificate in this folder.

2. application.yml file

Here is the file

======================================================================

server:
  
  #====================================================================================
  # 1. For accepting "{ }" in parameters and for accepting a long number of parameters
  #====================================================================================
  #@see https://stackoverflow.com/a/58440058/7704658
  #@see https://www.programmersought.com/article/4517808578/
  tomcat:
    relaxed-query-chars: ['{','}']
    max-parameter-count: -1
  
  #====================================================================================
  # 2. SSL-X05 Authorisation
  #====================================================================================
  #--ssl-x05 autorization @ see https://www.baeldung.com/x-509-authentication-in-spring-security
  ssl:
    key-store: classpath:keystores/server_cert.p12
    keyStoreType: pkcs12
    key-store-password: myPasword
    
    client-auth: need
  
  port: 8443
  
  #====================================================================================
  # 3. Include stracktrace in the error page
  #====================================================================================
  #--error management
  #--@see https://www.logicbig.com/tutorials/spring-framework/spring-boot/custom-thymeleaf-error-page.html
  error:

    include-stacktrace: always

======================================================================

The file is commented on. The SSL configuration needs the server certificate, its password, the type of keystore, and the param client-auth set to "need".

2. Application.java file

Here is the file:

=====================================================================
package ximo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.context.annotation.Bean;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.SecurityFilterChain;


import ximo.xotherapps.utils.basic.CertificateUtils;

@SpringBootApplication
@EnableWebSecurity
public class Application {
    
    
    /**************************************************************
     * 1. CERTIFICATE MANAGEMENT 
     **************************************************************/
    
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests()
               .anyRequest()
               .authenticated()
               .and()
                
           .x509()
               .subjectPrincipalRegex("CN=(.*?)(?:,|$)")
               .userDetailsService(userDetailsService());
        
        return http.build();
    }
    /****************************************************************
     * 2. GET USER DETAILS
    *****************************************************************/
    
    @Bean
    public UserDetailsService userDetailsService() {
        return new UserDetailsService() {
            @Override
            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                System.out.println("username="+username);
                
                //CertificateUtils is a my class for managing certificates
                String DNI=CertificateUtils.getDNIFromCN(username);
                System.out.println("DNI="+DNI);
                
                //Assign ROLE_USER to all users that use a certificate
                return new User(username, "", 
                     AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
                
            }
        };
    }
    
    
    public static void main(String[] args) {
       SpringApplication.run(Application.class, args);
    }

}

======================================================================



Comentarios

Publicar un comentario

Entradas populares de este blog

SpringBoot (14) Let's start (2/10). Defining users

0. Introduction  The users' definition is in the file src/main/resources/config/menus/users.yml The fields used are: id name surname1 surname2 document : The DNI or any other specialRoles : A list of roles for instance [ADMIN, TERCERS, TERRIRORI ] lAccess : a list of menus asnd access level. The fields of this elements are: idMenu : id of the menu whose access level is referred. accessLevel : access level assigned to the userfrom 1 to 6 as shown in the previous post Here is an example with 2 users: 1 2 3 4 5 6 7 8 9 10 11 users: users: #--- Negociats: Nivell 0 - { id : 1 , name : Joan , surname1 : Perez , surname2 : Perez , document : 12345678K , specialRoles : [ ADMIN , TERCERS ], lAccess : [ { idMenu : 1 , accessLevel : 6 }, { idMenu : 2 , accessLevel : 6 }, { idMenu : 3 , accessLevel : 6 }, { idMenu : 6 , accessLevel : 6 }, { idMenu : 8 , accessLevel : 6 } ] } - { id : 2 , name : Pere , surname1 : Lopez , surname2 : Lopera , d...
Leer más

SpringBoot (6) Spring Data JPA (1)

 1. application.yml This file is in the folder src/main/resources 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 spring: #--JPA datasource: #--Connection Pool hiraki: connectionTimeout: 20000 maximumPoolSize: 5 # PostgreSQL url: jdbc:postgresql://localhost:5432/mydb driver-class-name: org.postgresql.Driver username: user password: password jpa: hibernate: ddl-auto: update show-sql: true This will create or update tables 2. Defining Entities to persist There are many entries where defining entities but an Entity needs: The @Entity annotation The@Audited annotation if you want a control version The @Table (name="table_name",  schema = "myschema", uniqueConstraints..., indexes ..) All the related entities ( referenced in @OneToMany, @ManyToMany and ManyToOne) must be annotated with @Entity and @Audited (if any of the has the @Audited, then all classes should have this annotation also) Common error...
Leer más