Added CookieSerializer

Author: MarcelCoding

admin-panel/build.gradle

@@ -17,6 +17,8 @@ dependencies {
     implementation "org.springdoc:springdoc-openapi-security:${springDocVersion}"
 
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'org.springframework.session:spring-session-data-redis'
+    implementation 'io.lettuce:lettuce-core'
 
     implementation 'org.jsoup:jsoup:1.13.1'
 

admin-panel/src/main/java/net/cryptic_game/backend/admin/Bootstrap.java

@@ -1,17 +1,20 @@
 package net.cryptic_game.backend.admin;
 
+import java.security.Principal;
+
+import org.apache.commons.lang3.NotImplementedException;
 import org.springdoc.core.GroupedOpenApi;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
-
-import java.security.Principal;
+import org.springframework.web.server.WebSession;
 
 @SpringBootApplication
 @RestController
@@ -22,18 +25,19 @@ public static void main(final String[] args) {
         SpringApplication.run(Bootstrap.class, args);
     }
 
+    @Bean
+    public LettuceConnectionFactory connectionFactory() {
+        return new LettuceConnectionFactory();
+    }
+
     @GetMapping("/user")
     public Principal user(@AuthenticationPrincipal final Principal principal) {
         return principal;
     }
 
     @GetMapping(value = "/auth", produces = MediaType.TEXT_HTML_VALUE)
-    public String auth(@AuthenticationPrincipal final Authentication authentication) {
-        if (authentication.isAuthenticated()) {
-            return "<script>window.close();</script>This window will be closed.";
-        } else {
-            return "Not authenticated!";
-        }
+    public String auth(@AuthenticationPrincipal final Authentication authentication, final WebSession session) {
+        throw new NotImplementedException();
     }
 
     @Bean

admin-panel/src/main/java/net/cryptic_game/backend/admin/Config.java

@@ -9,4 +9,5 @@ public class Config {
 
     private String apiToken;
     private String serverUrl;
+    private String cookieDomain;
 }

admin-panel/src/main/java/net/cryptic_game/backend/admin/SecurityConfiguration.java

@@ -1,6 +1,7 @@
 package net.cryptic_game.backend.admin;
 
 import java.lang.reflect.Field;
+import java.time.Duration;
 import java.util.Collection;
 import java.util.Locale;
 import java.util.Set;
@@ -14,12 +15,17 @@
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec;
+import org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec;
+import org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
 import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
+import org.springframework.web.server.session.CookieWebSessionIdResolver;
+import org.springframework.web.server.session.WebSessionIdResolver;
 
 @Slf4j
 @EnableWebFluxSecurity
@@ -38,7 +44,9 @@ private static void setField(final Class<?> clazz, final String field, final Obj
 
     @Bean
     public SecurityWebFilterChain securityWebFilterChain(final ServerHttpSecurity http) {
-        http.csrf().disable();
+        http.csrf(CsrfSpec::disable);
+        http.formLogin(FormLoginSpec::disable);
+        http.httpBasic(HttpBasicSpec::disable);
 
         final WebSessionServerRequestCache webSessionServerRequestCache = new WebSessionServerRequestCache();
         http.requestCache(spec -> spec.requestCache(webSessionServerRequestCache));
@@ -100,6 +108,22 @@ public SecurityWebFilterChain securityWebFilterChain(final ServerHttpSecurity ht
 
                 .anyExchange().authenticated();
 
+//        http.exceptionHandling()
+//                .authenticationEntryPoint((exchange, ex) -> Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)));
+
         return http.build();
     }
+
+    @Bean
+    WebSessionIdResolver webSessionIdResolver(final Config config) {
+        final CookieWebSessionIdResolver resolver = new CookieWebSessionIdResolver();
+
+        resolver.setCookieMaxAge(Duration.ofDays(1));
+        resolver.addCookieInitializer(responseCookieBuilder ->
+                responseCookieBuilder.domain(config.getCookieDomain())
+                        .httpOnly(true)
+        );
+
+        return resolver;
+    }
 }

admin-panel/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -23,11 +23,18 @@ springdoc.swagger-ui.try-it-out-enabled=true
 spring.security.oauth2.client.registration.cryptic-oauth.client-name=${OIDC_NAME:}
 spring.security.oauth2.client.registration.cryptic-oauth.client-id=${OIDC_CLIENT_ID:}
 spring.security.oauth2.client.registration.cryptic-oauth.client-secret=${OIDC_CLIENT_SECRET:}
+#spring.security.oauth2.client.registration.cryptic-oauth.redirect-uri=http://localhost:4200/auth.html
 spring.security.oauth2.client.registration.cryptic-oauth.provider=cryptic-oauth
 spring.security.oauth2.client.provider.cryptic-oauth.issuer-uri=${OIDC_ISSUER_URL:}
 #spring.security.oauth2.client.provider.cryptic-oauth.user-name-attribute=${OIDC_USERNAME_ATTRIBUTE:}
 server.forward-headers-strategy=native
-
-#gameserver
+# gameserver
 cryptic.admin-panel.api-token=${API_TOKEN:}
 cryptic.admin-panel.server-url=${SERVER_URL:}
+# cookie
+cryptic.admin-panel.cookie-domain=${COOKIE_DOMAIN:}
+# redis
+spring.session.store-type=redis
+spring.redis.host=${REDIS_HOST:localhost}
+spring.redis.port=${REDIS_PORT:6379}
+spring.redis.password=${REDIS_PASS:}