autoconfigure-auth-oauth2

autoconfigure-auth-oauth2 can be used in any application which requires campus/uip authentication along with universal workflow integration. This module is compatible with ais-nuxt module.

How to use in client project ?

repositories {
	maven {
		url 'https://gitlab.com/api/v4/projects/39953646/packages/maven'
	}
	mavenCentral()
}

dependencies {
	// import BOM
	implementation(platform("uiowa.ais.springboot:autoconfigure:1.0.0"))
	implementation ("uiowa.ais.springboot:autoconfigure-auth-oauth2")
}

2. Extend AisAuthService (This will be used when using JWT authentication)

You will need to extend AisAuthService and override getRoles(String hawkid).

Example:

@Slf4j
@Service
public class AisAuthService extends AisAuthService {

    public static List<String> SUPER_USERS;

    static {
        SUPER_USERS = new ArrayList<>();
        SUPER_USERS.add("ssarathe");
    }

    @Override
    public void postAuthentication(String hawkid, HttpServletRequest httpServletRequest) {
        log.info("on onLogin");
        String ip = httpServletRequest.getRemoteAddr();
        String forwardedIP = httpServletRequest.getHeader("X-Forwarded-For");
        if (forwardedIP != null) ip = forwardedIP;
        String session = UUID.randomUUID().toString();
        MDC.put("user", hawkid + "," + ip + "," + session);
    }

    /*todo: make changes according to application/domain structure
    * For more complex scenario, override getClaims method
    * */
    @Override
    public List<String> getRoles(String hawkid) {
        if(isUserValid(hawkid)) {
         return List.of("ADMIN");
        }
        return null;
    }

    private Boolean isUserValid(String hawkid) {
        return SUPER_USERS.contains(hawkid);
    }

}

4. Properties that can be use in application.properties

key	type	default value	description
uiowa.ais.auth.allowed-urls	List	/favicon.ico , /fonts/** , /public/f5-status.txt	Comma separated url's to be allowed by authentication mechanism
uiowa.ais.auth.oauth2.client-id	String		Required Oauth2 client id
uiowa.ais.auth.oauth2.client-secret	String		Required client secret (Better to encrypt the secret)
uiowa.ais.auth.oauth2.scopes	String		Oauth2 scope