securing with nextcloud oidc

src/main/java/de/jottyfan/bico/Main.java

@@ -4,7 +4,6 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
 /**
  *
@@ -12,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
  *
  */
 @SpringBootApplication
-@EnableWebSecurity
 public class Main extends SpringBootServletInitializer {
+
 	@Override
 	protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
 		return application.sources(Main.class);

src/main/java/de/jottyfan/bico/config/SecurityConfig.java

@@ -1,15 +1,9 @@
 package de.jottyfan.bico.config;
 
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationEventPublisher;
-import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  *
@@ -17,18 +11,15 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
  *
  */
 @Configuration
-@EnableWebSecurity
 public class SecurityConfig {
-
 	@Bean
-	@ConditionalOnMissingBean(UserDetailsService.class)
-	InMemoryUserDetailsManager imudm() {
-		return new InMemoryUserDetailsManager(User.withUsername("user").password("{noop}password").roles("USER").build());
-	}
-
-	@Bean
-	@ConditionalOnMissingBean(AuthenticationEventPublisher.class)
-	DefaultAuthenticationEventPublisher daep(ApplicationEventPublisher delegate) {
-		return new DefaultAuthenticationEventPublisher(delegate);
+	SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		http.authorizeHttpRequests(
+		// @formatter:off
+			r -> r.requestMatchers("/", "/error", "/css/**", "/js/**", "/webjars/**", "/template").permitAll()
+			      .requestMatchers("/**").authenticated())
+				.oauth2Login(l -> l.authorizationEndpoint(e -> e.baseUri("/oauth2/authorize-client")));
+		// @formatter:on
+		return http.build();
 	}
 }

src/main/java/de/jottyfan/bico/modules/CommonController.java

@@ -1,7 +1,14 @@
 package de.jottyfan.bico.modules;
 
+import java.security.Principal;
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.ui.Model;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.web.bind.annotation.ModelAttribute;
 
 import de.jottyfan.bico.modules.profile.ProfileService;
 
@@ -15,15 +22,31 @@ public abstract class CommonController {
 	@Autowired
 	private ProfileService profileService;
 
+	@Value("${spring.security.oauth2.client.provider.nextcloud.issuer-uri}")
+	private String nextcloudUrl;
+
+	@ModelAttribute("hasBUrole")
+	public Boolean hasBURole(Principal principal) {
+		OAuth2AuthenticationToken token = (OAuth2AuthenticationToken) principal;
+		OAuth2User user = token.getPrincipal();
+		@SuppressWarnings("unchecked")
+		List<String> roles = (List<String>) user.getAttributes().get("roles");
+		return roles.contains("Bibelunterricht");
+	}
+
 	/**
 	 * get the theme for the current session
 	 *
 	 * @return the theme; light or dark at the moment
 	 */
-	public Model useThemedModel(Model model) {
-		// TODO: add profile's user name
-		String username = "jotty";
-		model.addAttribute("theme", profileService.getTheme(username));
-		return model;
+	@ModelAttribute("theme")
+	public String getTheme() {
+		String username = SecurityContextHolder.getContext().getAuthentication().getName();
+		return profileService.getTheme(username);
+	}
+
+	@ModelAttribute("nextcloudUrl")
+	public String getNextcloudUrl() {
+		return nextcloudUrl;
 	}
 }

src/main/java/de/jottyfan/bico/modules/index/IndexController.java

@@ -1,7 +1,6 @@
 package de.jottyfan.bico.modules.index;
 
 import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 
 import de.jottyfan.bico.modules.CommonController;
@@ -14,8 +13,7 @@ import de.jottyfan.bico.modules.CommonController;
 @Controller
 public class IndexController extends CommonController {
 	@GetMapping("/")
-	public String getIndex(Model model) {
-		useThemedModel(model);
+	public String getIndex() {
 		return "redirect:/sheet";
 	}
 }

src/main/java/de/jottyfan/bico/modules/sheet/SheetController.java

@@ -20,7 +20,7 @@ public class SheetController extends CommonController {
 
 	@GetMapping("/sheet")
 	public String getSheet(Model model) {
-		useThemedModel(model).addAttribute("list", service.getList());
+		model.addAttribute("list", service.getList());
 		return "/sheet";
 	}
 }