From 6fdd4a57e0a80ec8da118510f9aa031ac8bd535c Mon Sep 17 00:00:00 2001
From: Jottyfan <jottyfan@mail.de>
Date: Sun, 17 Dec 2023 20:56:56 +0100
Subject: [PATCH] added basic spring boot security

---
 build.gradle                                  |  4 ++-
 src/main/java/de/jottyfan/bico/Main.java      |  2 ++
 ...Configuration.java => DatabaseConfig.java} |  2 +-
 .../jottyfan/bico/config/SecurityConfig.java  | 34 +++++++++++++++++++
 src/main/resources/application.properties     | 12 -------
 src/main/resources/static/js/stylehelp.js     |  2 +-
 src/main/resources/templates/template.html    |  5 ++-
 7 files changed, 45 insertions(+), 16 deletions(-)
 rename src/main/java/de/jottyfan/bico/config/{DatabaseConfiguration.java => DatabaseConfig.java} (96%)
 create mode 100644 src/main/java/de/jottyfan/bico/config/SecurityConfig.java

diff --git a/build.gradle b/build.gradle
index 00fd421..f3d3213 100644
--- a/build.gradle
+++ b/build.gradle
@@ -8,7 +8,7 @@ plugins {
 }
 
 group = 'de.jottyfan.bico'
-version = '0.0.4'
+version = '0.0.5'
 
 description = """BibleClassOrganizer"""
 
@@ -46,8 +46,10 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-jooq'
 	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
 	implementation 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:latest.release'
+	implementation 'org.springframework.security:spring-security-oauth2-client'
 
   implementation 'org.webjars:bootstrap:5.3.1'
   implementation 'org.webjars.npm:bootstrap-icons:1.10.5'
diff --git a/src/main/java/de/jottyfan/bico/Main.java b/src/main/java/de/jottyfan/bico/Main.java
index bfc3d39..072cb63 100644
--- a/src/main/java/de/jottyfan/bico/Main.java
+++ b/src/main/java/de/jottyfan/bico/Main.java
@@ -4,6 +4,7 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
 /**
  *
@@ -11,6 +12,7 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer
  *
  */
 @SpringBootApplication
+@EnableWebSecurity
 public class Main extends SpringBootServletInitializer {
 	@Override
 	protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
diff --git a/src/main/java/de/jottyfan/bico/config/DatabaseConfiguration.java b/src/main/java/de/jottyfan/bico/config/DatabaseConfig.java
similarity index 96%
rename from src/main/java/de/jottyfan/bico/config/DatabaseConfiguration.java
rename to src/main/java/de/jottyfan/bico/config/DatabaseConfig.java
index 90794c2..5f60cbf 100644
--- a/src/main/java/de/jottyfan/bico/config/DatabaseConfiguration.java
+++ b/src/main/java/de/jottyfan/bico/config/DatabaseConfig.java
@@ -17,7 +17,7 @@ import org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy;
  *
  */
 @Configuration
-public class DatabaseConfiguration {
+public class DatabaseConfig {
 	@Autowired
 	private DataSource dataSource;
 
diff --git a/src/main/java/de/jottyfan/bico/config/SecurityConfig.java b/src/main/java/de/jottyfan/bico/config/SecurityConfig.java
new file mode 100644
index 0000000..3d2fb60
--- /dev/null
+++ b/src/main/java/de/jottyfan/bico/config/SecurityConfig.java
@@ -0,0 +1,34 @@
+package de.jottyfan.bico.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationEventPublisher;
+import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+/**
+ *
+ * @author jotty
+ *
+ */
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+	@Bean
+	@ConditionalOnMissingBean(UserDetailsService.class)
+	InMemoryUserDetailsManager imudm() {
+		return new InMemoryUserDetailsManager(User.withUsername("user").password("{noop}password").roles("USER").build());
+	}
+
+	@Bean
+	@ConditionalOnMissingBean(AuthenticationEventPublisher.class)
+	DefaultAuthenticationEventPublisher daep(ApplicationEventPublisher delegate) {
+		return new DefaultAuthenticationEventPublisher(delegate);
+	}
+}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index a03c303..ec543d1 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -9,17 +9,5 @@ spring.datasource.password = ${db.password}
 
 server.servlet.context-path = ${my.context-path:/BiCO}
 
-# security
-spring.security.oauth2.client.registration.keycloak.client-id = ${keycloak.client-id}
-spring.security.oauth2.client.registration.keycloak.scope = openid
-spring.security.oauth2.client.registration.keycloak.authorization-grant-type = authorization_code
-spring.security.oauth2.client.registration.keycloak.redirect-uri = ${keycloak.redirect-uri}
-spring.security.oauth2.client.provider.keycloak.issuer-uri = ${keycloak.issuer-uri}
-spring.security.oauth2.client.provider.keycloak.authorization-uri = ${keycloak.openid-url}/auth
-spring.security.oauth2.client.provider.keycloak.token-uri = ${keycloak.openid-url}/token
-spring.security.oauth2.client.provider.keycloak.user-info-uri = ${keycloak.openid-url}/userinfo
-spring.security.oauth2.client.provider.keycloak.jwk-set-uri = ${keycloak.openid-url}/certs
-spring.security.oauth2.client.provider.keycloak.user-name-attribute = preferred_username
-
 # for development only
 server.port = 8081
diff --git a/src/main/resources/static/js/stylehelp.js b/src/main/resources/static/js/stylehelp.js
index 1a1fcef..36b620b 100644
--- a/src/main/resources/static/js/stylehelp.js
+++ b/src/main/resources/static/js/stylehelp.js
@@ -1,7 +1,7 @@
 toggleDarkMode = function() {
 	var oldValue = $("html").attr("data-bs-theme");
 	var newValue = oldValue == "dark" ? "light" : "dark";
-	var updateUrl = /*[[@{/updateTheme}]]*/ 'updateTheme';
+	var updateUrl = /*[[@{/updateTheme}]]*/ '/BiCO/updateTheme';
 	updateUrl = updateUrl + "/" + newValue;
 	$("html").attr("data-bs-theme", newValue);
 	$.ajax({
diff --git a/src/main/resources/templates/template.html b/src/main/resources/templates/template.html
index 6e65907..99020b7 100644
--- a/src/main/resources/templates/template.html
+++ b/src/main/resources/templates/template.html
@@ -28,11 +28,14 @@
 			<ul layout:fragment="header"></ul>
 			<ul class="nav navbar-nav ms-auto">
 				<li class="nav-item">
-				  <a href="https://gitlab.com/jottyfan/bico/-/issues" class="btn btn-outline-secondary" target="_blank" th:text="${'v' + @manifestBean.getVersion()}"></a>
+				  <a href="https://git.jottyfan.de/church/BiCO" class="btn btn-outline-secondary" target="_blank" th:text="${'v' + @manifestBean.getVersion()}"></a>
 				</li>
 				<li class="nav-item">
 					<a href="#" class="btn btn-outline-secondary" onclick="toggleDarkMode()"><i class="bi bi-moon"></i></a>
 				</li>
+				<li class="nav-item">
+					<a th:href="@{/logout}" class="btn btn-outline-secondary">abmelden</a>
+				</li>
 			</ul>
 		</div>
 	</nav>