Remove http basic from keycloak configuration

consiglionazionaledellericerche · May 2, 2023 · 84d9cec · 84d9cec
1 parent 3bc04d6
commit 84d9cec
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/cool-jconon-keycloak/src/main/java/it/cnr/si/cool/jconon/config/KeycloakConfiguration.java b/cool-jconon-keycloak/src/main/java/it/cnr/si/cool/jconon/config/KeycloakConfiguration.java
@@ -17,14 +17,15 @@
 package it.cnr.si.cool.jconon.config;
 
 import it.cnr.cool.rest.SecurityRest;
-import it.cnr.cool.service.PageModel;
 import it.cnr.cool.service.PageService;
-import org.keycloak.adapters.KeycloakConfigResolver;
-import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint;
 import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
 import org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler;
 import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.keycloak.adapters.springsecurity.filter.AdapterStateCookieRequestMatcher;
 import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
+import org.keycloak.adapters.springsecurity.filter.QueryParamPresenceRequestMatcher;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -38,8 +39,10 @@
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
 
-import java.util.*;
+import java.util.Optional;
 
 @Configuration
 @EnableWebSecurity
@@ -68,8 +71,6 @@ protected void configure(HttpSecurity http) throws Exception {
                 .antMatchers("/**")
                 .permitAll()
                 .and()
-                .httpBasic()
-                .and()
                 .logout()
                 .addLogoutHandler(customKeycloakLogoutHandler())
                 .logoutUrl("/sso/logout").permitAll()
@@ -108,6 +109,13 @@ protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessin
         KeycloakAuthenticationProcessingFilter filter = new KeycloakAuthenticationProcessingFilter(authenticationManagerBean());
         filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
         filter.setAuthenticationSuccessHandler(successHandler());
+        filter.setRequiresAuthenticationRequestMatcher(
+                new OrRequestMatcher(
+                        new AntPathRequestMatcher(KeycloakAuthenticationEntryPoint.DEFAULT_LOGIN_URI),
+                        new QueryParamPresenceRequestMatcher(OAuth2Constants.ACCESS_TOKEN),
+                        new AdapterStateCookieRequestMatcher()
+                )
+        );
         return filter;
     }