gw2auth
diff --git a/‎.github/workflows/build.yml
Lines changed: 0 additions & 13 deletions b/‎.github/workflows/build.yml
Lines changed: 0 additions & 13 deletions
diff --git a/‎.github/workflows/docker.yml
Lines changed: 0 additions & 14 deletions b/‎.github/workflows/docker.yml
Lines changed: 0 additions & 14 deletions
diff --git a/‎pom.xml
Lines changed: 2 additions & 2 deletions b/‎pom.xml
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/main/java/com/gw2auth/oauth2/server/adapt/Gw2AuthAuthenticationManagerResolver.java
Lines changed: 9 additions & 59 deletions b/‎src/main/java/com/gw2auth/oauth2/server/adapt/Gw2AuthAuthenticationManagerResolver.java
Lines changed: 9 additions & 59 deletions
diff --git a/‎src/main/java/com/gw2auth/oauth2/server/adapt/Gw2AuthSecurityContextRepository.java
Lines changed: 92 additions & 0 deletions b/‎src/main/java/com/gw2auth/oauth2/server/adapt/Gw2AuthSecurityContextRepository.java
Lines changed: 92 additions & 0 deletions
diff --git a/‎src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ServerConfiguration.java
Lines changed: 1 addition & 4 deletions b/‎src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ServerConfiguration.java
Lines changed: 1 addition & 4 deletions
@@ -13,19 +13,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/checkout@v3
-        with:
-          repository: "its-felix/spring-authorization-server"
-          ref: "maven-publish"
-          path: "spring-authorization-server"
-      - name: "Set up JDK 8"
-        uses: actions/setup-java@v3
-        with:
-          distribution: "adopt"
-          java-version: "8"
-          cache: "maven"
-      - name: "Build spring-authorization-server"
-        run: (cd spring-authorization-server && ./gradlew build publishToMavenLocal && cd .. && rm -rf spring-authorization-server)
       - name: "Set up JDK 16"
         uses: actions/setup-java@v3
         with:
 
@@ -10,20 +10,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/checkout@v3
-        with:
-          repository: "its-felix/spring-authorization-server"
-          ref: "maven-publish"
-          path: "spring-authorization-server"
-      - name: "Set up JDK 8"
-        uses: actions/setup-java@v3
-        with:
-          distribution: "adopt"
-          java-version: "8"
-          cache: "maven"
-      - name: "Build spring-authorization-server"
-        run: (cd spring-authorization-server && ./gradlew build publishToMavenLocal && cd .. && rm -rf spring-authorization-server)
-      - uses: actions/checkout@v3
       - name: "Set up JDK 16"
         uses: actions/setup-java@v3
         with:
 
@@ -6,7 +6,7 @@
 
     <groupId>com.gw2auth</groupId>
     <artifactId>oauth2-server</artifactId>
-    <version>1.28.0</version>
+    <version>1.29.0</version>
     <packaging>jar</packaging>
 
     <parent>
@@ -48,7 +48,7 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-oauth2-authorization-server</artifactId>
-            <version>0.4.0-SNAPSHOT</version>
+            <version>0.3.0</version>
         </dependency>
 
         <dependency>
 
@@ -1,69 +1,19 @@
 package com.gw2auth.oauth2.server.adapt;
 
-import com.fasterxml.jackson.annotation.*;
-import com.gw2auth.oauth2.server.service.user.Gw2AuthTokenUserService;
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonGetter;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.gw2auth.oauth2.server.service.user.Gw2AuthUserV2;
-import com.gw2auth.oauth2.server.util.Constants;
-import com.gw2auth.oauth2.server.util.CookieHelper;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
-import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.util.Collection;
-import java.util.Objects;
-import java.util.Optional;
 
-public class Gw2AuthAuthenticationManagerResolver implements AuthenticationManagerResolver<HttpServletRequest>, AuthenticationManager {
-
-    private final Gw2AuthTokenUserService gw2AuthTokenUserService;
-
-    public Gw2AuthAuthenticationManagerResolver(Gw2AuthTokenUserService gw2AuthTokenUserService) {
-        this.gw2AuthTokenUserService = gw2AuthTokenUserService;
-    }
-
-    @Override
-    public AuthenticationManager resolve(HttpServletRequest context) {
-        return this;
-    }
-
-    @Override
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        if (authentication instanceof BearerTokenAuthenticationToken token) {
-            return authenticate(token.getToken());
-        } else {
-            throw new IllegalArgumentException("expected BearerTokenAuthenticationToken");
-        }
-    }
-
-    private Authentication authenticate(String token) throws AuthenticationException {
-        final Optional<Gw2AuthUserV2> optionalGw2AuthUser = this.gw2AuthTokenUserService.resolveUserForToken(token);
-        if (optionalGw2AuthUser.isEmpty()) {
-            clearCookie();
-            throw new InvalidBearerTokenException("invalid session token");
-        }
-
-        return new Gw2AuthUserAuthentication(optionalGw2AuthUser.get());
-    }
-
-    private void clearCookie() {
-        final ServletRequestAttributes servletRequestAttributes = Optional.ofNullable(RequestContextHolder.getRequestAttributes())
-                .filter(ServletRequestAttributes.class::isInstance)
-                .map(ServletRequestAttributes.class::cast)
-                .orElseThrow();
-
-        final HttpServletRequest request = Objects.requireNonNull(servletRequestAttributes.getRequest());
-        final HttpServletResponse response = Objects.requireNonNull(servletRequestAttributes.getResponse());
-
-        CookieHelper.clearCookie(request, response, Constants.ACCESS_TOKEN_COOKIE_NAME);
-    }
+/*
+Not used but don't move / rename since the fully qualified classname is persisted for older entries
+ */
+public class Gw2AuthAuthenticationManagerResolver {
 
     @JsonAutoDetect(
             fieldVisibility = JsonAutoDetect.Visibility.NONE,
@@ -72,7 +22,7 @@ private void clearCookie() {
             isGetterVisibility = JsonAutoDetect.Visibility.NONE,
             creatorVisibility = JsonAutoDetect.Visibility.NONE
     )
-    private static class Gw2AuthUserAuthentication implements Authentication {
+    public static class Gw2AuthUserAuthentication implements Authentication {
 
         private final Gw2AuthUserV2 gw2AuthUser;
         private boolean isAuthenticated;
 
@@ -0,0 +1,92 @@
+package com.gw2auth.oauth2.server.adapt;
+
+import com.gw2auth.oauth2.server.service.account.AccountFederationSession;
+import com.gw2auth.oauth2.server.service.user.Gw2AuthLoginUser;
+import com.gw2auth.oauth2.server.service.user.Gw2AuthTokenUserService;
+import com.gw2auth.oauth2.server.service.user.Gw2AuthUserV2;
+import com.gw2auth.oauth2.server.util.Constants;
+import com.gw2auth.oauth2.server.util.CookieHelper;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
+import org.springframework.security.web.context.HttpRequestResponseHolder;
+import org.springframework.security.web.context.SecurityContextRepository;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.function.Supplier;
+
+public class Gw2AuthSecurityContextRepository implements SecurityContextRepository {
+
+    private final Gw2AuthInternalJwtConverter jwtConverter;
+    private final Gw2AuthTokenUserService gw2AuthTokenUserService;
+    private final BearerTokenResolver bearerTokenResolver;
+
+    public Gw2AuthSecurityContextRepository(Gw2AuthInternalJwtConverter jwtConverter, Gw2AuthTokenUserService gw2AuthTokenUserService) {
+        this.jwtConverter = jwtConverter;
+        this.gw2AuthTokenUserService = gw2AuthTokenUserService;
+        this.bearerTokenResolver = new CookieBearerTokenResolver(Constants.ACCESS_TOKEN_COOKIE_NAME);
+    }
+
+    @Override
+    public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
+        SecurityContext context = loadContext(requestResponseHolder.getRequest()).get();
+        if (context == null) {
+            context = SecurityContextHolder.createEmptyContext();
+        }
+
+        return context;
+    }
+
+    @Override
+    public Supplier<SecurityContext> loadContext(HttpServletRequest request) {
+        return new SecurityContextSupplier(request);
+    }
+
+    @Override
+    public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
+        final Authentication authentication = context.getAuthentication();
+        if (authentication != null && authentication.isAuthenticated()) {
+            final Object principal = authentication.getPrincipal();
+            if (principal instanceof Gw2AuthLoginUser user) {
+                final AccountFederationSession session = user.session();
+                final Jwt jwt = this.jwtConverter.writeJWT(session.id(), session.creationTime(), session.expirationTime());
+                CookieHelper.addCookie(request, response, Constants.ACCESS_TOKEN_COOKIE_NAME, jwt.getTokenValue(), jwt.getExpiresAt());
+            }
+        } else {
+            CookieHelper.clearCookie(request, response, Constants.ACCESS_TOKEN_COOKIE_NAME);
+        }
+    }
+
+    @Override
+    public boolean containsContext(HttpServletRequest request) {
+        return loadContext(request).get() != null;
+    }
+
+    private final class SecurityContextSupplier implements Supplier<SecurityContext> {
+
+        private final HttpServletRequest request;
+
+        private SecurityContextSupplier(HttpServletRequest request) {
+            this.request = request;
+        }
+
+        @Override
+        public SecurityContext get() {
+            SecurityContext securityContext = null;
+
+            final String jwtString = Gw2AuthSecurityContextRepository.this.bearerTokenResolver.resolve(this.request);
+            if (jwtString != null) {
+                final Gw2AuthUserV2 user = Gw2AuthSecurityContextRepository.this.gw2AuthTokenUserService.resolveUserForToken(jwtString).orElse(null);
+                if (user != null) {
+                    securityContext = new SecurityContextImpl(new Gw2AuthAuthenticationManagerResolver.Gw2AuthUserAuthentication(user));
+                }
+            }
+
+            return securityContext;
+        }
+    }
+}
@@ -18,7 +18,6 @@
 import org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
 import org.springframework.security.web.SecurityFilterChain;
@@ -89,8 +88,7 @@ public SecurityFilterChain oauth2ServerHttpSecurityFilterChain(HttpSecurity http
                                                                    OAuth2AuthorizationServerConfigurer<HttpSecurity> configurer,
                                                                    Customizer<SecurityContextConfigurer<HttpSecurity>> securityContextCustomizer,
                                                                    Customizer<RequestCacheConfigurer<HttpSecurity>> requestCacheCustomizer,
-                                                                   Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer,
-                                                                   Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer) throws Exception {
+                                                                   Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer) throws Exception {
 
         // This configuration is only for requests matched by the RequestMatcher
         // (that is, only OAuth2 AUTHORIZATION requests -> requests where this application acts as a OAuth2 server, not a client)
@@ -102,7 +100,6 @@ public SecurityFilterChain oauth2ServerHttpSecurityFilterChain(HttpSecurity http
                 .securityContext(securityContextCustomizer)
                 .requestCache(requestCacheCustomizer)
                 .oauth2Login(oauth2LoginCustomizer)
-                .oauth2ResourceServer(oauth2ResourceServerCustomizer)
                 .apply(configurer);
 
         return http.build();