Expose auth type as ENV (#253)

* Expose auth type as ENV A follow-up to #212
wultra · Oct 8, 2024 · 71077a2 · 71077a2
1 parent 20b2900
commit 71077a2
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 10 deletions.
diff --git a/deploy/env.list.tmp b/deploy/env.list.tmp
@@ -4,5 +4,6 @@ USER_DATA_STORE_DATASOURCE_PASSWORD=$PASSWORD$
 # Master DB encryption key (AES-256, key length of 32 bytes, base64 encoded) to derive server private keys for the encryption of sensitive data in the database, an empty value means no encryption
 USER_DATA_STORE_MASTER_ENCRYPTION_KEY=
 USER_DATA_STORE_LOGGING=
-SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_JWT_ISSUER_URI=
-SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_JWT_AUDIENCES=
+USER_DATA_STORE_SECURITY_AUTH_TYPE=BASIC_HTTP
+SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI=
+SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_AUDIENCES=
diff --git a/docs/Configuration-Properties.md b/docs/Configuration-Properties.md
@@ -31,12 +31,12 @@ The name of the role is case-sensitive.
 (Mind that the role name without the `ROLE_` prefix is used, unlike the basic authentication where the authority is inserted in the database table `uds_authorities`.)
 The claim name may be changed in the configuration `user-data-store.security.auth.oauth2.roles-claim=roles`.
 
-| Property                                                | Default Value | Description                                                                                                                           |
-|---------------------------------------------------------|---------------|---------------------------------------------------------------------------------------------------------------------------------------|
-| `user-data-store.security.auth.type`                    | `BASIC_HTTP`  | `BASIC_HTTP` for basic HTTP authentication or `OAUTH` for OpenID Connect. If OAUTH enabled, the properties bellow must be configured. |
-| `user-data-store.security.auth.oauth2.roles-claim`      | `roles`       | A name of the claim in the JWT that contains the user roles.                                                                          |
-| `spring.security.oauth2.resource-server.jwt.issuer-uri` |               | URL of the provider, e.g. `https://sts.windows.net/example/`                                                                          |
-| `spring.security.oauth2.resource-server.jwt.audiences`  |               | A comma-separated list of allowed `aud` JWT claim values to be validated.                                                             |
+| Property                                                | Default Value | Description                                                                                                                            |
+|---------------------------------------------------------|---------------|----------------------------------------------------------------------------------------------------------------------------------------|
+| `user-data-store.security.auth.type`                    | `BASIC_HTTP`  | `BASIC_HTTP` for basic HTTP authentication or `OAUTH2` for OpenID Connect. If OAUTH enabled, the properties bellow must be configured. |
+| `user-data-store.security.auth.oauth2.roles-claim`      | `roles`       | A name of the claim in the JWT that contains the user roles.                                                                           |
+| `spring.security.oauth2.resource-server.jwt.issuer-uri` |               | URL of the provider, e.g. `https://sts.windows.net/example/`                                                                           |
+| `spring.security.oauth2.resource-server.jwt.audiences`  |               | A comma-separated list of allowed `aud` JWT claim values to be validated.                                                              |
 
 See the [Spring Security documentation](https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html#oauth2-client-log-users-in) and [OpenID Connect UserInfo endpoint](https://connect2id.com/products/server/docs/api/userinfo) for details.
 

diff --git a/...rver/src/main/java/com/wultra/security/userdatastore/config/WebSecurityConfiguration.java b/...rver/src/main/java/com/wultra/security/userdatastore/config/WebSecurityConfiguration.java
@@ -60,7 +60,7 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
             logger.info("Initializing HTTP basic authentication.");
             http.httpBasic(httpBasic -> httpBasic.realmName(realm));
         } else if (authType == AuthType.OAUTH2) {
-            logger.info("Initializing AUTH2 authentication.");
+            logger.info("Initializing OAUTH2 authentication.");
             http.oauth2ResourceServer(oauth2 -> oauth2.jwt(configurer ->
                     configurer.jwtAuthenticationConverter(jwtAuthenticationConverter(rolesClaim))));
         }

diff --git a/user-data-store-server/src/main/resources/application.properties b/user-data-store-server/src/main/resources/application.properties
@@ -16,7 +16,7 @@ spring.jpa.open-in-view=false
 spring.jmx.default-domain=user-data-store
 
 user-data-store.security.basic.realm=User Data Store
-user-data-store.security.auth.type=BASIC_HTTP
+user-data-store.security.auth.type=${USER_DATA_STORE_SECURITY_AUTH_TYPE:BASIC_HTTP}
 
 # OAuth2 Settings
 user-data-store.security.auth.oauth2.roles-claim=roles