[RELEASE] - Release version: 0.4.0

update registry device to accept admin as well, as registry role
move jwt authentication converter
2025-08-18 11:07:11 +00:00 · 2025-08-18 13:06:28 +02:00 · 2025-08-18 13:06:28 +02:00 · 2025-08-18 13:06:28 +02:00 · 2025-08-18 13:06:28 +02:00 · 2025-08-18 13:06:28 +02:00
7 changed files with 26 additions and 14 deletions
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,5 +1,5 @@
 kotlin.code.style=official
-version=0.3.0
+version=0.4.0
 catalog=0.11.0
 docker.port.expose=8443
 container.port.expose=8443
--- a/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
+++ b/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
@@ -1,7 +1,8 @@
 package ltd.hlaeja.configuration

-import ltd.hlaeja.security.JwtAuthenticationConverter
-import ltd.hlaeja.security.JwtAuthenticationManager
+import ltd.hlaeja.security.authorize.publicPaths
+import ltd.hlaeja.security.converter.JwtAuthenticationConverter
+import ltd.hlaeja.security.manager.JwtAuthenticationManager
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
@@ -55,6 +56,6 @@ class SecurityConfiguration {
    private fun authorizeExchange(
        authorizeExchange: AuthorizeExchangeSpec,
    ) = authorizeExchange
-        .pathMatchers("/login").permitAll()
-        .anyExchange().hasRole("REGISTRY")
+        .publicPaths().permitAll()
+        .anyExchange().hasAnyRole("REGISTRY", "ADMIN")
 }
--- a/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt
@@ -0,0 +1,8 @@
+package ltd.hlaeja.security.authorize
+
+import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
+
+fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
+    "/actuator/**",
+    "/login",
+)
--- a/src/main/kotlin/ltd/hlaeja/security/converter/JwtAuthenticationConverter.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/converter/JwtAuthenticationConverter.kt
@@ -1,9 +1,11 @@
-package ltd.hlaeja.security
+package ltd.hlaeja.security.converter

 import io.github.oshai.kotlinlogging.KotlinLogging
 import io.jsonwebtoken.JwtException
 import java.util.UUID
 import ltd.hlaeja.jwt.service.PublicJwtService
+import ltd.hlaeja.security.user.JwtAuthentication
+import ltd.hlaeja.security.user.JwtUserDetails
 import org.springframework.http.HttpStatus.UNAUTHORIZED
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.authority.SimpleGrantedAuthority
@@ -40,14 +42,14 @@ class JwtAuthenticationConverter(
        }

    private fun jwtAuthenticationToken(token: String) = publicJwtService.verify(token) { claims ->
-        JwtAuthenticationToken(
+        JwtAuthentication(
            JwtUserDetails(
                UUID.fromString(claims.payload["id"] as String),
                claims.payload["username"] as String,
            ),
            token,
            (claims.payload["role"] as String).split(",")
-                .map { SimpleGrantedAuthority(it) }
+                .map { SimpleGrantedAuthority("ROLE_$it") }
                .toMutableList(),
            true,
        )
--- a/src/main/kotlin/ltd/hlaeja/security/manager/JwtAuthenticationManager.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/manager/JwtAuthenticationManager.kt
@@ -1,5 +1,6 @@
-package ltd.hlaeja.security
+package ltd.hlaeja.security.manager

+import ltd.hlaeja.security.user.JwtAuthentication
 import org.springframework.security.authentication.ReactiveAuthenticationManager
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.AuthenticationException
@@ -11,14 +12,14 @@ class JwtAuthenticationManager : ReactiveAuthenticationManager {

    override fun authenticate(
        authentication: Authentication,
-    ): Mono<Authentication> = if (authentication is JwtAuthenticationToken) {
+    ): Mono<Authentication> = if (authentication is JwtAuthentication) {
        handleJwtToken(authentication)
    } else {
        Mono.error(object : AuthenticationException("Unsupported authentication type") {})
    }

    private fun handleJwtToken(
-        token: JwtAuthenticationToken,
+        token: JwtAuthentication,
    ): Mono<Authentication> = if (token.isAuthenticated) {
        Mono.just(token)
    } else {
--- a/src/main/kotlin/ltd/hlaeja/security/user/JwtAuthentication.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/user/JwtAuthentication.kt
@@ -1,9 +1,9 @@
-package ltd.hlaeja.security
+package ltd.hlaeja.security.user

 import org.springframework.security.core.Authentication
 import org.springframework.security.core.GrantedAuthority

-data class JwtAuthenticationToken(
+data class JwtAuthentication(
    private val jwtUserDetails: JwtUserDetails,
    private val token: String,
    private var authorities: MutableCollection<out GrantedAuthority>,
--- a/src/main/kotlin/ltd/hlaeja/security/user/JwtUserDetails.kt
+++ b/src/main/kotlin/ltd/hlaeja/security/user/JwtUserDetails.kt
@@ -1,4 +1,4 @@
-package ltd.hlaeja.security
+package ltd.hlaeja.security.user

 import java.util.UUID
Author	SHA1	Message	Date
audapi	c7a824702e	[RELEASE] - Release version: 0.4.0	2025-08-18 11:07:11 +00:00
Swordsteel	adefbb465e	update registry device to accept admin as well, as registry role	2025-08-18 13:06:28 +02:00
Swordsteel	46a4852257	move jwt authentication converter	2025-08-18 13:06:28 +02:00
Swordsteel	7a910c8428	move jwt authentication manager	2025-08-18 13:06:28 +02:00
Swordsteel	b070a22b0e	move jwt user and jwt authentication	2025-08-18 13:06:28 +02:00
Swordsteel	e19e0e59bc	update public path	2025-08-18 13:06:28 +02:00
audapi	c69a9cd07c	[RELEASE] - Bump version	2025-07-29 18:46:56 +00:00