You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/10 17:28:47 UTC
[isis] 01/03: ISIS-2605: docs for spring oauth2
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch ISIS-2605
in repository https://gitbox.apache.org/repos/asf/isis.git
commit 473c4ce16546f5fd767e864a4d1c267353ba4758
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Sat Apr 10 18:02:16 2021 +0100
ISIS-2605: docs for spring oauth2
---
.../pages/index/annotation/ActionLayout.adoc | 2 --
.../pages/index/annotation/CollectionLayout.adoc | 2 --
.../pages/index/annotation/PropertyLayout.adoc | 2 --
.../pages/index/services/user/UserMemento.adoc | 1 +
.../impl/IsisModuleExtJaxRsClientImpl.adoc | 12 ++++++++++
.../authconverters/AuthenticationConverter.adoc | 27 ++++++++++++++++++++++
.../partials/_application-layer-spi.adoc | 6 +++++
.../modules/applib-svc/partials/module-nav.adoc | 2 --
security/spring/src/main/adoc/antora.yml | 2 +-
.../src/main/adoc/modules/spring/pages/about.adoc | 8 +++++--
.../security/spring/IsisModuleSecuritySpring.java | 4 ++--
...thenticationConverterOfOuth2UserPrincipal.java} | 8 +++----
12 files changed, 59 insertions(+), 17 deletions(-)
diff --git a/antora/components/refguide-index/modules/applib/pages/index/annotation/ActionLayout.adoc b/antora/components/refguide-index/modules/applib/pages/index/annotation/ActionLayout.adoc
index 3d39737..3fe90b6 100644
--- a/antora/components/refguide-index/modules/applib/pages/index/annotation/ActionLayout.adoc
+++ b/antora/components/refguide-index/modules/applib/pages/index/annotation/ActionLayout.adoc
@@ -178,8 +178,6 @@ The order of this member relative to other members in the same (layout) group, g
An alternative is to use the `Xxx.layout.xml` file, where `Xxx` is the domain object name.
-include::hooks/Action-Collection-PropertyLayout-FieldSet-examples-and-usage.adoc[]
-
include::hooks/ActionLayout_010-examples-and-usage.adoc[]
include::hooks/ActionLayout_021-promptStyle.adoc[]
diff --git a/antora/components/refguide-index/modules/applib/pages/index/annotation/CollectionLayout.adoc b/antora/components/refguide-index/modules/applib/pages/index/annotation/CollectionLayout.adoc
index 6f306e2..cd32341 100644
--- a/antora/components/refguide-index/modules/applib/pages/index/annotation/CollectionLayout.adoc
+++ b/antora/components/refguide-index/modules/applib/pages/index/annotation/CollectionLayout.adoc
@@ -135,8 +135,6 @@ However, in some circumstances the ordering of collection may be different to th
The purpose of this annotation is to provide a _java.util.Comparator_ such that the collection may be sorted in an order more suitable to the context.
-include::hooks/Action-Collection-PropertyLayout-FieldSet-examples-and-usage.adoc[]
-
include::hooks/CollectionLayout_010-examples-and-usage.adoc[]
include::hooks/CollectionLayout_021-defaultView.adoc[]
diff --git a/antora/components/refguide-index/modules/applib/pages/index/annotation/PropertyLayout.adoc b/antora/components/refguide-index/modules/applib/pages/index/annotation/PropertyLayout.adoc
index e2ef23e..c26a339 100644
--- a/antora/components/refguide-index/modules/applib/pages/index/annotation/PropertyLayout.adoc
+++ b/antora/components/refguide-index/modules/applib/pages/index/annotation/PropertyLayout.adoc
@@ -228,8 +228,6 @@ The typical entry length of a field, use to determine the optimum width for disp
Note: the Wicket viewer does not use this information.
-include::hooks/Action-Collection-PropertyLayout-FieldSet-examples-and-usage.adoc[]
-
include::hooks/PropertyLayout_010-examples-and-usage.adoc[]
include::hooks/PropertyLayout_021_labelPosition.adoc[]
diff --git a/antora/components/refguide-index/modules/applib/pages/index/services/user/UserMemento.adoc b/antora/components/refguide-index/modules/applib/pages/index/services/user/UserMemento.adoc
index 8c3d0d7..7a78bdb 100644
--- a/antora/components/refguide-index/modules/applib/pages/index/services/user/UserMemento.adoc
+++ b/antora/components/refguide-index/modules/applib/pages/index/services/user/UserMemento.adoc
@@ -15,6 +15,7 @@ class UserMemento {
UserMemento ofNameAndRoles(final String name, final RoleMemento... roles) // <.>
UserMemento ofNameAndRoleNames(final String name, final String... roleNames) // <.>
UserMemento ofNameAndRoleNames(final String name, final Stream<String> roleNames) // <.>
+ UserMemento withRole(String role)
String title()
List<RoleMemento> getRoles()
boolean isCurrentUser(final String userName) // <.>
diff --git a/antora/components/refguide-index/modules/extensions/pages/index/jaxrsclient/impl/IsisModuleExtJaxRsClientImpl.adoc b/antora/components/refguide-index/modules/extensions/pages/index/jaxrsclient/impl/IsisModuleExtJaxRsClientImpl.adoc
new file mode 100644
index 0000000..508f7f1
--- /dev/null
+++ b/antora/components/refguide-index/modules/extensions/pages/index/jaxrsclient/impl/IsisModuleExtJaxRsClientImpl.adoc
@@ -0,0 +1,12 @@
+= IsisModuleExtJaxRsClientImpl
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+
+== API
+
+[source,java]
+.IsisModuleExtJaxRsClientImpl.java
+----
+class IsisModuleExtJaxRsClientImpl {
+}
+----
+
diff --git a/antora/components/refguide-index/modules/security/pages/index/spring/authconverters/AuthenticationConverter.adoc b/antora/components/refguide-index/modules/security/pages/index/spring/authconverters/AuthenticationConverter.adoc
new file mode 100644
index 0000000..95e87ec
--- /dev/null
+++ b/antora/components/refguide-index/modules/security/pages/index/spring/authconverters/AuthenticationConverter.adoc
@@ -0,0 +1,27 @@
+= AuthenticationConverter _(interface)_
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+
+Defines an SPI to attempt to convert a Spring _Authentication_ into an Apache Isis xref:refguide:applib:index/services/user/UserMemento.adoc[UserMemento] .
+
+The _Authentication_ will have already been verified as having been _Authentication#isAuthenticated() authenticated_ .
+
+Implementations should be defined as Spring _org.springframework.stereotype.Component_ s and added to the _org.springframework.context.annotation.Configuration application context_ either by being _org.springframework.context.annotation.Import imported_ explicitly or implicitly through _org.springframework.context.annotation.ComponentScan_ .
+
+All known converters are checked one by one, but checking stops once one converter has successively converted the _Authentication_ into a xref:refguide:applib:index/services/user/UserMemento.adoc[UserMemento] (in other words, chain-of-responsibility pattern). Use the _org.springframework.core.Ordered_ to influence the order in which converter implementations are checked.
+
+== API
+
+[source,java]
+.AuthenticationConverter.java
+----
+interface AuthenticationConverter {
+ UserMemento convert(final Authentication authentication) // <.>
+}
+----
+
+<.> xref:#convert__Authentication[convert(Authentication)]
+
+== Members
+
+[#convert__Authentication]
+=== convert(Authentication)
diff --git a/antora/components/refguide/modules/applib-svc/partials/_application-layer-spi.adoc b/antora/components/refguide/modules/applib-svc/partials/_application-layer-spi.adoc
index a38b7c5..8a19745 100644
--- a/antora/components/refguide/modules/applib-svc/partials/_application-layer-spi.adoc
+++ b/antora/components/refguide/modules/applib-svc/partials/_application-layer-spi.adoc
@@ -14,6 +14,12 @@ Domain service SPIs influence how the framework handles application layer concer
+|xref:refguide:security:index/spring/authconverters/AuthenticationConverter.adoc[AuthenticationConverter]
+|SPI service for xref:security:spring:about.adoc[Spring Security] to convert a Spring link:https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/Authentication.html[Authentication] into an Apache Isis xref:refguide:applib:index/services/user/UserMemento.adoc[UserMemento].
+
+Several implementations are provided by default for most of the common representations of a user principal.
+This SPI does though provide additional flexibility for other security technologies that may be supported by link:https://spring.io/projects/spring-security[Spring].
+
|xref:refguide:applib:index/services/publishing/spi/CommandSubscriber.adoc[CommandSubscriber]
|SPI service to listen on command instances, ie representations of an action invocation or property edit.
Used for command/auditing and background services.
diff --git a/antora/components/refguide/modules/applib-svc/partials/module-nav.adoc b/antora/components/refguide/modules/applib-svc/partials/module-nav.adoc
index b8f6e0b..e8fac08 100644
--- a/antora/components/refguide/modules/applib-svc/partials/module-nav.adoc
+++ b/antora/components/refguide/modules/applib-svc/partials/module-nav.adoc
@@ -1,6 +1,4 @@
-
-
* xref:refguide:applib-svc:about.adoc[Domain Services]
** xref:refguide:applib:index/services/acceptheader/AcceptHeaderService.adoc[AcceptHeaderService]
diff --git a/security/spring/src/main/adoc/antora.yml b/security/spring/src/main/adoc/antora.yml
index 600e2fb..2be1151 100644
--- a/security/spring/src/main/adoc/antora.yml
+++ b/security/spring/src/main/adoc/antora.yml
@@ -16,4 +16,4 @@
# under the License.
name: security
-version: 2.0.0-M5
+version: latest
diff --git a/security/spring/src/main/adoc/modules/spring/pages/about.adoc b/security/spring/src/main/adoc/modules/spring/pages/about.adoc
index 216d446..972cd20 100644
--- a/security/spring/src/main/adoc/modules/spring/pages/about.adoc
+++ b/security/spring/src/main/adoc/modules/spring/pages/about.adoc
@@ -91,6 +91,7 @@ For an authenticated user the `org.apache.isis.viewer.wicket.roles.USER` role --
+[#walk-through-in-memory]
== Walk-through : In-memory
Using Spring Security we can configure your app with various authentication providers.
@@ -171,6 +172,7 @@ You will see that the usual login page is replaced by one provided by Spring:
image::spring-security-login.png[width=300px]
+[#walk-through-oauth2]
== Walk-through : OAuth2
Using Spring Security we can configure your app with various authentication providers.
@@ -331,5 +333,7 @@ image::github-sign-in-again.png[width=600px]
== AuthenticatorConverter SPI
-The module provides a number of implementations of `AuthenticatorConverter` that (attempt to) convet a Spring `Authentication` object into an Apache Isis `UserMemento`.
-This is however intended as an SPI; provide additional implementations as necessary for other security technologies.
+The module provides a number of implementations of xref:refguide:security:index/spring/authconverters/AuthenticationConverter.adoc[AuthenticationConverter] that (attempt to) convert a Spring `Authentication` object into an Apache Isis `UserMemento`.
+
+Several implementations are provided by default for most of the common representations of a user principal, including support for link:https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetails.html[UserDetails] (as returned in the <<walk-through-in-memory,in-memory walk through above>>) and link:https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/core/user/OAuth2User.html[OAuth2User] [...]
+This SPI does though provide additional flexibility for other security technologies that may be supported by link:https://spring.io/projects/spring-security[Spring].
diff --git a/security/spring/src/main/java/org/apache/isis/security/spring/IsisModuleSecuritySpring.java b/security/spring/src/main/java/org/apache/isis/security/spring/IsisModuleSecuritySpring.java
index 3cdafcf..2a5e197 100644
--- a/security/spring/src/main/java/org/apache/isis/security/spring/IsisModuleSecuritySpring.java
+++ b/security/spring/src/main/java/org/apache/isis/security/spring/IsisModuleSecuritySpring.java
@@ -34,7 +34,7 @@ import org.springframework.security.web.csrf.CsrfFilter;
import org.apache.isis.core.config.IsisConfiguration;
import org.apache.isis.core.runtimeservices.IsisModuleCoreRuntimeServices;
import org.apache.isis.security.spring.authconverters.AuthenticationConverterOfAuthenticatedPrincipal;
-import org.apache.isis.security.spring.authconverters.AuthenticationConverterOfOauth2UserPrincipal;
+import org.apache.isis.security.spring.authconverters.AuthenticationConverterOfOuth2UserPrincipal;
import org.apache.isis.security.spring.authconverters.AuthenticationConverterOfStringPrincipal;
import org.apache.isis.security.spring.authconverters.AuthenticationConverterOfUserDetailsPrincipal;
import org.apache.isis.security.spring.authentication.AuthenticatorSpring;
@@ -54,7 +54,7 @@ import lombok.extern.log4j.Log4j2;
// @Component's
AuthenticationConverterOfAuthenticatedPrincipal.class,
- AuthenticationConverterOfOauth2UserPrincipal.class,
+ AuthenticationConverterOfOuth2UserPrincipal.class,
AuthenticationConverterOfStringPrincipal.class,
AuthenticationConverterOfUserDetailsPrincipal.class,
diff --git a/security/spring/src/main/java/org/apache/isis/security/spring/authconverters/AuthenticationConverterOfOauth2UserPrincipal.java b/security/spring/src/main/java/org/apache/isis/security/spring/authconverters/AuthenticationConverterOfOuth2UserPrincipal.java
similarity index 83%
rename from security/spring/src/main/java/org/apache/isis/security/spring/authconverters/AuthenticationConverterOfOauth2UserPrincipal.java
rename to security/spring/src/main/java/org/apache/isis/security/spring/authconverters/AuthenticationConverterOfOuth2UserPrincipal.java
index 2c0aad1..b4b0f28 100644
--- a/security/spring/src/main/java/org/apache/isis/security/spring/authconverters/AuthenticationConverterOfOauth2UserPrincipal.java
+++ b/security/spring/src/main/java/org/apache/isis/security/spring/authconverters/AuthenticationConverterOfOuth2UserPrincipal.java
@@ -32,17 +32,17 @@ import lombok.val;
*/
@Component
@Order(OrderPrecedence.LATE - 150)
-public class AuthenticationConverterOfOauth2UserPrincipal implements AuthenticationConverter {
+public class AuthenticationConverterOfOuth2UserPrincipal implements AuthenticationConverter {
@Override
public UserMemento convert(Authentication authentication) {
val principal = authentication.getPrincipal();
if (principal instanceof OAuth2User) {
val oAuth2User = (OAuth2User) principal;
- final Object login = oAuth2User.getAttributes().get("login");
+ final Object loginAttr = oAuth2User.getAttributes().get("login");
val principalIdentity =
- login instanceof CharSequence
- ? ((CharSequence) login).toString()
+ loginAttr instanceof CharSequence
+ ? ((CharSequence) loginAttr).toString()
: oAuth2User.getName();
return UserMemento.ofNameAndRoleNames(principalIdentity);
}