Merge AutoConfig and Edit AuthenticationManagerResolver behavior

Author: mehrabisajad

grpc-server-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/server/autoconfigure/GrpcServerSecurityAutoConfiguration.java

@@ -25,14 +25,12 @@
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.core.AuthenticationException;
 
 import net.devh.boot.grpc.server.security.authentication.GrpcAuthenticationReader;
 import net.devh.boot.grpc.server.security.check.GrpcSecurityMetadataSource;
-import net.devh.boot.grpc.server.security.interceptors.AuthenticatingServerInterceptor;
-import net.devh.boot.grpc.server.security.interceptors.AuthorizationCheckingServerInterceptor;
-import net.devh.boot.grpc.server.security.interceptors.DefaultAuthenticatingServerInterceptor;
-import net.devh.boot.grpc.server.security.interceptors.ExceptionTranslatingServerInterceptor;
+import net.devh.boot.grpc.server.security.interceptors.*;
 
 /**
  * Auto configuration class with the required beans for the spring-security configuration of the grpc server.
@@ -59,7 +57,7 @@
  * @author Daniel Theuke (daniel.theuke@heuboe.de)
  */
 @Configuration(proxyBeanMethods = false)
-@ConditionalOnBean(AuthenticationManager.class)
+@ConditionalOnBean(GrpcAuthenticationReader.class)
 @AutoConfigureAfter(SecurityAutoConfiguration.class)
 public class GrpcServerSecurityAutoConfiguration {
 
@@ -83,13 +81,31 @@ public ExceptionTranslatingServerInterceptor exceptionTranslatingServerIntercept
      * @return The authenticatingServerInterceptor bean.
      */
     @Bean
+    @ConditionalOnBean(AuthenticationManager.class)
     @ConditionalOnMissingBean(AuthenticatingServerInterceptor.class)
     public DefaultAuthenticatingServerInterceptor authenticatingServerInterceptor(
             final AuthenticationManager authenticationManager,
             final GrpcAuthenticationReader authenticationReader) {
         return new DefaultAuthenticatingServerInterceptor(authenticationManager, authenticationReader);
     }
 
+    /**
+     * The security interceptor that handles the authentication of requests.
+     *
+     * @param grpcAuthenticationManagerResolver The authentication manager resolver used to verify the credentials.
+     * @param authenticationReader The authentication reader used to extract the credentials from the call.
+     * @return The authenticatingServerInterceptor bean.
+     */
+    @Bean
+    @ConditionalOnBean(parameterizedContainer = AuthenticationManagerResolver.class, value = GrpcServerRequest.class)
+    @ConditionalOnMissingBean(AuthenticatingServerInterceptor.class)
+    public ManagerResolverAuthenticatingServerInterceptor managerResolverAuthenticatingServerInterceptor(
+            final AuthenticationManagerResolver<GrpcServerRequest> grpcAuthenticationManagerResolver,
+            final GrpcAuthenticationReader authenticationReader) {
+        return new ManagerResolverAuthenticatingServerInterceptor(grpcAuthenticationManagerResolver,
+                authenticationReader);
+    }
+
     /**
      * The security interceptor that handles the authorization of requests.
      *

grpc-server-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/server/autoconfigure/GrpcServerSecurityWithManagerResolverAutoConfiguration.java

@@ -84,14 +84,10 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(final ServerCall<Re
         }
         log.debug("Credentials found: Authenticating '{}'", authentication.getName());
 
-        AuthenticationManager authenticationManager = this.getAuthenticationManager(call, headers);
+        AuthenticationManager authenticationManager = getAuthenticationManager(call, headers);
         if (authenticationManager == null) {
-            log.debug("No authentication manager found: Continuing unauthenticated");
-            try {
-                return next.startCall(call, headers);
-            } catch (final AccessDeniedException e) {
-                throw newNoCredentialsException(e);
-            }
+            log.debug("No authentication manager found");
+            throw new InternalAuthenticationServiceException("No authentication manager found");
         }
 
         try {

grpc-server-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/server/security/interceptors/AbstractAuthenticatingServerInterceptor.java

@@ -39,4 +39,4 @@ public GrpcServerRequest(ServerCall<?, ?> call, Metadata headers) {
     return call.getMethodDescriptor();
   }
 
-}
+}

grpc-server-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/server/security/interceptors/GrpcServerRequest.java

@@ -24,12 +24,10 @@
 import net.devh.boot.grpc.server.autoconfigure.GrpcServerAutoConfiguration;
 import net.devh.boot.grpc.server.autoconfigure.GrpcServerFactoryAutoConfiguration;
 import net.devh.boot.grpc.server.autoconfigure.GrpcServerSecurityAutoConfiguration;
-import net.devh.boot.grpc.server.autoconfigure.GrpcServerSecurityWithManagerResolverAutoConfiguration;
 
 @Configuration
 @ImportAutoConfiguration({GrpcCommonCodecAutoConfiguration.class, GrpcServerAutoConfiguration.class,
         GrpcServerFactoryAutoConfiguration.class, GrpcServerSecurityAutoConfiguration.class,
-        GrpcServerSecurityWithManagerResolverAutoConfiguration.class,
         GrpcClientAutoConfiguration.class})
 public class BaseAutoConfiguration {
 

tests/src/test/java/net/devh/boot/grpc/test/config/BaseAutoConfiguration.java

@@ -17,7 +17,6 @@
 package net.devh.boot.grpc.test.config;
 
 import static net.devh.boot.grpc.client.security.CallCredentialsHelper.basicAuth;
-import static net.devh.boot.grpc.common.security.SecurityConstants.AUTHORIZATION_HEADER;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -35,6 +34,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 import com.google.common.collect.ImmutableMap;
 
@@ -75,17 +75,33 @@ DaoAuthenticationProvider daoAuthenticationProvider() {
         return provider;
     }
 
+    InMemoryUserDetailsManager inMemoryUserDetailsManager() {
+        PasswordEncoder passwordEncoder = passwordEncoder();
+        InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();
+        userDetailsService.createUser(new User("client1", passwordEncoder.encode("client1"),
+                List.of(new SimpleGrantedAuthority("ROLE_CLIENT1"))));
+        userDetailsService.createUser(new User("client2", passwordEncoder.encode("client2"),
+                List.of(new SimpleGrantedAuthority("ROLE_CLIENT2"))));
+        return userDetailsService;
+    }
+
+    DaoAuthenticationProvider daoAuthenticationProviderInMemory() {
+        final DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+        provider.setUserDetailsService(inMemoryUserDetailsManager());
+        provider.setPasswordEncoder(passwordEncoder());
+        return provider;
+    }
 
     @Bean
     AuthenticationManagerResolver<GrpcServerRequest> authenticationManager() {
         return context -> {
-            String token = context.headers().get(AUTHORIZATION_HEADER);
-            if (token != null && token.startsWith("Basic")) {
+            String methodName = context.methodDescriptor().getFullMethodName();
+            if (methodName.equals("TestService/normal")) {
+                return daoAuthenticationProviderInMemory()::authenticate;
+            } else {
                 final List<AuthenticationProvider> providers = new ArrayList<>();
                 providers.add(daoAuthenticationProvider());
                 return new ProviderManager(providers);
-            } else {
-                return null;
             }
         };
     }