src/main/java/de/kreth/invoice/security/UserManager.java

@@ -3,6 +3,7 @@ package de.kreth.invoice.security;
 import org.keycloak.KeycloakPrincipal;
 import org.keycloak.KeycloakSecurityContext;
 import org.keycloak.representations.AccessToken;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -15,79 +16,80 @@ import de.kreth.invoice.persistence.UserRepository;
 @Component
 public class UserManager {
 
-	private UserRepository userRepository;
+    private UserRepository userRepository;
 
-	public UserManager(UserRepository userRepository) {
+    @Autowired
-		this.userRepository = userRepository;
+    public void setUserRepository(UserRepository userRepository) {
-	}
+	this.userRepository = userRepository;
+    }
 
-	private AccessToken getAccessToken() {
+    private AccessToken getAccessToken() {
-		Authentication authentication = getAuthentication();
+	Authentication authentication = getAuthentication();
-		KeycloakPrincipal<?> principal = (KeycloakPrincipal<?>) authentication.getPrincipal();
+	KeycloakPrincipal<?> principal = (KeycloakPrincipal<?>) authentication.getPrincipal();
 
-		KeycloakSecurityContext context = principal.getKeycloakSecurityContext();
+	KeycloakSecurityContext context = principal.getKeycloakSecurityContext();
-		return context.getToken();
+	return context.getToken();
-	}
+    }
 
-	public User getLoggedInUser() {
+    public User getLoggedInUser() {
-
-		AccessToken accessToken = getAccessToken();
-		if (accessToken != null) {
-			User user = userRepository.findByPrincipalId(accessToken.getSubject());
-			if (user != null && hasChanges(user, accessToken)) {
-				save(user);
-			}
-			return user;
-		}
-		return null;
-	}
 
-	/**
+	AccessToken accessToken = getAccessToken();
-	 * Updated user with values from accessToken and returns true if something
+	if (accessToken != null) {
-	 * changed.
+	    User user = userRepository.findByPrincipalId(accessToken.getSubject());
-	 *
+	    if (user != null && hasChanges(user, accessToken)) {
-	 * @param user
+		save(user);
-	 * @param accessToken
+	    }
-	 * @return
+	    return user;
-	 */
-	private boolean hasChanges(User user, AccessToken accessToken) {
-		if (user == null) {
-			return true;
-		}
-
-		boolean result = false;
-
-		if (!accessToken.getGivenName().equals(user.getGivenName())
-				|| !accessToken.getFamilyName().equals(user.getFamilyName())
-				|| !accessToken.getEmail().equals(user.getEmail())) {
-			result = true;
-			user.setPrincipal(accessToken);
-		}
-		return result;
 	}
-
+	return null;
-	public User save(User entity) {
+    }
-		return userRepository.save(entity);
+
+    /**
+     * Updated user with values from accessToken and returns true if something
+     * changed.
+     *
+     * @param user
+     * @param accessToken
+     * @return
+     */
+    private boolean hasChanges(User user, AccessToken accessToken) {
+	if (user == null) {
+	    return true;
 	}
 
-	private Authentication getAuthentication() {
+	boolean result = false;
 
-		return SecurityContextHolder.getContext().getAuthentication();
+	if (!accessToken.getGivenName().equals(user.getGivenName())
+		|| !accessToken.getFamilyName().equals(user.getFamilyName())
+		|| !accessToken.getEmail().equals(user.getEmail())) {
+	    result = true;
+	    user.setPrincipal(accessToken);
 	}
+	return result;
+    }
 
-	public User create() {
+    public User save(User entity) {
-		AccessToken accessToken = getAccessToken();
+	return userRepository.save(entity);
+    }
 
-		User user = new User();
+    private Authentication getAuthentication() {
-		user.setPrincipal(accessToken);
-		UserBank bank = new UserBank();
-		bank.setUser(user);
-		user.setBank(bank);
-		UserAdress adress = new UserAdress();
-		adress.setUser(user);
-		user.setAdress(adress);
 
-		return user;
+	return SecurityContextHolder.getContext().getAuthentication();
+    }
 
-	}
+    public User create() {
+	AccessToken accessToken = getAccessToken();
+
+	User user = new User();
+	user.setPrincipal(accessToken);
+	UserBank bank = new UserBank();
+	bank.setUser(user);
+	user.setBank(bank);
+	UserAdress adress = new UserAdress();
+	adress.setUser(user);
+	user.setAdress(adress);
+
+	return user;
+
+    }
 }

src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java

@@ -1,17 +0,0 @@
-package de.kreth.invoice.business.security;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-@Controller
-@RequestMapping
-public class DummyCatchAllController {
-
-	@GetMapping(path = "/**")
-	@ResponseBody
-	public String catchAll() {
-		return "DummyCatchallController#catchAll";
-	}
-}

src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java

@@ -1,43 +0,0 @@
-package de.kreth.invoice.business.security;
-
-import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.security.test.context.support.WithMockUser;
-import org.springframework.test.web.servlet.MockMvc;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.web.context.WebApplicationContext;
-
-@WebMvcTest(controllers = DummyCatchAllController.class)
-class SecurityConfigurationTest {
-
-	private MockMvc mockMvc;
-
-	@Autowired
-	private WebApplicationContext webApplicationContext;
-
-	@BeforeEach
-	void setup() {
-		this.mockMvc = MockMvcBuilders
-				.webAppContextSetup(this.webApplicationContext)
-				.apply(springSecurity())
-				.build();
-	}
-
-	@Test
-	@WithMockUser(username = "user", roles = { "USER" })
-	void asLoggedInUser_ICantAccess() throws Exception {
-		mockMvc.perform(get("/")).andExpect(status().isForbidden());
-	}
-
-	@Test
-	@WithMockUser(username = "admin", roles = { "INVOICE_USER" })
-	void asInvoiceUser_ICanAccess() throws Exception {
-		mockMvc.perform(get("/")).andExpect(status().isOk());
-	}
-}

src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java

@@ -1,43 +0,0 @@
-package de.kreth.invoice.business.security;
-
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOpaqueToken;
-
-import org.junit.jupiter.api.Disabled;
-import org.junit.jupiter.api.Test;
-import org.keycloak.adapters.springsecurity.account.KeycloakRole;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.web.reactive.server.WebTestClient;
-
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@AutoConfigureWebTestClient
-//@ActiveProfiles("test")
-@Disabled
-class ViewSecurityTest {
-
-    @Autowired
-    private WebTestClient client;
-
-    @Test
-    void givenUnauthenticated_whenCallService_thenIsUnauthorized() {
-	this.client.get().uri("/")
-		.exchange().expectStatus().isUnauthorized();
-    }
-
-    @Test
-    void givenAuthenticatedMissingRole_whenCallServiceWithSecured_thenForbidden() {
-
-	this.client.mutateWith(mockOpaqueToken()).get().uri("/")
-		.exchange().expectStatus().isForbidden();
-    }
-
-    @Test
-    void givenAuthenticated_whenCallServiceWithSecured_thenOk() {
-
-	KeycloakRole role = new KeycloakRole("INVOICE_USER");
-	this.client.mutateWith(mockOpaqueToken().authorities(role))
-		.get().uri("/")
-		.exchange().expectStatus().isOk();
-    }
-}