AzureConfig.java

  1. package no.nav.data.common.security.azure;

  3. import com.microsoft.aad.msal4j.ClientCredentialFactory;
  4. import com.microsoft.aad.msal4j.ConfidentialClientApplication;
  5. import com.nimbusds.jose.jwk.source.RemoteJWKSet;
  6. import com.nimbusds.jose.util.DefaultResourceRetriever;
  7. import com.nimbusds.jose.util.ResourceRetriever;
  8. import com.nimbusds.oauth2.sdk.id.Issuer;
  9. import com.nimbusds.openid.connect.sdk.op.OIDCProviderConfigurationRequest;
  10. import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
  11. import lombok.SneakyThrows;
  12. import no.nav.data.common.exceptions.TechnicalException;
  13. import no.nav.data.common.security.AppIdMapping;
  14. import no.nav.data.common.security.RoleSupport;
  15. import no.nav.data.common.utils.MdcExecutor;
  16. import org.apache.commons.lang3.StringUtils;
  17. import org.springframework.context.annotation.Bean;
  18. import org.springframework.context.annotation.Configuration;

  20. import java.util.concurrent.ThreadPoolExecutor;

  22. @Configuration
  23. public class AzureConfig {

  25.     @Bean
  26.     public ResourceRetriever getJWTResourceRetriever() {
  27.         return new DefaultResourceRetriever(RemoteJWKSet.DEFAULT_HTTP_CONNECT_TIMEOUT * 2, RemoteJWKSet.DEFAULT_HTTP_READ_TIMEOUT * 2, RemoteJWKSet.DEFAULT_HTTP_SIZE_LIMIT);
  28.     }

  30.     @Bean
  31.     public AADStatelessAuthenticationFilter aadStatelessAuthenticationFilter(
  32.             ResourceRetriever resourceRetriever, AADAuthenticationProperties aadAuthProps, RoleSupport roleSupport,
  33.             AzureTokenProvider azureTokenProvider, AppIdMapping appIdMapping, OIDCProviderMetadata oidcProviderMetadata) {
  34.         return new AADStatelessAuthenticationFilter(azureTokenProvider, roleSupport, appIdMapping, aadAuthProps, resourceRetriever, oidcProviderMetadata);
  35.     }

  37.     @Bean
  38.     public OIDCProviderMetadata oidcProviderMetadata(AADAuthenticationProperties properties) {
  39.         try {
  40.             String issuerUrl = StringUtils.substringBefore(properties.getWellKnown(), OIDCProviderConfigurationRequest.OPENID_PROVIDER_WELL_KNOWN_PATH);
  41.             return OIDCProviderMetadata.resolve(new Issuer(issuerUrl), 5000, 5000);
  42.         } catch (Exception e) {
  43.             throw new TechnicalException("io error", e);
  44.         }
  45.     }

  47.     @Bean
  48.     @SneakyThrows
  49.     public ConfidentialClientApplication msalClient(AADAuthenticationProperties aadAuthProps, OIDCProviderMetadata oidcProviderMetadata) {
  50.         return ConfidentialClientApplication
  51.                 .builder(aadAuthProps.getClientId(), ClientCredentialFactory.createFromSecret(aadAuthProps.getClientSecret()))
  52.                 .authority(oidcProviderMetadata.getAuthorizationEndpointURI().toString())
  53.                 .executorService(msalThreadPool())
  54.                 .build();
  55.     }

  57.     @Bean
  58.     public ThreadPoolExecutor msalThreadPool() {
  59.         return MdcExecutor.newThreadPool(5, "msal");
  60.     }

  62.     @Bean
  63.     public AppIdMapping appIdMapping(AADAuthenticationProperties properties) {
  64.         return new AppIdMapping(properties.getAllowedAppIdMappings(), properties.getClientId());
  65.     }
  66. }
Created with JaCoCo 0.8.12.202403310830