Merge pull request #21 from wwan13/feature/auth

seperate auto configurations

src/main/java/io/wwan13/wintersecurity/config/AuthConfiguration.java

@@ -24,10 +24,21 @@
 import io.wwan13.wintersecurity.auth.provider.BearerTokenExtractor;
 import io.wwan13.wintersecurity.auth.provider.HttpRequestAccessManager;
 import io.wwan13.wintersecurity.jwt.TokenDecoder;
+import io.wwan13.wintersecurity.jwt.provider.JwtTokenDecoder;
+import io.wwan13.wintersecurity.secretkey.SecretKey;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 public class AuthConfiguration {
 
+    @Bean
+    @ConditionalOnMissingBean(TokenDecoder.class)
+    public TokenDecoder tokenDecoder(SecretKey secretKey) {
+        return new JwtTokenDecoder(secretKey);
+    }
+
     @Bean
     public TokenExtractor tokenExtractor() {
         return new BearerTokenExtractor();
@@ -50,4 +61,9 @@ public AbstractInterceptorAuthProcessor authProcessor(
                 requestAccessManager
         );
     }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }

src/main/java/io/wwan13/wintersecurity/config/AuthorizedRequestRegistrar.java

@@ -24,16 +24,16 @@
 
 public class AuthorizedRequestRegistrar {
 
-    private final WebSecurityConfigurer webSecurityConfigurer;
+    private final SecureRequestConfigurer secureRequestConfigurer;
 
-    public AuthorizedRequestRegistrar(WebSecurityConfigurer webSecurityConfigurer) {
-        this.webSecurityConfigurer = webSecurityConfigurer;
+    public AuthorizedRequestRegistrar(SecureRequestConfigurer secureRequestConfigurer) {
+        this.secureRequestConfigurer = secureRequestConfigurer;
     }
 
     @Bean
     public AuthorizedRequest authorizedRequest() {
         AuthorizedRequestRegistry registry = AuthorizedRequestRegistry.of();
-        webSecurityConfigurer.registerAuthPatterns(registry);
+        secureRequestConfigurer.registerAuthPatterns(registry);
         return AuthorizedRequestApplier.apply(registry);
     }
 }

src/main/java/io/wwan13/wintersecurity/config/EnableWebSecurity.java → src/main/java/io/wwan13/wintersecurity/config/EnableJwtProvider.java

@@ -18,19 +18,19 @@
 
 import org.springframework.context.annotation.Import;
 
-import java.lang.annotation.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 
 @Documented
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ElementType.TYPE})
 @Import({
-        AuthorizedRequestRegistrar.class,
-        AuthConfiguration.class,
-        AuthProcessorRegistrar.class,
         JwtPropertiesRegistrar.class,
         JwtConfiguration.class,
-        PasswordEncoderConfiguration.class,
-        TargetAnnotationsRegistrar.class
+        SecretKeyRegistrar.class
 })
-public @interface EnableWebSecurity {
-}
+public @interface EnableJwtProvider {
+}

src/main/java/io/wwan13/wintersecurity/config/EnableSecureRequest.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.wwan13.wintersecurity.config;
+
+import org.springframework.context.annotation.Import;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE})
+@Import({
+        AuthorizedRequestRegistrar.class,
+        AuthConfiguration.class,
+        AuthProcessorRegistrar.class,
+        TargetAnnotationsRegistrar.class,
+        SecretKeyRegistrar.class
+})
+public @interface EnableSecureRequest {
+}

src/main/java/io/wwan13/wintersecurity/config/JwtConfiguration.java

@@ -26,34 +26,33 @@
 import io.wwan13.wintersecurity.jwt.payload.support.ReflectionPayloadAnalyst;
 import io.wwan13.wintersecurity.jwt.provider.JwtTokenDecoder;
 import io.wwan13.wintersecurity.jwt.provider.JwtTokenGenerator;
+import io.wwan13.wintersecurity.secretkey.SecretKey;
 import org.springframework.context.annotation.Bean;
 
 public class JwtConfiguration {
 
-    private final JwtProperties jwtProperties;
-
-    public JwtConfiguration(JwtProperties jwtProperties) {
-        this.jwtProperties = jwtProperties;
-    }
-
     @Bean
-    public TokenGenerator tokenGenerator() {
-        return new JwtTokenGenerator(jwtProperties, payloadParser());
+    public TokenGenerator tokenGenerator(
+            SecretKey secretKey,
+            JwtProperties jwtProperties,
+            PayloadParser payloadParser
+    ) {
+        return new JwtTokenGenerator(secretKey, jwtProperties, payloadParser);
     }
 
     @Bean
-    public TokenDecoder tokenDecoder() {
-        return new JwtTokenDecoder(jwtProperties);
+    public TokenDecoder tokenDecoder(SecretKey secretKey) {
+        return new JwtTokenDecoder(secretKey);
     }
 
     @Bean
-    public PayloadAnalysis payloadAnalysis() {
+    public PayloadAnalysis payloadAnalysis(JwtProperties jwtProperties) {
         PayloadAnalyst payloadAnalyst = new ReflectionPayloadAnalyst();
         return payloadAnalyst.analyze(jwtProperties);
     }
 
     @Bean
-    public PayloadParser payloadParser() {
-        return new JwtPayloadParser(payloadAnalysis());
+    public PayloadParser payloadParser(PayloadAnalysis payloadAnalysis) {
+        return new JwtPayloadParser(payloadAnalysis);
     }
 }

src/main/java/io/wwan13/wintersecurity/config/JwtPropertiesRegistrar.java

@@ -23,17 +23,16 @@
 
 public class JwtPropertiesRegistrar {
 
-    private final WebSecurityConfigurer webSecurityConfigurer;
+    private final JwtProviderConfigurer jwtProviderConfigurer;
 
-    public JwtPropertiesRegistrar(WebSecurityConfigurer webSecurityConfigurer) {
-        this.webSecurityConfigurer = webSecurityConfigurer;
+    public JwtPropertiesRegistrar(JwtProviderConfigurer jwtProviderConfigurer) {
+        this.jwtProviderConfigurer = jwtProviderConfigurer;
     }
 
-
     @Bean
     public JwtProperties jwtProperties() {
         JwtPropertiesRegistry registry = new JwtPropertiesRegistry();
-        webSecurityConfigurer.configureJwt(registry);
+        jwtProviderConfigurer.configureJwt(registry);
         return JwtPropertiesApplier.apply(registry);
     }
 }

src/main/java/io/wwan13/wintersecurity/config/PasswordEncoderConfiguration.java → src/main/java/io/wwan13/wintersecurity/config/JwtProviderConfigurer.java

@@ -16,14 +16,9 @@
 
 package io.wwan13.wintersecurity.config;
 
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
+import io.wwan13.wintersecurity.jwt.support.JwtPropertiesRegistry;
 
-public class PasswordEncoderConfiguration {
+public interface JwtProviderConfigurer extends SecretKeyConfigurer {
 
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
+    void configureJwt(JwtPropertiesRegistry registry);
 }

src/main/java/io/wwan13/wintersecurity/config/SecretKeyConfigurer.java

@@ -0,0 +1,24 @@
+/*
+ * Copyright 2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.wwan13.wintersecurity.config;
+
+import io.wwan13.wintersecurity.secretkey.support.SecretKeyRegistry;
+
+public interface SecretKeyConfigurer {
+
+    void configureSecretKey(SecretKeyRegistry registry);
+}

src/main/java/io/wwan13/wintersecurity/config/SecretKeyRegistrar.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.wwan13.wintersecurity.config;
+
+import io.wwan13.wintersecurity.secretkey.SecretKey;
+import io.wwan13.wintersecurity.secretkey.support.SecretKetApplier;
+import io.wwan13.wintersecurity.secretkey.support.SecretKeyRegistry;
+import org.springframework.context.annotation.Bean;
+
+public class SecretKeyRegistrar {
+
+    private final SecretKeyConfigurer configurer;
+
+    public SecretKeyRegistrar(SecretKeyConfigurer configurer) {
+        this.configurer = configurer;
+    }
+
+    @Bean
+    public SecretKey secretKey() {
+        SecretKeyRegistry registry = new SecretKeyRegistry();
+        configurer.configureSecretKey(registry);
+        return SecretKetApplier.apply(registry);
+    }
+}

src/main/java/io/wwan13/wintersecurity/config/WebSecurityConfigurer.java → src/main/java/io/wwan13/wintersecurity/config/SecureRequestConfigurer.java

@@ -17,14 +17,11 @@
 package io.wwan13.wintersecurity.config;
 
 import io.wwan13.wintersecurity.auth.authorizedrequest.support.AuthorizedRequestRegistry;
-import io.wwan13.wintersecurity.jwt.support.JwtPropertiesRegistry;
 import io.wwan13.wintersecurity.resolve.support.TargetAnnotationsRegistry;
 
-public interface WebSecurityConfigurer {
+public interface SecureRequestConfigurer extends SecretKeyConfigurer {
 
     void registerAuthPatterns(AuthorizedRequestRegistry registry);
 
-    void configureJwt(JwtPropertiesRegistry registry);
-
-    void registerResolveTargets(TargetAnnotationsRegistry registry);
+    void registerTargetAnnotations(TargetAnnotationsRegistry registry);
 }

src/main/java/io/wwan13/wintersecurity/config/TargetAnnotationsRegistrar.java

@@ -23,16 +23,16 @@
 
 public class TargetAnnotationsRegistrar {
 
-    private final WebSecurityConfigurer webSecurityConfigurer;
+    private final SecureRequestConfigurer secureRequestConfigurer;
 
-    public TargetAnnotationsRegistrar(WebSecurityConfigurer webSecurityConfigurer) {
-        this.webSecurityConfigurer = webSecurityConfigurer;
+    public TargetAnnotationsRegistrar(SecureRequestConfigurer secureRequestConfigurer) {
+        this.secureRequestConfigurer = secureRequestConfigurer;
     }
 
     @Bean
     public TargetAnnotations targetAnnotations() {
         TargetAnnotationsRegistry registry = new TargetAnnotationsRegistry();
-        webSecurityConfigurer.registerResolveTargets(registry);
+        secureRequestConfigurer.registerTargetAnnotations(registry);
         return TargetAnnotationsApplier.apply(registry);
     }
 }

src/main/java/io/wwan13/wintersecurity/jwt/JwtProperties.java

@@ -16,14 +16,10 @@
 
 package io.wwan13.wintersecurity.jwt;
 
-import java.security.Key;
-
 public record JwtProperties(
-        String secretKey,
         long accessTokenValidity,
         long refreshTokenValidity,
         Class<? extends Payload> payloadClazz,
-        Class<?> subjectClazz,
-        Key key
+        Class<?> subjectClazz
 ) {
 }

src/main/java/io/wwan13/wintersecurity/jwt/provider/JwtTokenDecoder.java

@@ -19,17 +19,18 @@
 import io.jsonwebtoken.*;
 import io.wwan13.wintersecurity.exception.unauthirized.ExpiredJwtTokenException;
 import io.wwan13.wintersecurity.exception.unauthirized.InvalidJwtTokenException;
-import io.wwan13.wintersecurity.jwt.JwtProperties;
 import io.wwan13.wintersecurity.jwt.TokenDecoder;
+import io.wwan13.wintersecurity.secretkey.SecretKey;
 
+import java.security.Key;
 import java.util.Map;
 
 public class JwtTokenDecoder implements TokenDecoder {
 
-    private final JwtProperties jwtProperties;
+    private final SecretKey secretKey;
 
-    public JwtTokenDecoder(JwtProperties jwtProperties) {
-        this.jwtProperties = jwtProperties;
+    public JwtTokenDecoder(SecretKey secretKey) {
+        this.secretKey = secretKey;
     }
 
     @Override
@@ -40,7 +41,7 @@ public Map<String, Object> decode(String token) {
     public Claims parseClaimsWithExceptionHandling(String token) {
         try {
             return Jwts.parserBuilder()
-                    .setSigningKey(jwtProperties.key())
+                    .setSigningKey(secretKey.value())
                     .build()
                     .parseClaimsJws(token)
                     .getBody();