chore: do not check audience for now

SchweizerischeBundesbahnen · Jun 17, 2024 · 0e77d87 · 0e77d87
1 parent abee059
commit 0e77d87
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/...round-backend/src/main/java/ch/sbb/playgroundbackend/config/ApplicationConfiguration.java b/...round-backend/src/main/java/ch/sbb/playgroundbackend/config/ApplicationConfiguration.java
@@ -33,8 +33,8 @@ public class ApplicationConfiguration {
     private final OAuth2ResourceServerProperties.Jwt properties;
 
     // The audience is important because the JWT token is accepted only if the aud claim in the JWT token received by the server is the same as the client ID of the server.
-    @Value("${spring.security.oauth2.resourceserver.jwt.audience}")
-    String audience;
+    //@Value("${spring.security.oauth2.resourceserver.jwt.audience}")
+    String audience = null;
 
     public ApplicationConfiguration(OAuth2ResourceServerProperties properties) {
         this.properties = properties.getJwt();

diff --git a/...round-backend/src/main/java/ch/sbb/playgroundbackend/config/WebSecurityConfiguration.java b/...round-backend/src/main/java/ch/sbb/playgroundbackend/config/WebSecurityConfiguration.java
@@ -28,10 +28,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         }
                 )
                 // Disable csrf for now as it makes unauthenticated requests return 401/403
-                .csrf(AbstractHttpConfigurer::disable);
-                /*.oauth2ResourceServer((oauth2) ->
+                .csrf(AbstractHttpConfigurer::disable)
+                .oauth2ResourceServer((oauth2) ->
                         oauth2.jwt(withDefaults())
-                );*/
+                );
         return http.build();
     }
 }
diff --git a/...ound-backend/src/main/java/ch/sbb/playgroundbackend/controller/CustomClaimController.java b/...ound-backend/src/main/java/ch/sbb/playgroundbackend/controller/CustomClaimController.java
@@ -40,7 +40,7 @@ public class CustomClaimController {
     @GetMapping("requestToken")
     String tokenRequest(Authentication authentication, String ru, String train, String role) {
 
-        String userId = (String) ((Jwt) authentication.getPrincipal()).getClaims().get("sub");
+        String userId = authentication.getName();
         log.info("Received token request for {} with ru={} train={} role={}", userId, ru, train, role);
 
         tokenClaimDataMap.put(userId, new Claims(ru, train, role));

diff --git a/playground-backend/src/main/resources/application.yaml b/playground-backend/src/main/resources/application.yaml
@@ -27,7 +27,7 @@ spring:
         jwt:
           jwk-set-uri: https://login.microsoftonline.com/2cda5d11-f0ac-46b3-967d-af1b2e1bd01a/discovery/v2.0/keys
           issuer-uri: https://login.microsoftonline.com/2cda5d11-f0ac-46b3-967d-af1b2e1bd01a/v2.0
-          audience: ${CLIENT_ID}
+          #audience: ${CLIENT_ID}
 
   profiles:
     active: ${STAGE:local}