refactor: remove OIDC env var config and seeder
OIDC configuration is already fully database-backed (oidc_config table, admin API, OidcConfigRepository). Remove the redundant env var binding (SecurityProperties.Oidc), the env-to-DB seeder (oidcConfigSeeder), and the OIDC section from application.yml. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -1,29 +1,20 @@
|
||||
package com.cameleer3.server.app.security;
|
||||
|
||||
import com.cameleer3.server.core.security.OidcConfig;
|
||||
import com.cameleer3.server.core.security.OidcConfigRepository;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Configuration class that creates security service beans and validates
|
||||
* that required security properties are set.
|
||||
* <p>
|
||||
* Fails fast on startup if {@code CAMELEER_AUTH_TOKEN} is not set.
|
||||
* Seeds OIDC config from env vars into the database if DB is empty.
|
||||
*/
|
||||
@Configuration
|
||||
@EnableConfigurationProperties(SecurityProperties.class)
|
||||
public class SecurityBeanConfig {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(SecurityBeanConfig.class);
|
||||
|
||||
@Bean
|
||||
public JwtServiceImpl jwtService(SecurityProperties properties) {
|
||||
return new JwtServiceImpl(properties);
|
||||
@@ -50,36 +41,4 @@ public class SecurityBeanConfig {
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Seeds OIDC config from env vars into the database if the DB has no config yet.
|
||||
* This allows initial provisioning via env vars, after which the admin UI takes over.
|
||||
*/
|
||||
@Bean
|
||||
public InitializingBean oidcConfigSeeder(SecurityProperties properties,
|
||||
OidcConfigRepository configRepository) {
|
||||
return () -> {
|
||||
if (configRepository.find().isPresent()) {
|
||||
log.debug("OIDC config already present in database, skipping env var seed");
|
||||
return;
|
||||
}
|
||||
|
||||
SecurityProperties.Oidc envOidc = properties.getOidc();
|
||||
if (envOidc.isEnabled()
|
||||
&& envOidc.getIssuerUri() != null && !envOidc.getIssuerUri().isBlank()
|
||||
&& envOidc.getClientId() != null && !envOidc.getClientId().isBlank()) {
|
||||
OidcConfig config = new OidcConfig(
|
||||
true,
|
||||
envOidc.getIssuerUri(),
|
||||
envOidc.getClientId(),
|
||||
envOidc.getClientSecret() != null ? envOidc.getClientSecret() : "",
|
||||
envOidc.getRolesClaim(),
|
||||
envOidc.getDefaultRoles(),
|
||||
true,
|
||||
"name"
|
||||
);
|
||||
configRepository.save(config);
|
||||
log.info("OIDC config seeded from environment variables: issuer={}", envOidc.getIssuerUri());
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,6 @@ package com.cameleer3.server.app.security;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Configuration properties for security settings.
|
||||
* Bound from the {@code security.*} namespace in application.yml.
|
||||
@@ -19,29 +17,6 @@ public class SecurityProperties {
|
||||
private String uiPassword;
|
||||
private String uiOrigin;
|
||||
private String jwtSecret;
|
||||
private Oidc oidc = new Oidc();
|
||||
|
||||
public static class Oidc {
|
||||
private boolean enabled = false;
|
||||
private String issuerUri;
|
||||
private String clientId;
|
||||
private String clientSecret;
|
||||
private String rolesClaim = "realm_access.roles";
|
||||
private List<String> defaultRoles = List.of("VIEWER");
|
||||
|
||||
public boolean isEnabled() { return enabled; }
|
||||
public void setEnabled(boolean enabled) { this.enabled = enabled; }
|
||||
public String getIssuerUri() { return issuerUri; }
|
||||
public void setIssuerUri(String issuerUri) { this.issuerUri = issuerUri; }
|
||||
public String getClientId() { return clientId; }
|
||||
public void setClientId(String clientId) { this.clientId = clientId; }
|
||||
public String getClientSecret() { return clientSecret; }
|
||||
public void setClientSecret(String clientSecret) { this.clientSecret = clientSecret; }
|
||||
public String getRolesClaim() { return rolesClaim; }
|
||||
public void setRolesClaim(String rolesClaim) { this.rolesClaim = rolesClaim; }
|
||||
public List<String> getDefaultRoles() { return defaultRoles; }
|
||||
public void setDefaultRoles(List<String> defaultRoles) { this.defaultRoles = defaultRoles; }
|
||||
}
|
||||
|
||||
public long getAccessTokenExpiryMs() { return accessTokenExpiryMs; }
|
||||
public void setAccessTokenExpiryMs(long accessTokenExpiryMs) { this.accessTokenExpiryMs = accessTokenExpiryMs; }
|
||||
@@ -59,6 +34,4 @@ public class SecurityProperties {
|
||||
public void setUiOrigin(String uiOrigin) { this.uiOrigin = uiOrigin; }
|
||||
public String getJwtSecret() { return jwtSecret; }
|
||||
public void setJwtSecret(String jwtSecret) { this.jwtSecret = jwtSecret; }
|
||||
public Oidc getOidc() { return oidc; }
|
||||
public void setOidc(Oidc oidc) { this.oidc = oidc; }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user