Multi-tenancy Sample AuthenticationManagers

Fixes gh-7272
2019-08-17 00:13:34 -06:00 · 2019-08-17 00:13:34 -06:00 · 0ecffb0840
parent efe8205985
commit 0ecffb0840
3 changed files with 22 additions and 32 deletions
--- a/samples/boot/oauth2resourceserver-multitenancy/README.adoc
+++ b/samples/boot/oauth2resourceserver-multitenancy/README.adoc
@ -128,33 +128,20 @@ _In order to use this sample, your Authorization Server must support JWTs that e
 To change the sample to point at your Authorization Server, simply find these properties in the `application.yml`:

 ```yaml
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-        opaque:
-          introspection-uri: ${mockwebserver.url}/introspect
-          introspection-client-id: client
-          introspection-client-secret: secret
-
+tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret
 ```

 And change the properties to your Authorization Server's JWK set endpoint and
 introspection endpoint, including its client id and secret

 ```yaml
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
-        opaque:
-          introspection-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/introspect
-          introspection-client-id: client
-          introspection-client-secret: secret
+tenantOne.jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
+tenantTwo.introspection-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret
 ```

 And then you can run the app the same as before:
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@ -40,12 +40,18 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT
@EnableWebSecurity
 public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {

-	@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
+	@Value("${tenantOne.jwk-set-uri}")
 	String jwkSetUri;

-	@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
+	@Value("${tenantTwo.introspection-uri}")
 	String introspectionUri;

+	@Value("${tenantTwo.introspection-client-id}")
+	String introspectionClientId;
+
+	@Value("${tenantTwo.introspection-client-secret}")
+	String introspectionClientSecret;
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
@ -83,7 +89,8 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig

 	AuthenticationManager opaque() {
 		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(this.introspectionUri, "client", "secret");
+				new NimbusOpaqueTokenIntrospector(this.introspectionUri,
+						this.introspectionClientId, this.introspectionClientSecret);
 		return new OAuth2IntrospectionAuthenticationProvider(introspectionClient)::authenticate;
 	}
 }
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml
@ -1,8 +1,4 @@
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-        opaque:
-          introspection-uri: ${mockwebserver.url}/introspect
+tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret