From 0ecffb084084af431aab92a1718b54ef59a559f1 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Sat, 17 Aug 2019 00:13:34 -0600
Subject: [PATCH] Multi-tenancy Sample AuthenticationManagers

Fixes gh-7272
---
 .../README.adoc                               | 29 +++++--------------
 ...h2ResourceServerSecurityConfiguration.java | 13 +++++++--
 .../src/main/resources/application.yml        | 12 +++-----
 3 files changed, 22 insertions(+), 32 deletions(-)

diff --git a/samples/boot/oauth2resourceserver-multitenancy/README.adoc b/samples/boot/oauth2resourceserver-multitenancy/README.adoc
index c50b7b6b61..85065e31b8 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/README.adoc
+++ b/samples/boot/oauth2resourceserver-multitenancy/README.adoc
@@ -128,33 +128,20 @@ _In order to use this sample, your Authorization Server must support JWTs that e
 To change the sample to point at your Authorization Server, simply find these properties in the `application.yml`:
 
 ```yaml
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-        opaque:
-          introspection-uri: ${mockwebserver.url}/introspect
-          introspection-client-id: client
-          introspection-client-secret: secret
-
+tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret
 ```
 
 And change the properties to your Authorization Server's JWK set endpoint and
 introspection endpoint, including its client id and secret
 
 ```yaml
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
-        opaque:
-          introspection-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/introspect
-          introspection-client-id: client
-          introspection-client-secret: secret
+tenantOne.jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
+tenantTwo.introspection-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret
 ```
 
 And then you can run the app the same as before:
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
index a43e217e98..658c840c0b 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java
@@ -40,12 +40,18 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT
 @EnableWebSecurity
 public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
-	@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
+	@Value("${tenantOne.jwk-set-uri}")
 	String jwkSetUri;
 
-	@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
+	@Value("${tenantTwo.introspection-uri}")
 	String introspectionUri;
 
+	@Value("${tenantTwo.introspection-client-id}")
+	String introspectionClientId;
+
+	@Value("${tenantTwo.introspection-client-secret}")
+	String introspectionClientSecret;
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
@@ -83,7 +89,8 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 
 	AuthenticationManager opaque() {
 		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(this.introspectionUri, "client", "secret");
+				new NimbusOpaqueTokenIntrospector(this.introspectionUri,
+						this.introspectionClientId, this.introspectionClientSecret);
 		return new OAuth2IntrospectionAuthenticationProvider(introspectionClient)::authenticate;
 	}
 }
diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml b/samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml
index 52aff11b1a..de938e33b4 100644
--- a/samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml
+++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml
@@ -1,8 +1,4 @@
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-        opaque:
-          introspection-uri: ${mockwebserver.url}/introspect
+tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret