Merge pull request #8408 from rozagerardo/rozagerardo/BAEL-18321_Improve-Spring-Security-and-OpenID-Connect--after-modules-restructure

[BAEL-18321] spring-security-openid | Improve "Spring Security and OpenID Connect" article

.gitignore

@@ -39,7 +39,6 @@ target/
 spring-openid/src/main/resources/application.properties
 .recommenders/
 /spring-hibernate4/nbproject/
-spring-security-openid/src/main/resources/application.properties
 
 spring-all/*.log
 

pom.xml

@@ -825,7 +825,7 @@
                 <module>spring-security-modules/spring-security-mvc-login</module>
                 <module>spring-security-modules/spring-security-mvc-persisted-remember-me</module>
                 <module>spring-security-modules/spring-security-mvc-socket</module>
-                <module>spring-security-modules/spring-security-openid</module>
+                <module>spring-security-modules/spring-security-oidc</module>
                 <!--<module>spring-security-react</module> --> <!-- fails on Travis, fails intermittently on the new Jenkins (01.12.2018) BAEL-10834 -->
                 <module>spring-security-modules/spring-security-rest</module>
                 <module>spring-security-modules/spring-security-rest-basic-auth</module>

spring-security-modules/spring-security-oidc/README.md

@@ -0,0 +1,23 @@
+## Spring Security OpenID
+
+This module contains articles about OpenID with Spring Security
+
+### Relevant articles
+
+- [Spring Security and OpenID Connect](https://www.baeldung.com/spring-security-openid-connect)
+
+### OpenID Connect with Spring Security
+
+### Run the Project
+
+```
+mvn spring-boot:run
+```
+
+### Obtain Google App - Client ID, Secret
+
+- We need to get client id and client secret by creating a new project at [Google Developer Console](https://console.developers.google.com/project/_/apiui/credential?pli=1)
+- We can follow these instructions to register our client application on their platform
+
+- Once we have the client id and secret, we have to make sure we add them to the YAML files of the project
+

spring-security-modules/spring-security-oidc/pom.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-security-oidc</artifactId>
+    <name>spring-security-oidc</name>
+    <packaging>war</packaging>
+    <description>Spring OpenID Connect sample project</description>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-2</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-2</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+    </dependencies>
+
+    <properties>
+        <spring-boot.version>2.2.1.RELEASE</spring-boot.version>
+    </properties>
+
+</project>

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/discovery/SpringOidcDiscoveryApplication.java

@@ -0,0 +1,20 @@
+package com.baeldung.openid.oidc.discovery;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+
+import com.baeldung.openid.oidc.utils.YamlLoaderInitializer;
+
+@SpringBootApplication
+public class SpringOidcDiscoveryApplication {
+
+    public static void main(String[] args) {
+        SpringApplication application = new SpringApplication(SpringOidcDiscoveryApplication.class);
+        ApplicationContextInitializer<ConfigurableApplicationContext> yamlInitializer = new YamlLoaderInitializer("discovery-application.yml");
+        application.addInitializers(yamlInitializer);
+        application.run(args);
+    }
+
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/discovery/web/controllers/UserRestController.java

@@ -0,0 +1,17 @@
+package com.baeldung.openid.oidc.discovery.web.controllers;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/user")
+public class UserRestController {
+
+    @GetMapping("/oidc-principal")
+    public OidcUser getOidcUserPrincipal(@AuthenticationPrincipal OidcUser principal) {
+        return principal;
+    }
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/login/SpringOidcLoginApplication.java

@@ -0,0 +1,20 @@
+package com.baeldung.openid.oidc.login;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+
+import com.baeldung.openid.oidc.utils.YamlLoaderInitializer;
+
+@SpringBootApplication
+public class SpringOidcLoginApplication {
+
+    public static void main(String[] args) {
+        SpringApplication application = new SpringApplication(SpringOidcLoginApplication.class);
+        ApplicationContextInitializer<ConfigurableApplicationContext> yamlInitializer = new YamlLoaderInitializer("login-application.yml");
+        application.addInitializers(yamlInitializer);
+        application.run(args);
+    }
+
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/login/config/OAuth2LoginSecurityConfig.java

@@ -0,0 +1,28 @@
+package com.baeldung.openid.oidc.login.config;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
+
+@Configuration
+public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {// @formatter:off
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        Set<String> googleScopes = new HashSet<>();
+        googleScopes.add("https://www.googleapis.com/auth/userinfo.email");
+        googleScopes.add("https://www.googleapis.com/auth/userinfo.profile");
+
+        OidcUserService googleUserService = new OidcUserService();
+        googleUserService.setAccessibleScopes(googleScopes);
+
+        http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest()
+              .authenticated())
+            .oauth2Login(oauthLogin -> oauthLogin.userInfoEndpoint()
+              .oidcUserService(googleUserService));
+    }// @formatter:on
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/login/service/UserService.java

@@ -0,0 +1,23 @@
+package com.baeldung.openid.oidc.login.service;
+
+import java.util.Collections;
+import java.util.Map;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserService {
+
+    public Map<String, Object> getUserClaims() {
+        Authentication authentication = SecurityContextHolder.getContext()
+            .getAuthentication();
+        if (authentication.getPrincipal() instanceof OidcUser) {
+            OidcUser principal = ((OidcUser) authentication.getPrincipal());
+            return principal.getClaims();
+        }
+        return Collections.emptyMap();
+    }
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/login/web/controllers/UserRestController.java

@@ -0,0 +1,32 @@
+package com.baeldung.openid.oidc.login.web.controllers;
+
+import java.util.Map;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.baeldung.openid.oidc.login.service.UserService;
+
+@RestController
+@RequestMapping("/user")
+public class UserRestController {
+
+    private UserService service;
+
+    public UserRestController(UserService service) {
+        this.service = service;
+    }
+
+    @GetMapping("/oidc-principal")
+    public OidcUser getOidcUserPrincipal(@AuthenticationPrincipal OidcUser principal) {
+        return principal;
+    }
+
+    @GetMapping("/oidc-claims")
+    public Map<String, Object> getClaimsFromBean() {
+        return service.getUserClaims();
+    }
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/sessionmanagement/SpringOidcSessionManagementApplication.java

@@ -0,0 +1,20 @@
+package com.baeldung.openid.oidc.sessionmanagement;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+
+import com.baeldung.openid.oidc.utils.YamlLoaderInitializer;
+
+@SpringBootApplication
+public class SpringOidcSessionManagementApplication {
+
+    public static void main(String[] args) {
+        SpringApplication application = new SpringApplication(SpringOidcSessionManagementApplication.class);
+        ApplicationContextInitializer<ConfigurableApplicationContext> yamlInitializer = new YamlLoaderInitializer("sessionmanagement-application.yml");
+        application.addInitializers(yamlInitializer);
+        application.run(args);
+    }
+
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/sessionmanagement/config/OAuth2SessionManagementSecurityConfig.java

@@ -0,0 +1,37 @@
+package com.baeldung.openid.oidc.sessionmanagement.config;
+
+import java.net.URI;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+@Configuration
+public class OAuth2SessionManagementSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private ClientRegistrationRepository clientRegistrationRepository;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception { // @formatter:off
+        http.authorizeRequests(authorizeRequests -> authorizeRequests.mvcMatchers("/home")
+              .permitAll()
+              .anyRequest()
+                .authenticated())
+            .oauth2Login(oauthLogin -> oauthLogin.permitAll())
+            .logout(logout -> logout.logoutSuccessHandler(oidcLogoutSuccessHandler()));
+    }  // @formatter:on
+
+
+    private LogoutSuccessHandler oidcLogoutSuccessHandler() {
+        OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(this.clientRegistrationRepository);
+
+        oidcLogoutSuccessHandler.setPostLogoutRedirectUri(URI.create("http://localhost:8081/home"));
+
+        return oidcLogoutSuccessHandler;
+    }
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/sessionmanagement/web/controllers/HomeRestController.java

@@ -0,0 +1,14 @@
+package com.baeldung.openid.oidc.sessionmanagement.web.controllers;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class HomeRestController {
+
+    @GetMapping("/home")
+    public String simpleHomepage() {
+        return "Welcome to this simple homepage!";
+    }
+
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/sessionmanagement/web/controllers/UserRestController.java

@@ -0,0 +1,17 @@
+package com.baeldung.openid.oidc.sessionmanagement.web.controllers;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/user")
+public class UserRestController {
+
+    @GetMapping("/oidc-principal")
+    public OidcUser getOidcUserPrincipal(@AuthenticationPrincipal OidcUser principal) {
+        return principal;
+    }
+}

spring-security-modules/spring-security-oidc/src/main/java/com/baeldung/openid/oidc/utils/YamlLoaderInitializer.java

@@ -0,0 +1,48 @@
+package com.baeldung.openid.oidc.utils;
+
+import java.io.IOException;
+
+import org.springframework.boot.env.YamlPropertySourceLoader;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.PropertySource;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+public class YamlLoaderInitializer implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+    private final YamlPropertySourceLoader loader = new YamlPropertySourceLoader();
+    private final String file;
+
+    public YamlLoaderInitializer() {
+        this.file = null;
+    }
+
+    public YamlLoaderInitializer(String file) {
+        this.file = file;
+    }
+
+    @Override
+    public void initialize(ConfigurableApplicationContext applicationContext) {
+        String yamlFile = (this.file == null) ? applicationContext.getEnvironment()
+            .getProperty("custom.configyaml.file") : this.file;
+        Resource path = new ClassPathResource(yamlFile);
+        PropertySource<?> propertySource = loadYaml(path);
+        applicationContext.getEnvironment()
+            .getPropertySources()
+            .addLast(propertySource);
+    }
+
+    private PropertySource<?> loadYaml(Resource path) {
+        if (!path.exists()) {
+            throw new IllegalArgumentException("Resource " + path + " does not exist");
+        }
+        try {
+            return this.loader.load("custom-resource", path)
+                .get(0);
+        } catch (IOException ex) {
+            throw new IllegalStateException("Failed to load yaml configuration from" + path, ex);
+        }
+    }
+
+}

spring-security-modules/spring-security-oidc/src/main/resources/application.yml

@@ -0,0 +1,7 @@
+server:
+  port: 8081
+  
+logging:
+  level:
+    org.springframework.web.client.RestTemplate: DEBUG
+            

spring-security-modules/spring-security-oidc/src/main/resources/discovery-application.yml

@@ -0,0 +1,11 @@
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          custom-google:
+            client-id: <client-id>
+            client-secret: <client-secret>
+        provider:
+          custom-google:
+            issuer-uri: https://accounts.google.com

spring-security-modules/spring-security-oidc/src/main/resources/login-application.yml

@@ -0,0 +1,8 @@
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: <client-id>
+            client-secret: <client-secret>

spring-security-modules/spring-security-oidc/src/main/resources/sessionmanagement-application.yml

@@ -0,0 +1,16 @@
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          okta:
+            client-id: <client-id>
+            client-secret: <client-secret>
+        provider:
+          okta:
+            issuer-uri: https://dev-123.okta.com
+            # Or, optionally:            
+            #authorization-uri https://dev-123-admin.okta.com/oauth2/v1/authorize
+            #token-uri: https://dev-123-admin.okta.com/oauth2/v1/token
+            #user-info-uri: https://dev-123-admin.okta.com/oauth2/v1/userinfo
+            #jwk-set-uri: https://dev-123-admin.okta.com/oauth2/v1/keys

spring-security-modules/spring-security-oidc/src/test/java/com/baeldung/openid/oidc/discovery/SpringContextTest.java

@@ -0,0 +1,19 @@
+package com.baeldung.openid.oidc.discovery;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+
+import com.baeldung.openid.oidc.utils.YamlLoaderInitializer;
+
+//We'll ignore this test, as we don't want to depend on Google's OIDC-configuration endpoint to be available
+@Disabled
+@SpringBootTest(classes = SpringOidcDiscoveryApplication.class, properties = "custom.configyaml.file=discovery-application.yml")
+@ContextConfiguration(initializers = YamlLoaderInitializer.class)
+public class SpringContextTest {
+
+    @Test
+    public void whenSpringContextIsBootstrapped_thenNoExceptions() {
+    }
+}

spring-security-modules/spring-security-oidc/src/test/java/com/baeldung/openid/oidc/login/SpringContextTest.java

@@ -0,0 +1,16 @@
+package com.baeldung.openid.oidc.login;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+
+import com.baeldung.openid.oidc.utils.YamlLoaderInitializer;
+
+@SpringBootTest(classes = SpringOidcLoginApplication.class, properties = "custom.configyaml.file=login-application.yml")
+@ContextConfiguration(initializers = YamlLoaderInitializer.class)
+public class SpringContextTest {
+
+    @Test
+    public void whenSpringContextIsBootstrapped_thenNoExceptions() {
+    }
+}

spring-security-modules/spring-security-oidc/src/test/java/com/baeldung/openid/oidc/sessionmanagement/SpringContextTest.java

@@ -0,0 +1,19 @@
+package com.baeldung.openid.oidc.sessionmanagement;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+
+import com.baeldung.openid.oidc.utils.YamlLoaderInitializer;
+
+//We'll ignore this test, as we don't want to depend on the Okta instance OIDC-configuration endpoint to be available
+@Disabled
+@SpringBootTest(classes = SpringOidcSessionManagementApplication.class, properties = "custom.configyaml.file=sessionmanagement-application.yml")
+@ContextConfiguration(initializers = YamlLoaderInitializer.class)
+public class SpringContextTest {
+
+    @Test
+    public void whenSpringContextIsBootstrapped_thenNoExceptions() {
+    }
+}

spring-security-modules/spring-security-openid/README.md

@@ -1,24 +0,0 @@
-## Spring Security OpenID
-
-This module contains articles about OpenID with Spring Security
-
-### Relevant articles
-
-- [Spring Security and OpenID Connect](https://www.baeldung.com/spring-security-openid-connect)
-
-### OpenID Connect with Spring Security
-
-### Run the Project
-
-```
-mvn spring-boot:run
-```
-
-### Obtain Google App - Client ID, Secret
-
-- You need to get client id and client secret by creating a new project at [Google Developer Console](https://console.developers.google.com/project/_/apiui/credential?pli=1)
-- Make sure to add OAuth2 credentials by selecting Add credentials > OAuth 2.0 client ID
-- Make sure you set redirect URI to http://localhost:8081/google-login
-
-- Once you have your client id and secret, make sure you add them to the `application.properties` of the project
-

spring-security-modules/spring-security-openid/pom.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <artifactId>spring-security-openid</artifactId>
-    <name>spring-security-openid</name>
-    <packaging>war</packaging>
-    <description>Spring OpenID sample project</description>
-
-    <parent>
-        <groupId>com.baeldung</groupId>
-        <artifactId>parent-boot-2</artifactId>
-        <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../../parent-boot-2</relativePath>
-    </parent>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-tomcat</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
-            <version>${spring-security-oauth2.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-jwt</artifactId>
-            <version>${spring-security-jwt.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>com.auth0</groupId>
-            <artifactId>jwks-rsa</artifactId>
-            <version>${jwks-rsa.version}</version>
-        </dependency>
-    </dependencies>
-
-    <properties>
-        <spring-security-oauth2.version>2.2.1.RELEASE</spring-security-oauth2.version>
-        <spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
-        <jwks-rsa.version>0.3.0</jwks-rsa.version>
-    </properties>
-
-</project>

spring-security-modules/spring-security-openid/src/main/java/org/baeldung/config/GoogleOpenIdConnectConfig.java

@@ -1,51 +0,0 @@
-package org.baeldung.config;
-
-import java.util.Arrays;
-
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.oauth2.client.OAuth2ClientContext;
-import org.springframework.security.oauth2.client.OAuth2RestTemplate;
-import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
-import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
-
-@Configuration
-@EnableOAuth2Client
-public class GoogleOpenIdConnectConfig {
-    @Value("${google.clientId}")
-    private String clientId;
-
-    @Value("${google.clientSecret}")
-    private String clientSecret;
-
-    @Value("${google.accessTokenUri}")
-    private String accessTokenUri;
-
-    @Value("${google.userAuthorizationUri}")
-    private String userAuthorizationUri;
-
-    @Value("${google.redirectUri}")
-    private String redirectUri;
-
-    @Bean
-    public OAuth2ProtectedResourceDetails googleOpenId() {
-        final AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
-        details.setClientId(clientId);
-        details.setClientSecret(clientSecret);
-        details.setAccessTokenUri(accessTokenUri);
-        details.setUserAuthorizationUri(userAuthorizationUri);
-        details.setScope(Arrays.asList("openid", "email"));
-        details.setPreEstablishedRedirectUri(redirectUri);
-        details.setUseCurrentUri(false);
-        return details;
-    }
-
-    @Bean
-    public OAuth2RestTemplate googleOpenIdTemplate(final OAuth2ClientContext clientContext) {
-        final OAuth2RestTemplate template = new OAuth2RestTemplate(googleOpenId(), clientContext);
-        return template;
-    }
-
-}

spring-security-modules/spring-security-openid/src/main/java/org/baeldung/config/HomeController.java

@@ -1,22 +0,0 @@
-package org.baeldung.config;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-@Controller
-public class HomeController {
-    private final Logger logger = LoggerFactory.getLogger(getClass());
-
-    @RequestMapping("/")
-    @ResponseBody
-    public final String home() {
-        final String username = SecurityContextHolder.getContext().getAuthentication().getName();
-        logger.info(username);
-        return "Welcome, " + username;
-    }
-
-}

spring-security-modules/spring-security-openid/src/main/java/org/baeldung/config/SecurityConfig.java

@@ -1,49 +0,0 @@
-package org.baeldung.config;
-
-import org.baeldung.security.OpenIdConnectFilter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.oauth2.client.OAuth2RestTemplate;
-import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
-
-@Configuration
-@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-    @Autowired
-    private OAuth2RestTemplate restTemplate;
-
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/resources/**");
-    }
-
-    @Bean
-    public OpenIdConnectFilter myFilter() {
-        final OpenIdConnectFilter filter = new OpenIdConnectFilter("/google-login");
-        filter.setRestTemplate(restTemplate);
-        return filter;
-    }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        // @formatter:off
-        http
-        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
-        .addFilterAfter(myFilter(), OAuth2ClientContextFilter.class)
-        .httpBasic().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/google-login"))
-        .and()
-        .authorizeRequests()
-       // .antMatchers("/","/index*").permitAll()
-        .anyRequest().authenticated()
-        ;
-
-     // @formatter:on
-    }
-}

spring-security-modules/spring-security-openid/src/main/java/org/baeldung/config/SpringOpenidApplication.java

@@ -1,14 +0,0 @@
-package org.baeldung.config;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
-
-@SpringBootApplication
-public class SpringOpenidApplication extends SpringBootServletInitializer {
-
-    public static void main(String[] args) {
-        SpringApplication.run(SpringOpenidApplication.class, args);
-    }
-
-}

spring-security-modules/spring-security-openid/src/main/java/org/baeldung/security/OpenIdConnectFilter.java

@@ -1,103 +0,0 @@
-package org.baeldung.security;
-
-import java.io.IOException;
-import java.net.URL;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Date;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.jwt.Jwt;
-import org.springframework.security.jwt.JwtHelper;
-import org.springframework.security.jwt.crypto.sign.RsaVerifier;
-import org.springframework.security.oauth2.client.OAuth2RestOperations;
-import org.springframework.security.oauth2.client.OAuth2RestTemplate;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
-import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
-
-import com.auth0.jwk.Jwk;
-import com.auth0.jwk.JwkProvider;
-import com.auth0.jwk.UrlJwkProvider;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-public class OpenIdConnectFilter extends AbstractAuthenticationProcessingFilter {
-    @Value("${google.clientId}")
-    private String clientId;
-
-    @Value("${google.issuer}")
-    private String issuer;
-
-    @Value("${google.jwkUrl}")
-    private String jwkUrl;
-
-    public OAuth2RestOperations restTemplate;
-
-    public OpenIdConnectFilter(String defaultFilterProcessesUrl) {
-        super(defaultFilterProcessesUrl);
-        setAuthenticationManager(new NoopAuthenticationManager());
-    }
-
-    @Override
-    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
-
-        OAuth2AccessToken accessToken;
-        try {
-            accessToken = restTemplate.getAccessToken();
-        } catch (final OAuth2Exception e) {
-            throw new BadCredentialsException("Could not obtain access token", e);
-        }
-        try {
-            final String idToken = accessToken.getAdditionalInformation().get("id_token").toString();
-            String kid = JwtHelper.headers(idToken)
-                .get("kid");
-            final Jwt tokenDecoded = JwtHelper.decodeAndVerify(idToken, verifier(kid));
-            final Map<String, String> authInfo = new ObjectMapper().readValue(tokenDecoded.getClaims(), Map.class);
-            verifyClaims(authInfo);
-            final OpenIdConnectUserDetails user = new OpenIdConnectUserDetails(authInfo, accessToken);
-            return new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
-        } catch (final Exception e) {
-            throw new BadCredentialsException("Could not obtain user details from token", e);
-        }
-
-    }
-
-    public void verifyClaims(Map claims) {
-        int exp = (int) claims.get("exp");
-        Date expireDate = new Date(exp * 1000L);
-        Date now = new Date();
-        if (expireDate.before(now) || !claims.get("iss").equals(issuer) || !claims.get("aud").equals(clientId)) {
-            throw new RuntimeException("Invalid claims");
-        }
-    }
-
-
-    private RsaVerifier verifier(String kid) throws Exception {
-        JwkProvider provider = new UrlJwkProvider(new URL(jwkUrl));
-        Jwk jwk = provider.get(kid);
-        return new RsaVerifier((RSAPublicKey) jwk.getPublicKey());
-    }
-
-    public void setRestTemplate(OAuth2RestTemplate restTemplate2) {
-        restTemplate = restTemplate2;
-
-    }
-
-    private static class NoopAuthenticationManager implements AuthenticationManager {
-
-        @Override
-        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-            throw new UnsupportedOperationException("No authentication should be done with this AuthenticationManager");
-        }
-
-    }
-}

spring-security-modules/spring-security-openid/src/main/java/org/baeldung/security/OpenIdConnectUserDetails.java

@@ -1,81 +0,0 @@
-package org.baeldung.security;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Map;
-
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
-
-public class OpenIdConnectUserDetails implements UserDetails {
-
-    private static final long serialVersionUID = 1L;
-
-    private String userId;
-    private String username;
-    private OAuth2AccessToken token;
-
-    public OpenIdConnectUserDetails(Map<String, String> userInfo, OAuth2AccessToken token) {
-        this.userId = userInfo.get("sub");
-        this.username = userInfo.get("email");
-        this.token = token;
-    }
-
-    @Override
-    public String getUsername() {
-        return username;
-    }
-
-    @Override
-    public Collection<? extends GrantedAuthority> getAuthorities() {
-        return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
-    }
-
-    public String getUserId() {
-        return userId;
-    }
-
-    public void setUserId(String userId) {
-        this.userId = userId;
-    }
-
-    public OAuth2AccessToken getToken() {
-        return token;
-    }
-
-    public void setToken(OAuth2AccessToken token) {
-        this.token = token;
-    }
-
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    @Override
-    public String getPassword() {
-        return null;
-    }
-
-    @Override
-    public boolean isAccountNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isAccountNonLocked() {
-        return true;
-    }
-
-    @Override
-    public boolean isCredentialsNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isEnabled() {
-        return true;
-    }
-
-}

spring-security-modules/spring-security-openid/src/main/resources/application.properties

@@ -1,8 +0,0 @@
-server.port=8081
-google.clientId=TODO
-google.clientSecret=TODO
-google.accessTokenUri=https://www.googleapis.com/oauth2/v3/token
-google.userAuthorizationUri=https://accounts.google.com/o/oauth2/auth
-google.redirectUri=http://localhost:8081/google-login
-google.issuer=accounts.google.com
-google.jwkUrl=https://www.googleapis.com/oauth2/v2/certs

spring-security-modules/spring-security-openid/src/main/resources/logback.xml

@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-        <encoder>
-            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
-            </pattern>
-        </encoder>
-    </appender>
-
-    <root level="INFO">
-        <appender-ref ref="STDOUT" />
-    </root>
-</configuration>

spring-security-modules/spring-security-openid/src/test/java/org/baeldung/SpringContextTest.java

@@ -1,16 +0,0 @@
-package org.baeldung;
-
-import org.baeldung.config.SpringOpenidApplication;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.junit4.SpringRunner;
-
-@RunWith(SpringRunner.class)
-@SpringBootTest(classes = SpringOpenidApplication.class)
-public class SpringContextTest {
-
-    @Test
-    public void whenSpringContextIsBootstrapped_thenNoExceptions() {
-    }
-}