From 3687b7bc643799f8221bf703a5168c7af36e389a Mon Sep 17 00:00:00 2001
From: andresluzu <andresluzu@gmail.com>
Date: Fri, 4 Mar 2022 21:25:02 -0500
Subject: [PATCH] BAEL-5335: Introduction to OAuth2RestTemplate (#11849)

---
 .../oauth2resttemplate/AppController.java     | 32 ++++++++
 .../oauth2resttemplate/GithubRepo.java        | 22 ++++++
 .../oauth2resttemplate/SecurityConfig.java    | 73 +++++++++++++++++++
 ...SpringSecurityOauth2ClientApplication.java | 15 ++++
 ...pplication-oauth2-rest-template.properties |  9 +++
 .../templates/oauth2resttemplate/error.html   |  9 +++
 .../templates/oauth2resttemplate/home.html    | 18 +++++
 .../templates/oauth2resttemplate/index.html   | 16 ++++
 .../oauth2resttemplate/repositories.html      | 14 ++++
 9 files changed, 208 insertions(+)
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/AppController.java
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/GithubRepo.java
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SpringSecurityOauth2ClientApplication.java
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/resources/application-oauth2-rest-template.properties
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/error.html
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/home.html
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/index.html
 create mode 100644 spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/repositories.html

diff --git a/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/AppController.java b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/AppController.java
new file mode 100644
index 0000000000..3c3efd950f
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/AppController.java
@@ -0,0 +1,32 @@
+package com.baeldung.oauth2resttemplate;
+
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import java.security.Principal;
+import java.util.Collection;
+
+@Controller
+public class AppController {
+
+    OAuth2RestTemplate restTemplate;
+
+    public AppController(OAuth2RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    @GetMapping("/home")
+    public String welcome(Model model, Principal principal) {
+        model.addAttribute("name", principal.getName());
+        return "home";
+    }
+
+    @GetMapping("/repos")
+    public String repos(Model model) {
+        Collection<GithubRepo> repos = restTemplate.getForObject("https://api.github.com/user/repos", Collection.class);
+        model.addAttribute("repos", repos);
+        return "repositories";
+    }
+}
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/GithubRepo.java b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/GithubRepo.java
new file mode 100644
index 0000000000..48cc05c1de
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/GithubRepo.java
@@ -0,0 +1,22 @@
+package com.baeldung.oauth2resttemplate;
+
+public class GithubRepo {
+    Long id;
+    String name;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+}
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java
new file mode 100644
index 0000000000..fa274d1c9b
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java
@@ -0,0 +1,73 @@
+package com.baeldung.oauth2resttemplate;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+import javax.servlet.Filter;
+
+@Configuration
+@EnableOAuth2Client
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    OAuth2ClientContext oauth2ClientContext;
+
+    public SecurityConfig(OAuth2ClientContext oauth2ClientContext) {
+        this.oauth2ClientContext = oauth2ClientContext;
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests().antMatchers("/", "/login**", "/error**")
+          .permitAll().anyRequest().authenticated()
+          .and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
+          .and().addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class);
+    }
+
+    @Bean
+    public FilterRegistrationBean<OAuth2ClientContextFilter> oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
+        FilterRegistrationBean<OAuth2ClientContextFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(filter);
+        registration.setOrder(Ordered.HIGHEST_PRECEDENCE + 1);
+        return registration;
+    }
+
+    @Bean
+    public OAuth2RestTemplate restTemplate() {
+        return new OAuth2RestTemplate(githubClient(), oauth2ClientContext);
+    }
+
+    @Bean
+    @ConfigurationProperties("github.client")
+    public AuthorizationCodeResourceDetails githubClient() {
+        return new AuthorizationCodeResourceDetails();
+    }
+
+    private Filter oauth2ClientFilter() {
+        OAuth2ClientAuthenticationProcessingFilter oauth2ClientFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/github");
+        OAuth2RestTemplate restTemplate = restTemplate();
+        oauth2ClientFilter.setRestTemplate(restTemplate);
+        UserInfoTokenServices tokenServices = new UserInfoTokenServices(githubResource().getUserInfoUri(), githubClient().getClientId());
+        tokenServices.setRestTemplate(restTemplate);
+        oauth2ClientFilter.setTokenServices(tokenServices);
+        return oauth2ClientFilter;
+    }
+
+    @Bean
+    @ConfigurationProperties("github.resource")
+    public ResourceServerProperties githubResource() {
+        return new ResourceServerProperties();
+    }
+}
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SpringSecurityOauth2ClientApplication.java b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SpringSecurityOauth2ClientApplication.java
new file mode 100644
index 0000000000..846169e5bf
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/java/com/baeldung/oauth2resttemplate/SpringSecurityOauth2ClientApplication.java
@@ -0,0 +1,15 @@
+package com.baeldung.oauth2resttemplate;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+
+@SpringBootApplication
+@PropertySource("classpath:application-oauth2-rest-template.properties")
+public class SpringSecurityOauth2ClientApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringSecurityOauth2ClientApplication.class, args);
+    }
+
+}
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/resources/application-oauth2-rest-template.properties b/spring-security-modules/spring-5-security-oauth/src/main/resources/application-oauth2-rest-template.properties
new file mode 100644
index 0000000000..15d34b76be
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/resources/application-oauth2-rest-template.properties
@@ -0,0 +1,9 @@
+github.client.clientId=[CLIENT_ID]
+github.client.clientSecret=[CLIENT_SECRET]
+github.client.userAuthorizationUri=https://github.com/login/oauth/authorize
+github.client.accessTokenUri=https://github.com/login/oauth/access_token
+github.client.clientAuthenticationScheme=form
+
+github.resource.userInfoUri=https://api.github.com/user
+
+spring.thymeleaf.prefix=classpath:/templates/oauth2resttemplate/
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/error.html b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/error.html
new file mode 100644
index 0000000000..45bcddf654
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/error.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>Error</title>
+</head>
+<body>
+    <p>An error occurred.</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/home.html b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/home.html
new file mode 100644
index 0000000000..3eba3615d6
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/home.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Home</title>
+</head>
+<body>
+    <p>
+        Welcome <b th:inline="text"> [[${name}]] </b>
+    </p>
+    <h3>
+        <a href="/repos">View Repositories</a><br/><br/>
+    </h3>
+
+    <form th:action="@{/logout}" method="POST">
+        <input type="submit" value="Logout"/>
+    </form>
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/index.html b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/index.html
new file mode 100644
index 0000000000..4db3b78d23
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/index.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>OAuth2Client</title>
+</head>
+<body>
+<h3>
+    <a href="/home" th:href="@{/home}" th:if="${#httpServletRequest?.remoteUser != undefined }">
+        Go to Home
+    </a>
+    <a href="/login/github" th:href="@{/login/github}" th:if="${#httpServletRequest?.remoteUser == undefined }">
+        GitHub Login
+    </a>
+</h3>
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/repositories.html b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/repositories.html
new file mode 100644
index 0000000000..1eabf2270f
--- /dev/null
+++ b/spring-security-modules/spring-5-security-oauth/src/main/resources/templates/oauth2resttemplate/repositories.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Repositories</title>
+</head>
+<body>
+    <p>
+        <h2>Repos</h2>
+    </p>
+    <ul th:each="repo: ${repos}">
+        <li th:text="${repo.name}"></li>
+    </ul>
+</body>
+</html>
\ No newline at end of file