Merge pull request #6470 from eelhazati/master

CF UAA intro

cloud-foundry-uaa/cf-uaa-config/uaa.yml

@@ -0,0 +1,73 @@
+issuer:
+  uri: http://localhost:8080/uaa
+
+spring_profiles: postgresql,default  
+  
+database.driverClassName: org.postgresql.Driver
+database.url: jdbc:postgresql:uaadb2
+database.username: postgres
+database.password: postgres  
+  
+encryption:
+  active_key_label: CHANGE-THIS-KEY
+  encryption_keys:
+    - label: CHANGE-THIS-KEY
+      passphrase: CHANGEME
+
+login:
+  serviceProviderKey: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
+    L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
+    fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
+    AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
+    7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
+    lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
+    ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
+    kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
+    gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
+    vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
+    A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
+    N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
+    qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
+    -----END RSA PRIVATE KEY-----
+  serviceProviderKeyPassword: password
+  serviceProviderCertificate: |
+    -----BEGIN CERTIFICATE-----
+    MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
+    MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
+    MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
+    cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
+    CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
+    BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
+    BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+    ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
+    qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
+    znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
+    MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
+    gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
+    VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
+    VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
+    QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
+    0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
+    KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
+    RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
+    -----END CERTIFICATE-----
+
+#The secret that an external login server will use to authenticate to the uaa using the id `login`
+LOGIN_SECRET: loginsecret
+
+jwt:
+  token:
+    signing-key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEpAIBAAKCAQEAqUeygEfDGxI6c1VDQ6xIyUSLrP6iz1y97iHFbtXSxXaArL4a
+      ...
+      v6Mtt5LcRAAVP7pemunTdju4h8Q/noKYlVDVL30uLYUfKBL4UKfOBw==
+      -----END RSA PRIVATE KEY-----
+    verification-key: |
+      -----BEGIN PUBLIC KEY-----
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUeygEfDGxI6c1VDQ6xI
+      ...
+      AwIDAQAB
+      -----END PUBLIC KEY-----

cloud-foundry-uaa/cf-uaa-oauth2-client/pom.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.3.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>com.example</groupId>
+    <artifactId>cf-uaa-oauth2-client</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>uaa-client-webapp</name>
+    <description>Demo project for Spring Boot</description>
+
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientApplication.java

@@ -0,0 +1,13 @@
+package com.baeldung.cfuaa.oauth2.client;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CFUAAOAuth2ClientApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(CFUAAOAuth2ClientApplication.class, args);
+	}
+
+}

cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientController.java

@@ -0,0 +1,80 @@
+package com.baeldung.cfuaa.oauth2.client;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+
+@RestController
+public class CFUAAOAuth2ClientController {
+
+    @Value("${resource.server.url}")
+    private String remoteResourceServer;
+
+    private RestTemplate restTemplate;
+
+    private OAuth2AuthorizedClientService authorizedClientService;
+
+    public CFUAAOAuth2ClientController(OAuth2AuthorizedClientService authorizedClientService) {
+        this.authorizedClientService = authorizedClientService;
+        this.restTemplate = new RestTemplate();
+    }
+
+    @RequestMapping("/")
+    public String index(OAuth2AuthenticationToken authenticationToken) {
+        OAuth2AuthorizedClient oAuth2AuthorizedClient = this.authorizedClientService.loadAuthorizedClient(authenticationToken.getAuthorizedClientRegistrationId(), authenticationToken.getName());
+        OAuth2AccessToken oAuth2AccessToken = oAuth2AuthorizedClient.getAccessToken();
+
+        String response = "Hello, " + authenticationToken.getPrincipal().getName();
+        response += "</br></br>";
+        response += "Here is your accees token :</br>" + oAuth2AccessToken.getTokenValue();
+        response += "</br>";
+        response += "</br>You can use it to call these Resource Server APIs:";
+        response += "</br></br>";
+        response += "<a href='/read'>Call Resource Server Read API</a>";
+        response += "</br>";
+        response += "<a href='/write'>Call Resource Server Write API</a>";
+        return response;
+    }
+
+    @RequestMapping("/read")
+    public String read(OAuth2AuthenticationToken authenticationToken) {
+        String url = remoteResourceServer + "/read";
+        return callResourceServer(authenticationToken, url);
+    }
+
+    @RequestMapping("/write")
+    public String write(OAuth2AuthenticationToken authenticationToken) {
+        String url = remoteResourceServer + "/write";
+        return callResourceServer(authenticationToken, url);
+    }
+
+    private String callResourceServer(OAuth2AuthenticationToken authenticationToken, String url) {
+        OAuth2AuthorizedClient oAuth2AuthorizedClient = this.authorizedClientService.loadAuthorizedClient(authenticationToken.getAuthorizedClientRegistrationId(), authenticationToken.getName());
+        OAuth2AccessToken oAuth2AccessToken = oAuth2AuthorizedClient.getAccessToken();
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.add("Authorization", "Bearer " + oAuth2AccessToken.getTokenValue());
+
+        HttpEntity<String> entity = new HttpEntity<>("parameters", headers);
+        ResponseEntity<String> responseEntity = null;
+
+        String response = null;
+        try {
+            responseEntity = restTemplate.exchange(url, HttpMethod.GET, entity, String.class);
+            response = responseEntity.getBody();
+        } catch (HttpClientErrorException e) {
+            response = e.getMessage();
+        }
+        return response;
+    }
+}

cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/application.properties

@@ -0,0 +1,23 @@
+# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
+#spring.security.oauth2.client.provider.*= # OAuth provider details.
+#spring.security.oauth2.client.registration.*= # OAuth client registrations.
+
+server.port=8081
+#server.servlet.context-path=/uaa-client-webapp
+
+uaa.url=http://localhost:8080/uaa
+resource.server.url=http://localhost:8082
+
+spring.security.oauth2.client.registration.uaa.client-name=UAA OAuth2 Client
+spring.security.oauth2.client.registration.uaa.client-id=client1
+spring.security.oauth2.client.registration.uaa.client-secret=client1
+spring.security.oauth2.client.registration.uaa.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.uaa.scope=resource.read,resource.write,openid,profile
+spring.security.oauth2.client.registration.uaa.redirect-uri=http://localhost:8081/login/oauth2/code/uaa
+#spring.security.oauth2.client.registration.uaa.redirect-uri=http://localhost:8081/**
+
+spring.security.oauth2.client.provider.uaa.token-uri=${uaa.url}/oauth/token
+spring.security.oauth2.client.provider.uaa.authorization-uri=${uaa.url}/oauth/authorize
+spring.security.oauth2.client.provider.uaa.jwk-set-uri=${uaa.url}/token_keys
+spring.security.oauth2.client.provider.uaa.user-info-uri=${uaa.url}/userinfo
+spring.security.oauth2.client.provider.uaa.user-name-attribute=user_name

cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/templates/index.html

@@ -0,0 +1 @@
+tintin

cloud-foundry-uaa/cf-uaa-oauth2-resource-server/pom.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.3.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>com.baeldung.cfuaa</groupId>
+    <artifactId>cf-uaa-oauth2-resource-server</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>cf-uaa-oauth2-resource-server</name>
+    <description>Demo project for Spring Boot</description>
+
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerApplication.java

@@ -0,0 +1,13 @@
+package com.baeldung.cfuaa.oauth2.resourceserver;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CFUAAOAuth2ResourceServerApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(CFUAAOAuth2ResourceServerApplication.class, args);
+	}
+
+}

cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerRestController.java

@@ -0,0 +1,28 @@
+package com.baeldung.cfuaa.oauth2.resourceserver;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@RestController
+public class CFUAAOAuth2ResourceServerRestController {
+
+    @GetMapping("/")
+    public String index(@AuthenticationPrincipal Jwt jwt) {
+        return String.format("Hello, %s!", jwt.getSubject());
+    }
+
+    @GetMapping("/read")
+    public String read(JwtAuthenticationToken jwtAuthenticationToken) {
+        return "Hello write: " + jwtAuthenticationToken.getTokenAttributes();
+    }
+
+    @GetMapping("/write")
+    public String write(Principal principal) {
+        return "Hello write: " + principal.getName();
+    }
+}

cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerSecurityConfiguration.java

@@ -0,0 +1,21 @@
+package com.baeldung.cfuaa.oauth2.resourceserver;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+public class CFUAAOAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests()
+                .antMatchers("/read/**").hasAuthority("SCOPE_resource.read")
+                .antMatchers("/write/**").hasAuthority("SCOPE_resource.write")
+                .anyRequest().authenticated()
+				.and()
+			.oauth2ResourceServer()
+				.jwt();
+	}
+}

cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/resources/application.properties

@@ -0,0 +1,16 @@
+server.port=8082
+
+uaa.url=http://localhost:8080/uaa
+
+#approch1
+spring.security.oauth2.resourceserver.jwt.issuer-uri=${uaa.url}/oauth/token
+
+#approch2
+#spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${uaa.url}/token_key
+
+# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
+#security.oauth2.client.client-id=client1
+#security.oauth2.client.client-secret=client1
+
+#security.oauth2.resource.jwt.key-uri=${uaa.url}/token_key
+#security.oauth2.resource.token-info-uri=${uaa.url}/oauth/check_token