commit
3a57c59960
|
@ -0,0 +1,73 @@
|
||||||
|
issuer:
|
||||||
|
uri: http://localhost:8080/uaa
|
||||||
|
|
||||||
|
spring_profiles: postgresql,default
|
||||||
|
|
||||||
|
database.driverClassName: org.postgresql.Driver
|
||||||
|
database.url: jdbc:postgresql:uaadb2
|
||||||
|
database.username: postgres
|
||||||
|
database.password: postgres
|
||||||
|
|
||||||
|
encryption:
|
||||||
|
active_key_label: CHANGE-THIS-KEY
|
||||||
|
encryption_keys:
|
||||||
|
- label: CHANGE-THIS-KEY
|
||||||
|
passphrase: CHANGEME
|
||||||
|
|
||||||
|
login:
|
||||||
|
serviceProviderKey: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
|
||||||
|
L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
|
||||||
|
fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
|
||||||
|
AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
|
||||||
|
7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
|
||||||
|
lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
|
||||||
|
ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
|
||||||
|
kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
|
||||||
|
gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
|
||||||
|
vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
|
||||||
|
A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
|
||||||
|
N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
|
||||||
|
qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
serviceProviderKeyPassword: password
|
||||||
|
serviceProviderCertificate: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
|
||||||
|
MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
|
||||||
|
MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
|
||||||
|
cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
|
||||||
|
CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
|
||||||
|
BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
|
||||||
|
BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
||||||
|
ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
|
||||||
|
qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
|
||||||
|
znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
|
||||||
|
MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
|
||||||
|
gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
|
||||||
|
VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
|
||||||
|
VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
|
||||||
|
QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
|
||||||
|
0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
|
||||||
|
KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
|
||||||
|
RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
#The secret that an external login server will use to authenticate to the uaa using the id `login`
|
||||||
|
LOGIN_SECRET: loginsecret
|
||||||
|
|
||||||
|
jwt:
|
||||||
|
token:
|
||||||
|
signing-key: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEAqUeygEfDGxI6c1VDQ6xIyUSLrP6iz1y97iHFbtXSxXaArL4a
|
||||||
|
...
|
||||||
|
v6Mtt5LcRAAVP7pemunTdju4h8Q/noKYlVDVL30uLYUfKBL4UKfOBw==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
verification-key: |
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUeygEfDGxI6c1VDQ6xI
|
||||||
|
...
|
||||||
|
AwIDAQAB
|
||||||
|
-----END PUBLIC KEY-----
|
|
@ -0,0 +1,43 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-parent</artifactId>
|
||||||
|
<version>2.1.3.RELEASE</version>
|
||||||
|
<relativePath/> <!-- lookup parent from repository -->
|
||||||
|
</parent>
|
||||||
|
<groupId>com.example</groupId>
|
||||||
|
<artifactId>cf-uaa-oauth2-client</artifactId>
|
||||||
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
|
<name>uaa-client-webapp</name>
|
||||||
|
<description>Demo project for Spring Boot</description>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<java.version>1.8</java.version>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-web</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-oauth2-client</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,13 @@
|
||||||
|
package com.baeldung.cfuaa.oauth2.client;
|
||||||
|
|
||||||
|
import org.springframework.boot.SpringApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
|
||||||
|
@SpringBootApplication
|
||||||
|
public class CFUAAOAuth2ClientApplication {
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(CFUAAOAuth2ClientApplication.class, args);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,80 @@
|
||||||
|
package com.baeldung.cfuaa.oauth2.client;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.http.HttpEntity;
|
||||||
|
import org.springframework.http.HttpHeaders;
|
||||||
|
import org.springframework.http.HttpMethod;
|
||||||
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||||
|
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||||
|
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||||
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
import org.springframework.web.client.HttpClientErrorException;
|
||||||
|
import org.springframework.web.client.RestTemplate;
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
public class CFUAAOAuth2ClientController {
|
||||||
|
|
||||||
|
@Value("${resource.server.url}")
|
||||||
|
private String remoteResourceServer;
|
||||||
|
|
||||||
|
private RestTemplate restTemplate;
|
||||||
|
|
||||||
|
private OAuth2AuthorizedClientService authorizedClientService;
|
||||||
|
|
||||||
|
public CFUAAOAuth2ClientController(OAuth2AuthorizedClientService authorizedClientService) {
|
||||||
|
this.authorizedClientService = authorizedClientService;
|
||||||
|
this.restTemplate = new RestTemplate();
|
||||||
|
}
|
||||||
|
|
||||||
|
@RequestMapping("/")
|
||||||
|
public String index(OAuth2AuthenticationToken authenticationToken) {
|
||||||
|
OAuth2AuthorizedClient oAuth2AuthorizedClient = this.authorizedClientService.loadAuthorizedClient(authenticationToken.getAuthorizedClientRegistrationId(), authenticationToken.getName());
|
||||||
|
OAuth2AccessToken oAuth2AccessToken = oAuth2AuthorizedClient.getAccessToken();
|
||||||
|
|
||||||
|
String response = "Hello, " + authenticationToken.getPrincipal().getName();
|
||||||
|
response += "</br></br>";
|
||||||
|
response += "Here is your accees token :</br>" + oAuth2AccessToken.getTokenValue();
|
||||||
|
response += "</br>";
|
||||||
|
response += "</br>You can use it to call these Resource Server APIs:";
|
||||||
|
response += "</br></br>";
|
||||||
|
response += "<a href='/read'>Call Resource Server Read API</a>";
|
||||||
|
response += "</br>";
|
||||||
|
response += "<a href='/write'>Call Resource Server Write API</a>";
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
|
@RequestMapping("/read")
|
||||||
|
public String read(OAuth2AuthenticationToken authenticationToken) {
|
||||||
|
String url = remoteResourceServer + "/read";
|
||||||
|
return callResourceServer(authenticationToken, url);
|
||||||
|
}
|
||||||
|
|
||||||
|
@RequestMapping("/write")
|
||||||
|
public String write(OAuth2AuthenticationToken authenticationToken) {
|
||||||
|
String url = remoteResourceServer + "/write";
|
||||||
|
return callResourceServer(authenticationToken, url);
|
||||||
|
}
|
||||||
|
|
||||||
|
private String callResourceServer(OAuth2AuthenticationToken authenticationToken, String url) {
|
||||||
|
OAuth2AuthorizedClient oAuth2AuthorizedClient = this.authorizedClientService.loadAuthorizedClient(authenticationToken.getAuthorizedClientRegistrationId(), authenticationToken.getName());
|
||||||
|
OAuth2AccessToken oAuth2AccessToken = oAuth2AuthorizedClient.getAccessToken();
|
||||||
|
|
||||||
|
HttpHeaders headers = new HttpHeaders();
|
||||||
|
headers.add("Authorization", "Bearer " + oAuth2AccessToken.getTokenValue());
|
||||||
|
|
||||||
|
HttpEntity<String> entity = new HttpEntity<>("parameters", headers);
|
||||||
|
ResponseEntity<String> responseEntity = null;
|
||||||
|
|
||||||
|
String response = null;
|
||||||
|
try {
|
||||||
|
responseEntity = restTemplate.exchange(url, HttpMethod.GET, entity, String.class);
|
||||||
|
response = responseEntity.getBody();
|
||||||
|
} catch (HttpClientErrorException e) {
|
||||||
|
response = e.getMessage();
|
||||||
|
}
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
|
||||||
|
#spring.security.oauth2.client.provider.*= # OAuth provider details.
|
||||||
|
#spring.security.oauth2.client.registration.*= # OAuth client registrations.
|
||||||
|
|
||||||
|
server.port=8081
|
||||||
|
#server.servlet.context-path=/uaa-client-webapp
|
||||||
|
|
||||||
|
uaa.url=http://localhost:8080/uaa
|
||||||
|
resource.server.url=http://localhost:8082
|
||||||
|
|
||||||
|
spring.security.oauth2.client.registration.uaa.client-name=UAA OAuth2 Client
|
||||||
|
spring.security.oauth2.client.registration.uaa.client-id=client1
|
||||||
|
spring.security.oauth2.client.registration.uaa.client-secret=client1
|
||||||
|
spring.security.oauth2.client.registration.uaa.authorization-grant-type=authorization_code
|
||||||
|
spring.security.oauth2.client.registration.uaa.scope=resource.read,resource.write,openid,profile
|
||||||
|
spring.security.oauth2.client.registration.uaa.redirect-uri=http://localhost:8081/login/oauth2/code/uaa
|
||||||
|
#spring.security.oauth2.client.registration.uaa.redirect-uri=http://localhost:8081/**
|
||||||
|
|
||||||
|
spring.security.oauth2.client.provider.uaa.token-uri=${uaa.url}/oauth/token
|
||||||
|
spring.security.oauth2.client.provider.uaa.authorization-uri=${uaa.url}/oauth/authorize
|
||||||
|
spring.security.oauth2.client.provider.uaa.jwk-set-uri=${uaa.url}/token_keys
|
||||||
|
spring.security.oauth2.client.provider.uaa.user-info-uri=${uaa.url}/userinfo
|
||||||
|
spring.security.oauth2.client.provider.uaa.user-name-attribute=user_name
|
|
@ -0,0 +1 @@
|
||||||
|
tintin
|
|
@ -0,0 +1,43 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-parent</artifactId>
|
||||||
|
<version>2.1.3.RELEASE</version>
|
||||||
|
<relativePath/> <!-- lookup parent from repository -->
|
||||||
|
</parent>
|
||||||
|
<groupId>com.baeldung.cfuaa</groupId>
|
||||||
|
<artifactId>cf-uaa-oauth2-resource-server</artifactId>
|
||||||
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
|
<name>cf-uaa-oauth2-resource-server</name>
|
||||||
|
<description>Demo project for Spring Boot</description>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<java.version>1.8</java.version>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-web</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,13 @@
|
||||||
|
package com.baeldung.cfuaa.oauth2.resourceserver;
|
||||||
|
|
||||||
|
import org.springframework.boot.SpringApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
|
||||||
|
@SpringBootApplication
|
||||||
|
public class CFUAAOAuth2ResourceServerApplication {
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(CFUAAOAuth2ResourceServerApplication.class, args);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
package com.baeldung.cfuaa.oauth2.resourceserver;
|
||||||
|
|
||||||
|
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||||
|
import org.springframework.security.oauth2.jwt.Jwt;
|
||||||
|
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import java.security.Principal;
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
public class CFUAAOAuth2ResourceServerRestController {
|
||||||
|
|
||||||
|
@GetMapping("/")
|
||||||
|
public String index(@AuthenticationPrincipal Jwt jwt) {
|
||||||
|
return String.format("Hello, %s!", jwt.getSubject());
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/read")
|
||||||
|
public String read(JwtAuthenticationToken jwtAuthenticationToken) {
|
||||||
|
return "Hello write: " + jwtAuthenticationToken.getTokenAttributes();
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/write")
|
||||||
|
public String write(Principal principal) {
|
||||||
|
return "Hello write: " + principal.getName();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,21 @@
|
||||||
|
package com.baeldung.cfuaa.oauth2.resourceserver;
|
||||||
|
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class CFUAAOAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.authorizeRequests()
|
||||||
|
.antMatchers("/read/**").hasAuthority("SCOPE_resource.read")
|
||||||
|
.antMatchers("/write/**").hasAuthority("SCOPE_resource.write")
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
.and()
|
||||||
|
.oauth2ResourceServer()
|
||||||
|
.jwt();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
server.port=8082
|
||||||
|
|
||||||
|
uaa.url=http://localhost:8080/uaa
|
||||||
|
|
||||||
|
#approch1
|
||||||
|
spring.security.oauth2.resourceserver.jwt.issuer-uri=${uaa.url}/oauth/token
|
||||||
|
|
||||||
|
#approch2
|
||||||
|
#spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${uaa.url}/token_key
|
||||||
|
|
||||||
|
# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
|
||||||
|
#security.oauth2.client.client-id=client1
|
||||||
|
#security.oauth2.client.client-secret=client1
|
||||||
|
|
||||||
|
#security.oauth2.resource.jwt.key-uri=${uaa.url}/token_key
|
||||||
|
#security.oauth2.resource.token-info-uri=${uaa.url}/oauth/check_token
|
Loading…
Reference in New Issue