iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bael 5260 (#11712) 

* [BAEL-4849] Article code

* [BAEL-4968] Article code

* [BAEL-4968] Article code

* [BAEL-4968] Article code

* [BAEL-4968] Remove extra comments

* WIP:Update to latest Boot

* WIP: Backend App

* WIP: resource server

* WIP: Change endpoint path

* WIP: Add Postman sample

* WIP: Add keycloak baeldung realm

* WIP: Change lombok scope

* WIP: Remove lombok dependency

* [BEAL-5260] README-OAuth
This commit is contained in:
psevestre 2022-01-23 00:32:51 -03:00 committed by GitHub
parent db396b39a9
commit 7dde535340
13 changed files with 2771 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
spring-cloud/spring-cloud-gateway/README-OAuth.md Normal file
View File

@ -0,0 +1,40 @@
# OAuth Test Setup
In order to test the OAuth-secured gateway configurations, please follow the steps below
## Keycloak setup
1. Clone or download the https://github.com/Baeldung/spring-security-oauth project
2. Replace the file `oauth-rest/oauth-authorization-server/src/main/resources/baeldung-realm.json`
with the one provider here
3. Go to the oauth-rest/oauth-authorization-server folder and use maven to build the project
4. Run the Keycloack service with `mvn spring-boot:run`
5. Once Keycloak is up and running, go to `http://localhost:8083/auth/admin/master/console/#/realms/baeldung` and
log in with using `bael-admin/pass` as credentials
6. Create two test users, so that one belongs to the *Golden Customers* group and the other doesn't.
## Quotes backend
Use the provided maven profile:
```
$ mvn spring-boot:run -Pquotes-application
```
## Gateway as Resource Server
Use the provided maven profile:
```
$ mvn spring-boot:run -Pgateway-as-resource-server
```
## Gateway as OAuth 2.0 Client
Use the provided maven profile:
```
$ mvn spring-boot:run -Pgateway-as-oauth-client
```

2186
spring-cloud/spring-cloud-gateway/baeldung-realm.json Normal file
View File

File diff suppressed because it is too large Load Diff

82
spring-cloud/spring-cloud-gateway/pom.xml
View File

@ -83,23 +83,99 @@
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId> <artifactId>spring-boot-devtools</artifactId>
</dependency> </dependency>
<!-- Spring security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>
<plugins> <plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>${java.version}</source>
<target>${java.version}</target>
</configuration>
</plugin>
<plugin> <plugin>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId> <artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin> </plugin>
</plugins> </plugins>
</build> </build>
<properties> <properties>
<spring-cloud-dependencies.version>Hoxton.SR3</spring-cloud-dependencies.version> <!-- <spring-cloud-dependencies.version>Hoxton.SR3</spring-cloud-dependencies.version> -->
<spring-boot.version>2.2.6.RELEASE</spring-boot.version> <!-- <spring-boot.version>2.2.6.RELEASE</spring-boot.version> -->
<hibernate-validator.version>6.0.2.Final</hibernate-validator.version> <hibernate-validator.version>6.0.2.Final</hibernate-validator.version>
<redis.version>0.7.2</redis.version> <redis.version>0.7.2</redis.version>
<junit-bom.version>5.5.2</junit-bom.version> <oauth2-oidc-sdk.version>9.19</oauth2-oidc-sdk.version>
<!-- <junit-bom.version>5.5.2</junit-bom.version> -->
</properties> </properties>
<profiles>
<profile>
<id>quotes-application</id>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.baeldung.springcloudgateway.oauth.backend.QuotesApplication</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>gateway-as-resource-server</id>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.baeldung.springcloudgateway.oauth.server.ResourceServerGatewayApplication</mainClass>
<jvmArguments>-Dspring.profiles.active=resource-server</jvmArguments>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>gateway-as-oauth-client</id>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.baeldung.springcloudgateway.oauth.server.ResourceServerGatewayApplication</mainClass>
<jvmArguments>-Dspring.profiles.active=oauth-client</jvmArguments>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project> </project>

23
spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/custompredicates/config/CustomPredicatesConfig.java
View File

@ -1,6 +1,5 @@
package com.baeldung.springcloudgateway.custompredicates.config; package com.baeldung.springcloudgateway.custompredicates.config;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.route.RouteLocator; import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder; import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@ -24,14 +23,20 @@ public class CustomPredicatesConfig {
public RouteLocator routes(RouteLocatorBuilder builder, GoldenCustomerRoutePredicateFactory gf ) { public RouteLocator routes(RouteLocatorBuilder builder, GoldenCustomerRoutePredicateFactory gf ) {
return builder.routes() return builder.routes()
.route("dsl_golden_route", r -> r.path("/dsl_api/**") .route("dsl_golden_route", r ->
.filters(f -> f.stripPrefix(1)) r.predicate(gf.apply(new Config(true, "customerId")))
.uri("https://httpbin.org") .and()
.predicate(gf.apply(new Config(true, "customerId")))) .path("/dsl_api/**")
.route("dsl_common_route", r -> r.path("/dsl_api/**") .filters(f -> f.stripPrefix(1))
.filters(f -> f.stripPrefix(1)) .uri("https://httpbin.org")
.uri("https://httpbin.org") )
.predicate(gf.apply(new Config(false, "customerId")))) .route("dsl_common_route", r ->
r.predicate(gf.apply(new Config(false, "customerId")))
.and()
.path("/dsl_api/**")
.filters(f -> f.stripPrefix(1))
.uri("https://httpbin.org")
)
.build(); .build();
} }

44
spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/QuotesApplication.java Normal file
View File

@ -0,0 +1,44 @@
/**
*
*/
package com.baeldung.springcloudgateway.oauth.backend;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
import com.baeldung.springcloudgateway.oauth.shared.KeycloakReactiveTokenInstrospector;
/**
* @author Philippe
*
*/
@SpringBootApplication
@PropertySource("classpath:quotes-application.properties")
@EnableWebFluxSecurity
public class QuotesApplication {
public static void main(String[] args) {
SpringApplication.run(QuotesApplication.class);
}
@Bean
public ReactiveOpaqueTokenIntrospector keycloakIntrospector(OAuth2ResourceServerProperties props) {
NimbusReactiveOpaqueTokenIntrospector delegate = new NimbusReactiveOpaqueTokenIntrospector(
props.getOpaquetoken().getIntrospectionUri(),
props.getOpaquetoken().getClientId(),
props.getOpaquetoken().getClientSecret());
return new KeycloakReactiveTokenInstrospector(delegate);
}
}

35
spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/domain/Quote.java Normal file
View File

@ -0,0 +1,35 @@
package com.baeldung.springcloudgateway.oauth.backend.domain;
public class Quote {
private String symbol;
private double price;
/**
* @return the symbol
*/
public String getSymbol() {
return symbol;
}
/**
* @param symbol the symbol to set
*/
public void setSymbol(String symbol) {
this.symbol = symbol;
}
/**
* @return the price
*/
public double getPrice() {
return price;
}
/**
* @param price the price to set
*/
public void setPrice(double price) {
this.price = price;
}
}

34
spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/web/QuoteApi.java Normal file
View File

@ -0,0 +1,34 @@
package com.baeldung.springcloudgateway.oauth.backend.web;
import javax.annotation.PostConstruct;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RestController;
import com.baeldung.springcloudgateway.oauth.backend.domain.Quote;
import reactor.core.publisher.Mono;
@RestController
public class QuoteApi {
private static final GrantedAuthority GOLD_CUSTOMER = new SimpleGrantedAuthority("gold");
@GetMapping("/quotes/{symbol}")
public Mono<Quote> getQuote(@PathVariable("symbol") String symbol, BearerTokenAuthentication auth ) {
Quote q = new Quote();
q.setSymbol(symbol);
if ( auth.getAuthorities().contains(GOLD_CUSTOMER)) {
q.setPrice(10.0);
}
else {
q.setPrice(12.0);
}
return Mono.just(q);
}
}

13
spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/server/ResourceServerGatewayApplication.java Normal file
View File

@ -0,0 +1,13 @@
package com.baeldung.springcloudgateway.oauth.server;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
@SpringBootApplication
@EnableWebFluxSecurity
public class ResourceServerGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ResourceServerGatewayApplication.class,args);
}
}

65
spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/shared/KeycloakReactiveTokenInstrospector.java Normal file
View File

@ -0,0 +1,65 @@
/**
*
*/
package com.baeldung.springcloudgateway.oauth.shared;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
import reactor.core.publisher.Mono;
/**
* Custom ReactiveTokenIntrospector to map realm roles into Spring GrantedAuthorities
*
*/
public class KeycloakReactiveTokenInstrospector implements ReactiveOpaqueTokenIntrospector {
private final ReactiveOpaqueTokenIntrospector delegate;
public KeycloakReactiveTokenInstrospector(ReactiveOpaqueTokenIntrospector delegate) {
this.delegate = delegate;
}
@Override
public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
return delegate.introspect(token)
.map( this::mapPrincipal);
}
protected OAuth2AuthenticatedPrincipal mapPrincipal(OAuth2AuthenticatedPrincipal principal) {
return new DefaultOAuth2AuthenticatedPrincipal(
principal.getName(),
principal.getAttributes(),
extractAuthorities(principal));
}
protected Collection<GrantedAuthority> extractAuthorities(OAuth2AuthenticatedPrincipal principal) {
//
Map<String,List<String>> realm_access = principal.getAttribute("realm_access");
List<String> roles = realm_access.getOrDefault("roles", Collections.emptyList());
List<GrantedAuthority> rolesAuthorities = roles.stream()
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
Set<GrantedAuthority> allAuthorities = new HashSet<>();
allAuthorities.addAll(principal.getAuthorities());
allAuthorities.addAll(rolesAuthorities);
return allAuthorities;
}
}

26
spring-cloud/spring-cloud-gateway/src/main/resources/application-oauth-client.yml Normal file
View File

@ -0,0 +1,26 @@
server:
port: 8087
spring:
cloud:
gateway:
redis:
enabled: false
routes:
- id: quotes
uri: http://localhost:8085
predicates:
- Path=/quotes/**
filters: - TokenRelay=
security:
oauth2:
client: provider: keycloak:
issuer-uri: http://localhost:8083/auth/realms/baeldung
registration: quotes-client:
provider: keycloak
client-id: quotes-client
client-secret: 0e082231-a70d-48e8-b8a5-fbfb743041b6
scope: - email
- profile
- roles

19
spring-cloud/spring-cloud-gateway/src/main/resources/application-resource-server.yml Normal file
View File

@ -0,0 +1,19 @@
server:
port: 8086
spring:
security:
oauth2:
resourceserver:
opaquetoken:
introspection-uri: http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/token/introspect
client-id: quotes-client
client-secret: 0e082231-a70d-48e8-b8a5-fbfb743041b6
cloud:
gateway:
redis:
enabled: false
routes:
- id: quotes
uri: http://localhost:8085
predicates:
- Path=/quotes/**

12
spring-cloud/spring-cloud-gateway/src/main/resources/quotes-application.properties Normal file
View File

@ -0,0 +1,12 @@
server.port=8085
# Disable gateway & redis as we don't need them in this application
spring.cloud.gateway.enabled=false
spring.cloud.gateway.redis.enabled=false
# Resource server settings
spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/token/introspect
spring.security.oauth2.resourceserver.opaquetoken.client-id=quotes-client
spring.security.oauth2.resourceserver.opaquetoken.client-secret=0e082231-a70d-48e8-b8a5-fbfb743041b6

203
spring-cloud/spring-cloud-gateway/src/test/postman/OAuth_Gateway.postman_collection.json Normal file
View File

@ -0,0 +1,203 @@
{
"info": {
"_postman_id": "b3d00e23-c2cd-40ce-a90b-673efb25e5c0",
"name": "Baeldung - OAuth",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Token",
"event": [
{
"listen": "test",
"script": {
"exec": [
"var jsonData = pm.response.json();\r",
"pm.environment.set(\"access_token\", jsonData.access_token);\r",
"pm.environment.set(\"refresh_token\", jsonData.refresh_token);\r",
"pm.environment.set(\"backend_token\", \"Bearer \" + jsonData.access_token);"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "{{client_id}}",
"type": "text"
},
{
"key": "client_secret",
"value": "{{client_secret}}",
"type": "text"
},
{
"key": "grant_type",
"value": "password",
"type": "text"
},
{
"key": "scope",
"value": "email roles profile",
"type": "text"
},
{
"key": "username",
"value": "maxwell.smart",
"type": "text"
},
{
"key": "password",
"value": "1234",
"type": "text"
}
]
},
"url": {
"raw": "{{keycloack_base}}/token",
"host": [
"{{keycloack_base}}"
],
"path": [
"token"
]
}
},
"response": []
},
{
"name": "Quote",
"protocolProfileBehavior": {
"disabledSystemHeaders": {
"accept": true
}
},
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{access_token}}",
"type": "string"
}
]
},
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json",
"type": "text"
}
],
"url": {
"raw": "http://localhost:8085/quotes/:symbol",
"protocol": "http",
"host": [
"localhost"
],
"port": "8085",
"path": [
"quotes",
":symbol"
],
"variable": [
{
"key": "symbol",
"value": "IBM"
}
]
}
},
"response": []
},
{
"name": "Quote via Gateway",
"protocolProfileBehavior": {
"disabledSystemHeaders": {
"accept": true
}
},
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{access_token}}",
"type": "string"
}
]
},
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json",
"type": "text"
}
],
"url": {
"raw": "http://localhost:8086/quotes/:symbol",
"protocol": "http",
"host": [
"localhost"
],
"port": "8086",
"path": [
"quotes",
":symbol"
],
"variable": [
{
"key": "symbol",
"value": "IBM"
}
]
}
},
"response": []
}
],
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
],
"variable": [
{
"key": "keycloack_base",
"value": "http://localhost:8083/auth/realms/baeldung/protocol/openid-connect"
},
{
"key": "client_id",
"value": "quotes-client"
},
{
"key": "client_secret",
"value": "56be94c8-b20a-4374-899c-e39cb022d3f8"
}
]
}