Merge pull request #3432 from abirkhan04/spring-cloud-security

Spring cloud security

spring-cloud/spring-cloud-security/README.md

@@ -0,0 +1,29 @@
+# README #
+
+This README would normally document whatever steps are necessary to get your application up and running.
+
+### What is this repository for? ###
+
+* Quick summary
+* Version
+* [Learn Markdown](https://bitbucket.org/tutorials/markdowndemo)
+
+### How do I get set up? ###
+
+* Summary of set up
+* Configuration
+* Dependencies
+* Database configuration
+* How to run tests
+* Deployment instructions
+
+### Contribution guidelines ###
+
+* Writing tests
+* Code review
+* Other guidelines
+
+### Who do I talk to? ###
+
+* Repo owner or admin
+* Other community or team contact

spring-cloud/spring-cloud-security/alias.rtf

@@ -0,0 +1,28 @@
+myauthkey
+
+
+security:
+  oauth2:
+    resource:
+      jwt:
+        keyValue: |
+          -----BEGIN PUBLIC KEY-----
+          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj4JDMgT4OoaXisEd8Nz
+          uiLwum9mh8BH1l9Atpe+uZkepf3Vnv0Bhxn0BGR+kYGwEHZPVpWsHEyTfIRdinaQ
+          vlPaxWJquQW25yYstrCuQTKJvFjSO/cX/V4OGi1RUj76mOpwzkm1Kui3R7Sfh8Zo
+          WO0GiWIFJqNBsZ9b1wOfBMXnge+A+u/qxVNnTFpwCVj6k2Yb4YUsmLNCmND7E3Ra
+          BnrNQWqMU2numhV+ADpmVH08m/+pWdZ896uYu/tvQnz3agvZPcFsEst7LcNAWQFT
+          eNLkfwVfepKWa9jPELemtTLf1MkMppU+Lj1UNCr8x4Y6EupRDZhplVNtqYsPNDpO
+          7wIDAQAB
+          -----END PUBLIC KEY-----
+		  
+		  
+		  
+jwt:
+  certificate:
+    store:
+      file: classpath:/certificate/my-auth-server.jks
+      password: storepassword
+    key:
+      alias: myauthserver
+      password: keypassword

spring-cloud/spring-cloud-security/authserver/pom.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>com.baeldung</groupId>
+	<artifactId>auth-server</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>1.5.9.RELEASE</version>
+	</parent>
+
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-devtools</artifactId>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-tomcat</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-oauth2</artifactId>
+			<version>1.1.2.RELEASE</version>
+		</dependency>
+	</dependencies>
+</project>

spring-cloud/spring-cloud-security/authserver/src/main/java/com/cloudsecurity/auth/AuthServer.java

@@ -0,0 +1,15 @@
+package com.cloudsecurity.auth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.*;
+
+
+@SpringBootApplication
+public class AuthServer {
+
+    public static void main(String[] args) {
+        // TODO Auto-generated method stub
+        SpringApplication.run(
+           AuthServer.class, args);
+    }
+}

spring-cloud/spring-cloud-security/authserver/src/main/java/com/cloudsecurity/auth/config/AuthServerConfigurer.java

@@ -0,0 +1,77 @@
+package com.cloudsecurity.auth.config;
+
+import java.security.KeyPair;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.core.io.Resource;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
+
+@Configuration
+@EnableAuthorizationServer
+@Order(6)
+public class AuthServerConfigurer
+    extends
+        AuthorizationServerConfigurerAdapter {
+
+    @Value("${jwt.certificate.store.file}")
+    private Resource keystore;
+
+    @Value("${jwt.certificate.store.password}")
+    private String keystorePassword;
+
+    @Value("${jwt.certificate.key.alias}")
+    private String keyAlias;
+
+    @Value("${jwt.certificate.key.password}")
+    private String keyPassword;
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Override
+    public void configure(
+        ClientDetailsServiceConfigurer clients)
+        throws Exception {
+        clients
+            .inMemory()
+            .withClient("authserver")
+            .secret("passwordforauthserver")
+            .redirectUris("http://localhost:8080/")
+            .authorizedGrantTypes("authorization_code",
+                "refresh_token")
+            .scopes("myscope")
+            .autoApprove(true)
+            .accessTokenValiditySeconds(30)
+            .refreshTokenValiditySeconds(1800);
+    }
+
+    @Override
+    public void configure(
+        AuthorizationServerEndpointsConfigurer endpoints)
+        throws Exception {
+        endpoints
+            .accessTokenConverter(jwtAccessTokenConverter())
+            .userDetailsService(userDetailsService);
+    }
+
+    @Bean
+    public JwtAccessTokenConverter jwtAccessTokenConverter() {
+        KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(
+            keystore, keystorePassword.toCharArray());
+        KeyPair keyPair = keyStoreKeyFactory.getKeyPair(
+            keyAlias, keyPassword.toCharArray());
+        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        converter.setKeyPair(keyPair);
+        return converter;
+    }
+}

spring-cloud/spring-cloud-security/authserver/src/main/java/com/cloudsecurity/auth/config/ResourceServerConfigurer.java

@@ -0,0 +1,24 @@
+package com.cloudsecurity.auth.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+
+/**
+ * Our configuration for the OAuth2 User Info Resource Server.
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
+
+
+    
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.antMatcher("/user")
+                .authorizeRequests()
+                .anyRequest()
+                .authenticated();
+    }
+}

spring-cloud/spring-cloud-security/authserver/src/main/java/com/cloudsecurity/auth/config/WebMvcConfigurer.java

@@ -0,0 +1,15 @@
+package com.cloudsecurity.auth.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+
+@Configuration
+public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
+
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        registry.addViewController("login").setViewName("login");
+    }
+}

spring-cloud/spring-cloud-security/authserver/src/main/java/com/cloudsecurity/auth/config/WebSecurityConfigurer.java

@@ -0,0 +1,54 @@
+package com.cloudsecurity.auth.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+
+@Configuration
+@EnableWebSecurity
+@EnableOAuth2Client
+public class WebSecurityConfigurer
+    extends
+        WebSecurityConfigurerAdapter {
+
+
+    @Override
+    protected void configure(HttpSecurity http)
+        throws Exception {
+        http
+            .authorizeRequests()
+            .antMatchers("/login**").permitAll()
+            .anyRequest().authenticated()
+            .and().csrf()
+            .and().formLogin().loginPage("/login");
+    }
+
+    @Override
+    protected void configure(
+        AuthenticationManagerBuilder auth) throws Exception {
+        auth
+            .inMemoryAuthentication()
+            .withUser("user").password("user")
+            .roles("USER")
+            .and()
+            .withUser("admin").password("admin")
+            .roles("USER", "ADMIN");
+    }
+
+    @Override
+    @Bean(name = "userDetailsService")
+    public UserDetailsService userDetailsServiceBean()
+        throws Exception {
+        return super.userDetailsServiceBean();
+    }
+
+
+}

spring-cloud/spring-cloud-security/authserver/src/main/java/com/cloudsecurity/auth/controller/ResourceController.java

@@ -0,0 +1,20 @@
+package com.cloudsecurity.auth.controller;
+
+import java.security.Principal;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Because this application is also a User Info Resource Server, we expose info about the logged in user at:
+ *
+ *     http://localhost:9090/auth/user
+ */
+@RestController
+public class ResourceController {
+
+    @RequestMapping("/user")
+    public Principal user(Principal user) {
+      return user;
+    }
+
+}

spring-cloud/spring-cloud-security/authserver/src/main/resources/application.yml

@@ -0,0 +1,21 @@
+# Make the application available at http://localhost:7070/authserver
+server:
+  port: 7070
+  contextPath: /authserver
+
+# Our certificate settings for enabling JWT tokens
+jwt:
+  certificate:
+    store:
+      file: classpath:/certificate/mykeystore.jks
+      password: abirkhan04
+    key:
+      alias: myauthkey
+      password: abirkhan04
+
+      
+security:
+  oauth2:
+    resource: 
+      filter-order: 3
+      

spring-cloud/spring-cloud-security/authserver/src/main/resources/templates/login.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8"/>
+    <title>Baeldung Spring cloud Security</title>
+</head>
+<body onload="document.f.username.focus();">
+
+<h1>Login</h1>
+
+
+<form th:action="@{/login}" name="f" method="post">
+    <fieldset>
+        <h2> Username and Password:</h2>
+        <p>
+            <label for="username">Username</label>
+            <input type="text" id="username" name="username"/>
+        </p>
+        <p>
+            <label for="password">Password</label>
+            <input type="password" id="password" name="password"/>
+        </p>
+        <p>
+            <input name="submit" type="submit" value="Login"/>
+        </p>
+    </fieldset>
+</form>
+</body>
+</html>

spring-cloud/spring-cloud-security/personservice/pom.xml

@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>com.baeldung.service</groupId>
+	<artifactId>personservice</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>personservice</name>
+	<description>Demo project for Spring Boot</description>
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>1.5.8.RELEASE</version>
+		<relativePath /> <!-- lookup parent from repository -->
+	</parent>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<java.version>1.8</java.version>
+		<spring-cloud.version>Edgware.RELEASE</spring-cloud.version>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.security.oauth</groupId>
+			<artifactId>spring-security-oauth2</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-jwt</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.google.code.gson</groupId>
+			<artifactId>gson</artifactId>
+		</dependency>
+	</dependencies>
+
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.springframework.cloud</groupId>
+				<artifactId>spring-cloud-dependencies</artifactId>
+				<version>${spring-cloud.version}</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+
+</project>

spring-cloud/spring-cloud-security/personservice/src/main/java/com/baeldung/service/model/Person.java

@@ -0,0 +1,51 @@
+package com.baeldung.service.model;
+
+public class Person {
+    
+    private String name;
+    private String city;
+    private String country;
+    private Integer age;
+    private String sex;
+    
+    public Person(String name, String city, String country, Integer age, String sex){
+        this.name = name;
+        this.city = city;
+        this.country = country;
+        this.age = age;
+        this.sex = sex;
+    }
+    
+    
+    public String getName() {
+        return name;
+    }
+    public void setName(String name) {
+        this.name = name;
+    }
+    public String getCity() {
+        return city;
+    }
+    public void setCity(String city) {
+        this.city = city;
+    }
+    public String getCountry() {
+        return country;
+    }
+    public void setCountry(String country) {
+        this.country = country;
+    }
+    public Integer getAge() {
+        return age;
+    }
+    public void setAge(Integer age) {
+        this.age = age;
+    }
+    public String getSex() {
+        return sex;
+    }
+    public void setSex(String sex) {
+        this.sex = sex;
+    }
+   
+}

spring-cloud/spring-cloud-security/personservice/src/main/java/com/baeldung/service/personservice/PersonserviceApplication.java

@@ -0,0 +1,12 @@
+package com.baeldung.service.personservice;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class PersonserviceApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(PersonserviceApplication.class, args);
+    }
+}

spring-cloud/spring-cloud-security/personservice/src/main/java/com/baeldung/service/personservice/config/ResourceConfigurer.java

@@ -0,0 +1,25 @@
+package com.baeldung.service.personservice.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+
+/**
+ *  REST API Resource Server.
+ */
+@Configuration
+@EnableWebSecurity
+@EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true) // Allow method annotations like @PreAuthorize
+public class ResourceConfigurer extends ResourceServerConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().disable();
+        http.authorizeRequests().anyRequest().authenticated();
+    }
+       
+}

spring-cloud/spring-cloud-security/personservice/src/main/java/com/baeldung/service/personservice/controller/PersonInfoController.java

@@ -0,0 +1,31 @@
+package com.baeldung.service.personservice.controller;
+
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.baeldung.service.model.Person;
+import com.google.gson.Gson;
+
+@RestController
+public class PersonInfoController {
+    
+    @RequestMapping(value = "/currenttime")
+    @PreAuthorize("hasAnyRole('ADMIN', 'USER')")
+    public String currentTime(){
+        return LocalTime.now().format(DateTimeFormatter.ISO_LOCAL_TIME);
+    }
+    
+    
+    @RequestMapping(value = "/person")
+    @PreAuthorize("hasAnyRole('ADMIN', 'USER')")
+    public @ResponseBody String personInfo(){        
+        Gson gson = new Gson();
+        String person = gson.toJson(new Person("abir","Dhaka", "Bangladesh",29,"Male"));
+        return person;        
+    }    
+}

spring-cloud/spring-cloud-security/personservice/src/main/resources/application.yml

@@ -0,0 +1,25 @@
+# Make the application available at http://localhost:9000
+#spring:
+#  session:
+#    store-type: redis
+
+server:
+  port: 9000
+
+# Configure the public key to use for verifying the incoming JWT tokens
+security:
+  sessions: NEVER
+  oauth2:
+    resource:
+      userInfoUri: http://localhost:7070/authserver/user
+      jwt:
+        keyValue: |
+            -----BEGIN PUBLIC KEY-----
+            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiiifKv6Otf5PyqIE+LQ
+            EiJRRh6q8piPY9Okq+RfRu9Bue0D8hq7aFxcgkLZ6Bg9CAS+w1KdaE5MMeOCVVxv
+            rpRETzVpAsh6GL5nBc679jSqMzjr3V4uty46ilL4VHKSxlZh5Nmz5EMHPI5iwpNs
+            8U5n3QiwsTk514FXad54xPSPH3i/pDzGSZHrVcwDVaOKn7gFiIqP86vkJB47JZv8
+            T6P5RK7Rj06zoG45DMGWG3DQv6o1/Jm4IJQWj0AUD3bSHqzXkPr7qyMYvkE4kyMH
+            6aVAsAYMxilZFlJMv2b8N883gdi3LEeOJo8zZr5IWyyROfepdeOL7UkAXddAj+dL
+            WQIDAQAB
+            -----END PUBLIC KEY-----     

spring-cloud/spring-cloud-security/personservice/src/test/java/com/baeldung/service/personservice/PersonserviceApplicationTests.java

@@ -0,0 +1,16 @@
+package com.baeldung.service.personservice;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class PersonserviceApplicationTests {
+
+	@Test
+	public void contextLoads() {
+	}
+
+}

spring-cloud/spring-cloud-security/pubkey.txt

@@ -0,0 +1,30 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiiifKv6Otf5PyqIE+LQ
+EiJRRh6q8piPY9Okq+RfRu9Bue0D8hq7aFxcgkLZ6Bg9CAS+w1KdaE5MMeOCVVxv
+rpRETzVpAsh6GL5nBc679jSqMzjr3V4uty46ilL4VHKSxlZh5Nmz5EMHPI5iwpNs
+8U5n3QiwsTk514FXad54xPSPH3i/pDzGSZHrVcwDVaOKn7gFiIqP86vkJB47JZv8
+T6P5RK7Rj06zoG45DMGWG3DQv6o1/Jm4IJQWj0AUD3bSHqzXkPr7qyMYvkE4kyMH
+6aVAsAYMxilZFlJMv2b8N883gdi3LEeOJo8zZr5IWyyROfepdeOL7UkAXddAj+dL
+WQIDAQAB
+-----END PUBLIC KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIEDqsC7jANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwI4
+ODETMBEGA1UECBMKQmFuZ2xhZGVzaDEOMAwGA1UEBxMFRGhha2ExETAPBgNVBAoT
+CEJhZWxkdW5nMRUwEwYDVQQLEwxCYWVsZHVuZ2Jsb2cxEjAQBgNVBAMTCWxvY2Fs
+aG9zdDAeFw0xNzEyMjUxNDE0MDhaFw0xODAzMjUxNDE0MDhaMHAxCzAJBgNVBAYT
+Ajg4MRMwEQYDVQQIEwpCYW5nbGFkZXNoMQ4wDAYDVQQHEwVEaGFrYTERMA8GA1UE
+ChMIQmFlbGR1bmcxFTATBgNVBAsTDEJhZWxkdW5nYmxvZzESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiiifKv6Otf5
+PyqIE+LQEiJRRh6q8piPY9Okq+RfRu9Bue0D8hq7aFxcgkLZ6Bg9CAS+w1KdaE5M
+MeOCVVxvrpRETzVpAsh6GL5nBc679jSqMzjr3V4uty46ilL4VHKSxlZh5Nmz5EMH
+PI5iwpNs8U5n3QiwsTk514FXad54xPSPH3i/pDzGSZHrVcwDVaOKn7gFiIqP86vk
+JB47JZv8T6P5RK7Rj06zoG45DMGWG3DQv6o1/Jm4IJQWj0AUD3bSHqzXkPr7qyMY
+vkE4kyMH6aVAsAYMxilZFlJMv2b8N883gdi3LEeOJo8zZr5IWyyROfepdeOL7UkA
+XddAj+dLWQIDAQABoyEwHzAdBgNVHQ4EFgQUHLFYkq36Wami5qsVRe/1eQedmdgw
+DQYJKoZIhvcNAQELBQADggEBABL3lYyuRd6Hv8DPus/zQL0bRl6gVsEzczwmWMUA
+3NJZbUHAD/KC732aArvKIKykkbLG6K/Mhnfuu8YBfWzTvGgY3Ww+ka2sJFOsUW7r
+sa6OBtNHh4zhDYN2Weza+4jnRLxtkzFbm6v2sheFkyB1NywCwFE/6p1Z6KTG8RyJ
+gw/OHl6rb+Y/T6cOeeTCFUN/v+qRVSB9I/MjSK5wRNbFT+MyNUeL6gsiyIvxSZbj
+y4vrjGHkXasSmwkfvgw67mJMk4XTGrVLjIXUTyzbdSmodcv8N6nrsIk4SBYCnTrI
+E/5NtNgbOFGwovde5yNrZIjjAC1VGOmVFhcxFJpwT6ZkSks=
+-----END CERTIFICATE-----

spring-cloud/spring-cloud-security/springoath2client/pom.xml

@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>com.example</groupId>
+	<artifactId>springoath2</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>springoath2</name>
+	<description>Demo project for Spring Boot</description>
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>1.5.8.RELEASE</version>
+		<relativePath /> <!-- lookup parent from repository -->
+	</parent>
+
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.springframework.cloud</groupId>
+				<artifactId>spring-cloud-dependencies</artifactId>
+				<version>Dalston.SR4</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
+
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<java.version>1.8</java.version>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-oauth2</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-zuul</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.webjars</groupId>
+			<artifactId>jquery</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.webjars</groupId>
+			<artifactId>bootstrap</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.webjars</groupId>
+			<artifactId>webjars-locator</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.webjars</groupId>
+			<artifactId>js-cookie</artifactId>
+			<version>2.1.0</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-devtools</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+</project>

spring-cloud/spring-cloud-security/springoath2client/src/main/java/com/cloud/springwebsite/CloudSite.java

@@ -0,0 +1,24 @@
+package com.cloud.springwebsite;
+
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
+import org.springframework.context.annotation.Bean;
+
+import com.cloudsite.filters.pre.SimpleFilter;
+
+
+@SpringBootApplication
+public class CloudSite {
+    public static void main(String[] args) {
+        SpringApplication.run(CloudSite.class, args);
+    }
+    
+    
+    @Bean
+    public SimpleFilter simpleFilter() {
+      return new SimpleFilter();
+    } 
+    
+}

spring-cloud/spring-cloud-security/springoath2client/src/main/java/com/cloud/springwebsite/config/SiteSecurityConfigurer.java

@@ -0,0 +1,49 @@
+package com.cloud.springwebsite.config;
+
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestOperations;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+
+@EnableZuulProxy
+@Configuration
+@EnableOAuth2Sso
+public class SiteSecurityConfigurer
+    extends
+        WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http)
+        throws Exception {
+        http.antMatcher("/**")
+            .authorizeRequests()
+            .antMatchers("/", "/webjars/**")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .logout()
+            .logoutSuccessUrl("/")
+            .permitAll()
+            .and()
+            .csrf()
+            .csrfTokenRepository(
+                CookieCsrfTokenRepository
+                    .withHttpOnlyFalse());
+    }
+
+    @Bean
+    public OAuth2RestOperations restOperations(
+        OAuth2ProtectedResourceDetails resource,
+        OAuth2ClientContext context) {
+        return new OAuth2RestTemplate(resource, context);
+    }
+
+}

spring-cloud/spring-cloud-security/springoath2client/src/main/java/com/cloud/springwebsite/controller/CloudSiteController.java

@@ -0,0 +1,39 @@
+package com.cloud.springwebsite.controller;
+
+import java.net.URI;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.RestOperations;
+import org.springframework.web.servlet.ModelAndView;
+
+@RestController
+public class CloudSiteController {
+    
+    @Autowired
+    private RestOperations restOperations;
+
+    
+    @Value("${person.url}")
+    private String personUrl;
+    
+     
+    @RequestMapping("/")
+    @ResponseBody
+    public String helloFromBaeldung() {
+        return "Hello From Baeldung!";
+    }
+
+    
+    @RequestMapping("/person")
+    public ModelAndView person(){
+        ModelAndView mav = new ModelAndView("personinfo");
+        mav.addObject("person",restOperations.getForObject(personUrl, String.class));        
+        return mav;    
+    }
+      
+}

spring-cloud/spring-cloud-security/springoath2client/src/main/java/com/cloudsite/filters/pre/SimpleFilter.java

@@ -0,0 +1,39 @@
+package com.cloudsite.filters.pre;
+
+import javax.servlet.http.HttpServletRequest;
+import com.netflix.zuul.context.RequestContext;
+import com.netflix.zuul.ZuulFilter;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SimpleFilter extends ZuulFilter {
+
+  private static Logger log = LoggerFactory.getLogger(SimpleFilter.class);
+
+  @Override
+  public String filterType() {
+    return "pre";
+  }
+
+  @Override
+  public int filterOrder() {
+    return 1;
+  }
+
+  @Override
+  public boolean shouldFilter() {
+    return true;
+  }
+
+  @Override
+  public Object run() {
+    RequestContext ctx = RequestContext.getCurrentContext();
+    HttpServletRequest request = ctx.getRequest();
+
+    log.info(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
+
+    return null;
+  }
+
+}

spring-cloud/spring-cloud-security/springoath2client/src/main/resources/application.yml

@@ -0,0 +1,37 @@
+# Make the application available at http://localhost:8080
+# These are default settings, but we add them for clarity.
+server:
+  port: 8080
+  contextPath: /
+
+# Configure the Authorization Server and User Info Resource Server details
+security:
+  oauth2:
+    client:
+      accessTokenUri: http://localhost:7070/authserver/oauth/token
+      userAuthorizationUri: http://localhost:7070/authserver/oauth/authorize
+      clientId: authserver
+      clientSecret: passwordforauthserver
+    resource:
+      userInfoUri: http://localhost:7070/authserver/user
+
+person:
+  url: http://localhost:9000/person
+
+# Proxies the calls to http://localhost:8080/api/* to our REST service at http://localhost:8081/*
+# and automatically includes our OAuth2 token in the request headers
+zuul:
+  routes:
+    resource:
+      path: /api/**
+      url: http://localhost:9000
+    user: 
+      path: /user/**
+      url: http://localhost:7070/authserver/user
+
+# Make sure the OAuth2 token is only relayed when using the internal API,
+# do not pass any authentication to the external API
+proxy:
+  auth:
+    routes:
+      api: oauth2

spring-cloud/spring-cloud-security/springoath2client/src/main/resources/templates/personinfo.html

@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<head>
+<meta charset="UTF-8" />
+<title>My Website - Getting Personal Information</title>
+<script th:inline="javascript">
+	/*<![CDATA[*/
+	function refreshTime() {
+		var xhttp = new XMLHttpRequest();
+		xhttp.onreadystatechange = function() {
+			if (xhttp.readyState == 4 && xhttp.status == 200) {
+					document.getElementById("currentTime").innerHTML = xhttp.responseText;
+			}
+		};
+		xhttp.open("GET", "/api/currenttime", true);
+		xhttp.send();
+	}
+	/*]]>*/
+</script>
+</head>
+<body>
+	<h1>Providing Person Information</h1>
+	<p>
+		Person's information: <span id="personInfo" th:text="${person}"></span>
+	</p>
+    <p>
+		The current time is: <span id="currentTime"></span>
+	</p>
+	
+	<button onclick="refreshTime();">GET Current Time</button>
+</body>
+</html>

spring-cloud/spring-cloud-security/springoath2client/src/test/java/com/example/springoath2/Springoath2ApplicationTests.java

@@ -0,0 +1,16 @@
+package com.example.springoath2;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class Springoath2ApplicationTests {
+
+	@Test
+	public void contextLoads() {
+	}
+
+}