sso using oauth (#1955)

* minor logging fix * spring security sso * use basic auth * use form login * cleanup * cleanup * final cleanup
2017-06-01 15:10:59 +02:00 · 2017-06-01 15:10:59 +02:00 · 8bb276cabd
parent 639bc980a8
commit 8bb276cabd
15 changed files with 380 additions and 0 deletions
--- a/spring-security-sso/pom.xml
+++ b/spring-security-sso/pom.xml
@ -0,0 +1,27 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.baeldung</groupId>
+    <artifactId>spring-security-sso</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+
+    <name>spring-security-sso</name>
+    <packaging>pom</packaging>
+
+    <parent>
+        <artifactId>parent-boot-5</artifactId>
+        <groupId>com.baeldung</groupId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../parent-boot-5</relativePath>
+    </parent>
+
+    <modules>
+        <module>spring-security-sso-auth-server</module>
+        <module>spring-security-sso-ui</module>
+    </modules>
+    
+    <properties>
+        <rest-assured.version>3.0.1</rest-assured.version>
+    </properties>
+
+</project>
--- a/spring-security-sso/spring-security-sso-auth-server/pom.xml
+++ b/spring-security-sso/spring-security-sso-auth-server/pom.xml
@ -0,0 +1,28 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-security-sso-auth-server</artifactId>
+
+    <name>spring-security-sso-auth-server</name>
+    <packaging>war</packaging>
+
+    <parent>
+        <groupId>org.baeldung</groupId>
+        <artifactId>spring-security-sso</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+        </dependency>
+
+    </dependencies>
+
+</project>
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java
@ -0,0 +1,41 @@
+package org.baeldung.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+
+@Configuration
+@EnableAuthorizationServer
+public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Override
+    public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
+        oauthServer.tokenKeyAccess("permitAll()")
+            .checkTokenAccess("isAuthenticated()");
+    }
+
+    @Override
+    public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.inMemory()
+            .withClient("SampleClientId")
+            .secret("secret")
+            .authorizedGrantTypes("authorization_code")
+            .scopes("user_info")
+            .autoApprove(true)
+        // .accessTokenValiditySeconds(3600)
+        ; // 1 hour
+    }
+
+    @Override
+    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.authenticationManager(authenticationManager);
+    }
+
+}
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthorizationServerApplication.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthorizationServerApplication.java
@ -0,0 +1,16 @@
+package org.baeldung.config;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.support.SpringBootServletInitializer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+
+@SpringBootApplication
+@EnableResourceServer
+public class AuthorizationServerApplication extends SpringBootServletInitializer {
+
+    public static void main(String[] args) {
+        SpringApplication.run(AuthorizationServerApplication.class, args);
+    }
+
+}
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java
@ -0,0 +1,38 @@
+package org.baeldung.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.requestMatchers()
+            .antMatchers("/login", "/oauth/authorize")
+            .and()
+            .authorizeRequests()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .permitAll();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.parentAuthenticationManager(authenticationManager)
+            .inMemoryAuthentication()
+            .withUser("john")
+            .password("123")
+            .roles("USER");
+    }
+
+}
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/UserController.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/UserController.java
@ -0,0 +1,16 @@
+package org.baeldung.config;
+
+import java.security.Principal;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class UserController {
+
+    @RequestMapping("/user/me")
+    public Principal user(Principal principal) {
+        System.out.println(principal);
+        return principal;
+    }
+}
--- a/spring-security-sso/spring-security-sso-auth-server/src/main/resources/application.properties
+++ b/spring-security-sso/spring-security-sso-auth-server/src/main/resources/application.properties
@ -0,0 +1,4 @@
+server.port=8081
+server.context-path=/auth
+security.basic.enabled=false
+#logging.level.org.springframework=DEBUG
--- a/spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/test/AuthServerIntegrationTest.java
+++ b/spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/test/AuthServerIntegrationTest.java
@ -0,0 +1,18 @@
+package org.baeldung.test;
+
+import org.baeldung.config.AuthorizationServerApplication;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = AuthorizationServerApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
+public class AuthServerIntegrationTest {
+
+    @Test
+    public void whenLoadApplication_thenSuccess() {
+
+    }
+}
--- a/spring-security-sso/spring-security-sso-ui/pom.xml
+++ b/spring-security-sso/spring-security-sso-ui/pom.xml
@ -0,0 +1,44 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-security-sso-ui</artifactId>
+
+    <name>spring-security-sso-ui</name>
+    <packaging>war</packaging>
+
+    <parent>
+        <groupId>org.baeldung</groupId>
+        <artifactId>spring-security-sso</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.thymeleaf.extras</groupId>
+            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
+        </dependency>
+
+    </dependencies>
+
+</project>
--- a/spring-security-sso/spring-security-sso-ui/src/main/java/org/baeldung/config/UiApplication.java
+++ b/spring-security-sso/spring-security-sso-ui/src/main/java/org/baeldung/config/UiApplication.java
@ -0,0 +1,33 @@
+package org.baeldung.config;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.web.context.request.RequestContextListener;
+
+@EnableOAuth2Sso
+@SpringBootApplication
+public class UiApplication extends WebSecurityConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.antMatcher("/**")
+            .authorizeRequests()
+            .antMatchers("/", "/login**")
+            .permitAll()
+            .anyRequest()
+            .authenticated();
+    }
+
+    @Bean
+    public RequestContextListener requestContextListener() {
+        return new RequestContextListener();
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(UiApplication.class, args);
+    }
+}
--- a/spring-security-sso/spring-security-sso-ui/src/main/java/org/baeldung/config/UiWebConfig.java
+++ b/spring-security-sso/spring-security-sso-ui/src/main/java/org/baeldung/config/UiWebConfig.java
@ -0,0 +1,41 @@
+package org.baeldung.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
+import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+@Configuration
+@EnableWebMvc
+public class UiWebConfig extends WebMvcConfigurerAdapter {
+
+    @Bean
+    public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
+        return new PropertySourcesPlaceholderConfigurer();
+    }
+
+    @Override
+    public void configureDefaultServletHandling(final DefaultServletHandlerConfigurer configurer) {
+        configurer.enable();
+    }
+
+    @Override
+    public void addViewControllers(final ViewControllerRegistry registry) {
+        super.addViewControllers(registry);
+        registry.addViewController("/")
+            .setViewName("forward:/index");
+        registry.addViewController("/index");
+        registry.addViewController("/securedPage");
+    }
+
+    @Override
+    public void addResourceHandlers(final ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("/resources/**")
+            .addResourceLocations("/resources/");
+    }
+
+}
--- a/spring-security-sso/spring-security-sso-ui/src/main/resources/application.yml
+++ b/spring-security-sso/spring-security-sso-ui/src/main/resources/application.yml
@ -0,0 +1,20 @@
+server:
+    port: 8082
+    context-path: /ui
+    session:
+      cookie:
+        name: UISESSION
+security:
+  basic:
+    enabled: false
+  oauth2:
+    client:
+      clientId: SampleClientId
+      clientSecret: secret
+      accessTokenUri: http://localhost:8081/auth/oauth/token
+      userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
+    resource:
+      userInfoUri: http://localhost:8081/auth/user/me
+spring:
+  thymeleaf:
+    cache: false        
--- a/spring-security-sso/spring-security-sso-ui/src/main/resources/templates/index.html
+++ b/spring-security-sso/spring-security-sso-ui/src/main/resources/templates/index.html
@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Spring Security SSO</title>
+<link rel="stylesheet"
+	href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" />
+</head>
+
+<body>
+<div class="container">
+	<div class="col-sm-12">
+		<h1>Spring Security SSO</h1>
+		<a class="btn btn-primary" href="securedPage">Login</a>
+	</div>
+</div>
+</body>
+</html>
--- a/spring-security-sso/spring-security-sso-ui/src/main/resources/templates/securedPage.html
+++ b/spring-security-sso/spring-security-sso-ui/src/main/resources/templates/securedPage.html
@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Spring Security SSO</title>
+<link rel="stylesheet"
+	href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" />
+</head>
+
+<body>
+<div class="container">
+	<div class="col-sm-12">
+		<h1>Secured Page</h1>
+		Welcome, <span th:text="${#authentication.name}">Name</span>
+	</div>
+</div>
+</body>
+</html>
--- a/spring-security-sso/spring-security-sso-ui/src/test/java/org/baeldung/test/UiIntegrationTest.java
+++ b/spring-security-sso/spring-security-sso-ui/src/test/java/org/baeldung/test/UiIntegrationTest.java
@ -0,0 +1,18 @@
+package org.baeldung.test;
+
+import org.baeldung.config.UiApplication;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = UiApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
+public class UiIntegrationTest {
+
+    @Test
+    public void whenLoadApplication_thenSuccess() {
+
+    }
+}