Merge pull request #7092 from Doha2012/master

upgrade spring security cloud

spring-cloud/spring-cloud-security/auth-client/pom.xml

@@ -24,7 +24,7 @@
         </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-zuul</artifactId>
+            <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -34,14 +34,16 @@
         <dependency>
             <groupId>org.webjars</groupId>
             <artifactId>jquery</artifactId>
+            <version>${jquery.version}</version>
         </dependency>
         <dependency>
             <groupId>org.webjars</groupId>
             <artifactId>bootstrap</artifactId>
+            <version>${bootstrap.version}</version>
         </dependency>
         <dependency>
             <groupId>org.webjars</groupId>
-            <artifactId>webjars-locator</artifactId>
+            <artifactId>webjars-locator-core</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -62,8 +64,8 @@
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
+            <groupId>org.springframework.security.oauth.boot</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
         </dependency>
     </dependencies>
 
@@ -89,8 +91,10 @@
     </dependencyManagement>
 
     <properties>
-        <js-cookie.version>2.1.0</js-cookie.version>
+        <js-cookie.version>2.2.0</js-cookie.version>
-        <spring-cloud.version>Dalston.SR4</spring-cloud.version>
+        <spring-cloud.version>Greenwich.SR1</spring-cloud.version>
+        <jquery.version>3.4.1</jquery.version>
+        <bootstrap.version>4.3.1</bootstrap.version>
     </properties>
 
 </project>

spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml

@@ -2,7 +2,8 @@
 # These are default settings, but we add them for clarity.
 server:
   port: 8080
-  contextPath: /
+  servlet:
+    context-path: /
 
 # Configure the Authorization Server and User Info Resource Server details
 security:
@@ -21,6 +22,7 @@ person:
 # Proxies the calls to http://localhost:8080/api/* to our REST service at http://localhost:8081/*
 # and automatically includes our OAuth2 token in the request headers
 zuul:
+  sensitiveHeaders: Cookie,Set-Cookie  
   routes:
     resource:
       path: /api/**

spring-cloud/spring-cloud-security/auth-resource/pom.xml

@@ -19,8 +19,8 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
+            <groupId>org.springframework.security.oauth.boot</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -30,6 +30,7 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-jwt</artifactId>
+            <version>${spring-jwt.version}</version>
         </dependency>
     </dependencies>
 
@@ -55,7 +56,8 @@
     </build>
 
     <properties>
-        <spring-cloud.version>Edgware.RELEASE</spring-cloud.version>
+        <spring-cloud.version>Greenwich.SR1</spring-cloud.version>
+        <spring-jwt.version>1.0.10.RELEASE</spring-jwt.version>
     </properties>
 
 </project>

spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java

@@ -3,7 +3,7 @@ package com.baeldung.config;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 
@@ -11,15 +11,18 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
  *  REST API Resource Server.
  */
 @Configuration
-@EnableWebSecurity
 @EnableResourceServer
 @EnableGlobalMethodSecurity(prePostEnabled = true) // Allow method annotations like @PreAuthorize
 public class ResourceConfigurer extends ResourceServerConfigurerAdapter {
 
     @Override
     public void configure(HttpSecurity http) throws Exception {
-        http.httpBasic().disable();
+        http.sessionManagement()
-        http.authorizeRequests().anyRequest().authenticated();
+            .sessionCreationPolicy(SessionCreationPolicy.NEVER)
+            .and()
+            .authorizeRequests()
+            .anyRequest().authenticated();
+
     }
 
 }

spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml

@@ -5,7 +5,6 @@ server:
 
 # Configure the public key to use for verifying the incoming JWT tokens
 security:
-  sessions: NEVER
   oauth2:
     resource:
       jwt:

spring-cloud/spring-cloud-security/auth-server/pom.xml

@@ -38,7 +38,7 @@
     </dependencies>
     
     <properties>
-        <spring-cloud-starter-oauth2.version>1.1.2.RELEASE</spring-cloud-starter-oauth2.version>
+        <spring-cloud-starter-oauth2.version>2.1.2.RELEASE</spring-cloud-starter-oauth2.version>
     </properties>
 
 </project>

spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java

@@ -9,6 +9,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.core.io.Resource;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@@ -19,9 +20,7 @@ import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFacto
 @Configuration
 @EnableAuthorizationServer
 @Order(6)
-public class AuthServerConfigurer
+public class AuthServerConfigurer extends AuthorizationServerConfigurerAdapter {
-    extends
-        AuthorizationServerConfigurerAdapter {
 
     @Value("${jwt.certificate.store.file}")
     private Resource keystore;
@@ -37,6 +36,9 @@ public class AuthServerConfigurer
 
     @Autowired
     private UserDetailsService userDetailsService;
+    
+    @Autowired
+    private BCryptPasswordEncoder passwordEncoder;
 
     @Override
     public void configure(
@@ -45,8 +47,8 @@ public class AuthServerConfigurer
         clients
             .inMemory()
             .withClient("authserver")
-            .secret("passwordforauthserver")
+            .secret(passwordEncoder.encode("passwordforauthserver"))
-            .redirectUris("http://localhost:8080/")
+            .redirectUris("http://localhost:8080/login")
             .authorizedGrantTypes("authorization_code",
                 "refresh_token")
             .scopes("myscope")

spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfig.java

@@ -2,10 +2,10 @@ package com.baeldung.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
-public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
+public class WebMvcConfig implements WebMvcConfigurer {
 
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {

spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java

@@ -6,8 +6,8 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
 
 @Configuration
@@ -34,7 +34,7 @@ public class WebSecurityConfigurer
         AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()
-            .withUser("user").password("user")
+            .withUser("user").password(passwordEncoder().encode("user"))
             .roles("USER")
             .and()
             .withUser("admin").password("admin")
@@ -48,5 +48,9 @@ public class WebSecurityConfigurer
         return super.userDetailsServiceBean();
     }
 
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 
 }

spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml

@@ -1,7 +1,8 @@
 # Make the application available at http://localhost:7070/authserver
 server:
   port: 7070
-  contextPath: /authserver
+  servlet: 
+    context-path: /authserver
 
 # Our certificate settings for enabling JWT tokens
 jwt:
@@ -11,11 +12,4 @@ jwt:
       password: abirkhan04
     key:
       alias: myauthkey
-      password: abirkhan04
+      password: abirkhan04       
-
-      
-security:
-  oauth2:
-    resource: 
-      filter-order: 3
-      

spring-cloud/spring-cloud-security/pom.xml

@@ -8,10 +8,10 @@
     <packaging>pom</packaging>
 
    <parent>
-        <artifactId>parent-boot-1</artifactId>
+        <artifactId>parent-boot-2</artifactId>
         <groupId>com.baeldung</groupId>
         <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../../parent-boot-1</relativePath>
+        <relativePath>../../parent-boot-2</relativePath>
     </parent>
     
     <modules>