Now using Auth and Resource servers from Baeldung/spring-security-oauth (#6128)
This commit is contained in:
Ger Roza
maibin
parent
469e36f07a
commit
b395dc1d41
@ -6,9 +6,9 @@ import org.springframework.context.annotation.PropertySource;
|
||||
|
||||
/**
|
||||
*
|
||||
* Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth
|
||||
* Note: This app is configured to use the authorization service and the resource service located in Baeldung/spring-security-oauth repo
|
||||
*
|
||||
* As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (bael-user/bael-password) and client configurations (bael-client-id/bael-secret) handled by the auth server
|
||||
* As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (john/123) and client configurations handled by the auth server
|
||||
*
|
||||
* @author rozagerardo
|
||||
*
|
||||
|
||||
@ -15,7 +15,7 @@ import reactor.core.publisher.Mono;
|
||||
@RestController
|
||||
public class ClientRestController {
|
||||
|
||||
private static final String RESOURCE_URI = "http://localhost:8084/retrieve-resource";
|
||||
private static final String RESOURCE_URI = "http://localhost:8082/spring-security-oauth-resource/foos/1";
|
||||
|
||||
@Autowired
|
||||
WebClient webClient;
|
||||
|
||||
@ -6,19 +6,19 @@ import org.springframework.context.annotation.PropertySource;
|
||||
|
||||
/**
|
||||
*
|
||||
* Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth
|
||||
* Note: This app is configured to use the authorization service and the resource service located in Baeldung/spring-security-oauth repo
|
||||
*
|
||||
* As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (bael-user/bael-password) and client configurations (bael-client-id/bael-secret) handled by the auth server
|
||||
* As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (john/123) and client configurations handled by the auth server
|
||||
*
|
||||
* @author rozagerardo
|
||||
*
|
||||
*/
|
||||
@PropertySource("classpath:webclient-auth-code-login-application.properties")
|
||||
@SpringBootApplication
|
||||
public class OauthClientApplication {
|
||||
public class OauthClientLoginApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(OauthClientApplication.class, args);
|
||||
SpringApplication.run(OauthClientLoginApplication.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@ -16,7 +16,7 @@ import reactor.core.publisher.Mono;
|
||||
@RestController
|
||||
public class ClientRestController {
|
||||
|
||||
private static final String RESOURCE_URI = "http://localhost:8084/retrieve-resource";
|
||||
private static final String RESOURCE_URI = "http://localhost:8082/spring-security-oauth-resource/foos/1";
|
||||
|
||||
@Autowired
|
||||
WebClient webClient;
|
||||
|
||||
@ -7,9 +7,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
|
||||
|
||||
/**
|
||||
*
|
||||
* Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth
|
||||
*
|
||||
* As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using credentials handled by the auth server (bael-user/bael-password)
|
||||
* Note: This app is configured to use the authorization service and the resource service located in Baeldung/spring-security-oauth repo
|
||||
*
|
||||
* @author rozagerardo
|
||||
*
|
||||
|
||||
@ -4,8 +4,6 @@ import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.scheduling.annotation.Scheduled;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.reactive.function.client.WebClient;
|
||||
|
||||
@ -14,12 +12,12 @@ public class WebClientChonJob {
|
||||
|
||||
Logger logger = LoggerFactory.getLogger(WebClientChonJob.class);
|
||||
|
||||
private static final String RESOURCE_URI = "http://localhost:8084/retrieve-resource";
|
||||
private static final String RESOURCE_URI = "localhost:8082/spring-security-oauth-resource/foos/1";
|
||||
|
||||
@Autowired
|
||||
private WebClient webClient;
|
||||
|
||||
@Scheduled(fixedRate = 1000)
|
||||
@Scheduled(fixedRate = 5000)
|
||||
public void logResourceServiceResponse() {
|
||||
|
||||
webClient.get()
|
||||
|
||||
@ -6,13 +6,12 @@ import org.springframework.context.annotation.PropertySource;
|
||||
|
||||
/**
|
||||
*
|
||||
* Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth
|
||||
*
|
||||
* As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (bael-user/bael-password) and client configurations (bael-client-id/bael-secret) handled by the auth server
|
||||
* Note: This app is configured to use the authorization service and the resource service located in Baeldung/spring-security-oauth repo
|
||||
*
|
||||
* @author rozagerardo
|
||||
*
|
||||
*/
|
||||
@PropertySource("classpath:webclient-manual-request-oauth-application.properties")
|
||||
@SpringBootApplication
|
||||
public class ManualRequestApplication {
|
||||
|
||||
|
||||
@ -3,8 +3,8 @@ package com.baeldung.webclient.manualrequest.web;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.util.Base64Utils;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
@ -22,10 +22,16 @@ public class ManualOauthRequestController {
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(ManualOauthRequestController.class);
|
||||
|
||||
private static final String TOKEN_ENDPOINT = "localhost:8085/oauth/token";
|
||||
private static final String RESOURCE_ENDPOINT = "localhost:8084/retrieve-resource";
|
||||
private static final String CLIENT_ID = "bael-client-id";
|
||||
private static final String CLIENT_SECRET = "bael-secret";
|
||||
private static final String RESOURCE_ENDPOINT = "localhost:8082/spring-security-oauth-resource/foos/1";
|
||||
|
||||
@Value("${the.authorization.client-id}")
|
||||
private String clientId;
|
||||
|
||||
@Value("${the.authorization.client-secret}")
|
||||
private String clientSecret;
|
||||
|
||||
@Value("${the.authorization.token-uri}")
|
||||
private String tokenUri;
|
||||
|
||||
@Autowired
|
||||
WebClient client;
|
||||
@ -34,8 +40,8 @@ public class ManualOauthRequestController {
|
||||
public Mono<String> obtainSecuredResource() {
|
||||
logger.info("Creating web client...");
|
||||
Mono<String> resource = client.post()
|
||||
.uri(TOKEN_ENDPOINT)
|
||||
.header(HttpHeaders.AUTHORIZATION, "Basic " + Base64Utils.encodeToString((CLIENT_ID + ":" + CLIENT_SECRET).getBytes()))
|
||||
.uri(tokenUri)
|
||||
.header(HttpHeaders.AUTHORIZATION, "Basic " + Base64Utils.encodeToString((clientId + ":" + clientSecret).getBytes()))
|
||||
.body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, GrantType.CLIENT_CREDENTIALS.getValue()))
|
||||
.retrieve()
|
||||
.bodyToMono(JsonNode.class)
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
spring.security.oauth2.client.registration.bael.client-name=bael
|
||||
spring.security.oauth2.client.registration.bael.client-id=bael-client-id
|
||||
spring.security.oauth2.client.registration.bael.client-secret=bael-secret
|
||||
spring.security.oauth2.client.registration.bael.client-id=fooClientIdPassword
|
||||
spring.security.oauth2.client.registration.bael.client-secret=secret
|
||||
spring.security.oauth2.client.registration.bael.authorization-grant-type=authorization_code
|
||||
spring.security.oauth2.client.registration.bael.redirect-uri=http://localhost:8080/authorize/oauth2/code/bael
|
||||
|
||||
spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8085/oauth/token
|
||||
spring.security.oauth2.client.provider.bael.authorization-uri=http://localhost:8085/oauth/authorize
|
||||
spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8081/spring-security-oauth-server/oauth/token
|
||||
spring.security.oauth2.client.provider.bael.authorization-uri=http://localhost:8081/spring-security-oauth-server/oauth/authorize
|
||||
|
||||
spring.security.user.password=pass
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
spring.security.oauth2.client.registration.bael.client-name=bael
|
||||
spring.security.oauth2.client.registration.bael.client-id=bael-client-id
|
||||
spring.security.oauth2.client.registration.bael.client-secret=bael-secret
|
||||
spring.security.oauth2.client.registration.bael.client-id=fooClientIdPassword
|
||||
spring.security.oauth2.client.registration.bael.client-secret=secret
|
||||
spring.security.oauth2.client.registration.bael.authorization-grant-type=authorization_code
|
||||
spring.security.oauth2.client.registration.bael.redirect-uri=http://localhost:8080/login/oauth2/code/bael
|
||||
|
||||
spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8085/oauth/token
|
||||
spring.security.oauth2.client.provider.bael.authorization-uri=http://localhost:8085/oauth/authorize
|
||||
spring.security.oauth2.client.provider.bael.user-info-uri=http://localhost:8084/user
|
||||
spring.security.oauth2.client.provider.bael.user-name-attribute=name
|
||||
spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8081/spring-security-oauth-server/oauth/token
|
||||
spring.security.oauth2.client.provider.bael.authorization-uri=http://localhost:8081/spring-security-oauth-server/oauth/authorize
|
||||
spring.security.oauth2.client.provider.bael.user-info-uri=http://localhost:8082/spring-security-oauth-resource/users/extra
|
||||
spring.security.oauth2.client.provider.bael.user-name-attribute=user_name
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
spring.security.oauth2.client.registration.bael.authorization-grant-type=client_credentials
|
||||
spring.security.oauth2.client.registration.bael.client-id=bael-client-id
|
||||
spring.security.oauth2.client.registration.bael.client-secret=bael-secret
|
||||
spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8085/oauth/token
|
||||
spring.security.oauth2.client.registration.bael.client-id=fooClientIdPassword
|
||||
spring.security.oauth2.client.registration.bael.client-secret=secret
|
||||
spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8081/spring-security-oauth-server/oauth/token
|
||||
|
||||
@ -0,0 +1,3 @@
|
||||
the.authorization.client-id=fooClientIdPassword
|
||||
the.authorization.client-secret=secret
|
||||
the.authorization.token-uri=http://localhost:8081/spring-security-oauth-server/oauth/token
|
||||
@ -19,9 +19,9 @@ import ch.qos.logback.classic.spi.ILoggingEvent;
|
||||
|
||||
/**
|
||||
*
|
||||
* Note: this Live test requires the Authorization Service and the Resource service located in the spring-5-security-oauth module
|
||||
* Note: this Live test requires the Authorization Service and the Resource service located in the Baeldung/spring-security-oauth repo
|
||||
*
|
||||
* @author ger
|
||||
* @author rozagerardo
|
||||
*
|
||||
*/
|
||||
@RunWith(SpringRunner.class)
|
||||
@ -46,7 +46,7 @@ public class OAuth2ClientCredentialsLiveTest {
|
||||
.stream()
|
||||
.map(ILoggingEvent::getFormattedMessage)
|
||||
.collect(Collectors.toList());
|
||||
assertThat(allLoggedEntries).anyMatch(entry -> entry.contains("We retrieved the following resource using Client Credentials Grant Type: This is the resource!"));
|
||||
assertThat(allLoggedEntries).anyMatch(entry -> entry.contains("We retrieved the following resource using Client Credentials Grant Type: {\"id\""));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
package com.baeldung.webclient.manualrequest;
|
||||
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
@ -8,7 +9,7 @@ import org.springframework.test.web.reactive.server.WebTestClient.ResponseSpec;
|
||||
/**
|
||||
*
|
||||
* Note: this Live test requires not only the corresponding application running,
|
||||
* but also the Authorization Service and the Resource service located in the spring-5-security-oauth module.
|
||||
* but also the Authorization Service and the Resource service located in the Baeldung/spring-security-oauth repo
|
||||
*
|
||||
*
|
||||
* @author ger
|
||||
@ -37,7 +38,7 @@ public class OAuth2ManualRequestLiveTest {
|
||||
response.expectStatus()
|
||||
.isOk()
|
||||
.expectBody(String.class)
|
||||
.isEqualTo("Retrieved the resource using a manual approach: This is the resource!");
|
||||
.value(Matchers.containsString("Retrieved the resource using a manual approach: {\"id\""));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
package com.baeldung.webclient.authorizationserver;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||
|
||||
@EnableAuthorizationServer
|
||||
@PropertySource("classpath:webclient-authorization-application.properties")
|
||||
@SpringBootApplication
|
||||
public class AuthorizationServerApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(AuthorizationServerApplication.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,26 +0,0 @@
|
||||
package com.baeldung.webclient.authorizationserver.configuration;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/login", "/user")
|
||||
.permitAll()
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.and()
|
||||
.httpBasic();
|
||||
}
|
||||
}
|
||||
@ -1,17 +0,0 @@
|
||||
package com.baeldung.webclient.resourceserver;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||
|
||||
@EnableResourceServer
|
||||
@PropertySource("webclient-resources-application.properties")
|
||||
@SpringBootApplication
|
||||
public class ResourceServerApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(ResourceServerApplication.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,29 +0,0 @@
|
||||
package com.baeldung.webclient.resourceserver.configuration;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
|
||||
|
||||
@Configuration
|
||||
public class AuthorizationConfigs {
|
||||
|
||||
@Value("${oauth.authserver.client-id}")
|
||||
String clientId;
|
||||
|
||||
@Value("${oauth.authserver.client-secret}")
|
||||
String clientSecret;
|
||||
|
||||
@Value("${oauth.authserver.check-token-endpoint}")
|
||||
String checkTokenEndpoint;
|
||||
|
||||
@Bean
|
||||
public ResourceServerTokenServices tokenSvc() {
|
||||
RemoteTokenServices remoteService = new RemoteTokenServices();
|
||||
remoteService.setCheckTokenEndpointUrl(checkTokenEndpoint);
|
||||
remoteService.setClientId(clientId);
|
||||
remoteService.setClientSecret(clientSecret);
|
||||
return remoteService;
|
||||
}
|
||||
}
|
||||
@ -1,23 +0,0 @@
|
||||
package com.baeldung.webclient.resourceserver.web;
|
||||
|
||||
import java.security.Principal;
|
||||
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
public class ResourceRestController {
|
||||
|
||||
@GetMapping("/retrieve-resource")
|
||||
public String retrieveResource() {
|
||||
return "This is the resource!";
|
||||
}
|
||||
|
||||
@GetMapping("/user")
|
||||
@ResponseBody
|
||||
public Principal user(Principal user) {
|
||||
return user;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,13 +0,0 @@
|
||||
server.port=8085
|
||||
|
||||
security.oauth2.client.client-id=bael-client-id
|
||||
security.oauth2.client.client-secret=bael-secret
|
||||
security.oauth2.client.scope=read,write
|
||||
|
||||
security.oauth2.authorization.check-token-access=isAuthenticated()
|
||||
|
||||
spring.security.user.name=bael-user
|
||||
spring.security.user.password=bael-password
|
||||
|
||||
security.oauth2.client.registered-redirect-uri=http://localhost:8080/login/oauth2/code/bael, http://localhost:8080/authorize/oauth2/code/bael
|
||||
security.oauth2.client.use-current-uri=false
|
||||
@ -1,6 +0,0 @@
|
||||
server.port=8084
|
||||
|
||||
#spring.security.oauth2.resourceserver.jwt.issuer-uri=localhost:8085
|
||||
oauth.authserver.client-id=bael-client-id
|
||||
oauth.authserver.client-secret=bael-secret
|
||||
oauth.authserver.check-token-endpoint=http://localhost:8085/oauth/check_token
|
||||
Loading…
x
Reference in New Issue
Block a user