diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/reactive/oauth/Spring5ReactiveOauthApplication.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/reactive/oauth/Spring5ReactiveOauthApplication.java index 602ded6b9e..b95517200e 100644 --- a/spring-5-reactive-oauth/src/main/java/com/baeldung/reactive/oauth/Spring5ReactiveOauthApplication.java +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/reactive/oauth/Spring5ReactiveOauthApplication.java @@ -3,11 +3,13 @@ package com.baeldung.reactive.oauth; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.PropertySource; import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction; import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository; import org.springframework.web.reactive.function.client.WebClient; +@PropertySource("classpath:default-application.yml") @SpringBootApplication public class Spring5ReactiveOauthApplication { diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/OauthClientApplication.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/OauthClientApplication.java new file mode 100644 index 0000000000..7bae78bb14 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/OauthClientApplication.java @@ -0,0 +1,24 @@ +package com.baeldung.webclient.authorizationcodeclient; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; + +/** + * + * Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth + * + * As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (bael-user/bael-password) and client configurations (bael-client-id/bael-secret) handled by the auth server + * + * @author rozagerardo + * + */ +@PropertySource("classpath:webclient-auth-code-client-application.properties") +@SpringBootApplication +public class OauthClientApplication { + + public static void main(String[] args) { + SpringApplication.run(OauthClientApplication.class, args); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/configuration/WebClientConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/configuration/WebClientConfig.java new file mode 100644 index 0000000000..884a3c145d --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/configuration/WebClientConfig.java @@ -0,0 +1,20 @@ +package com.baeldung.webclient.authorizationcodeclient.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository; +import org.springframework.web.reactive.function.client.WebClient; + +@Configuration +public class WebClientConfig { + + @Bean + WebClient webClientForAuthorized(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) { + ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients); + return WebClient.builder() + .filter(oauth) + .build(); + } +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/configuration/WebSecurityConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/configuration/WebSecurityConfig.java new file mode 100644 index 0000000000..4271ae96cf --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/configuration/WebSecurityConfig.java @@ -0,0 +1,22 @@ +package com.baeldung.webclient.authorizationcodeclient.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +@Configuration +public class WebSecurityConfig { + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + http.authorizeExchange() + .anyExchange() + .authenticated() + .and() + .oauth2Client() + .and() + .formLogin(); + return http.build(); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/web/ClientRestController.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/web/ClientRestController.java new file mode 100644 index 0000000000..c36b7d1dea --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodeclient/web/ClientRestController.java @@ -0,0 +1,53 @@ +package com.baeldung.webclient.authorizationcodeclient.web; + +import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId; +import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.reactive.function.client.WebClient; + +import reactor.core.publisher.Mono; + +@RestController +public class ClientRestController { + + private static final String RESOURCE_URI = "http://localhost:8084/retrieve-resource"; + + @Autowired + WebClient webClient; + + @GetMapping("/auth-code") + Mono useOauthWithAuthCode() { + Mono retrievedResource = webClient.get() + .uri(RESOURCE_URI) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string); + } + + @GetMapping("/auth-code-annotated") + Mono useOauthWithAuthCodeAndAnnotation(@RegisteredOAuth2AuthorizedClient("bael") OAuth2AuthorizedClient authorizedClient) { + Mono retrievedResource = webClient.get() + .uri(RESOURCE_URI) + .attributes(oauth2AuthorizedClient(authorizedClient)) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string + ". Principal associated: " + authorizedClient.getPrincipalName() + ". Token will expire at: " + authorizedClient.getAccessToken() + .getExpiresAt()); + } + + @GetMapping("/auth-code-explicit-client") + Mono useOauthWithExpicitClient() { + Mono retrievedResource = webClient.get() + .uri(RESOURCE_URI) + .attributes(clientRegistrationId("bael")) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/OauthClientApplication.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/OauthClientApplication.java new file mode 100644 index 0000000000..9dd6dd1bde --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/OauthClientApplication.java @@ -0,0 +1,24 @@ +package com.baeldung.webclient.authorizationcodelogin; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; + +/** + * + * Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth + * + * As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (bael-user/bael-password) and client configurations (bael-client-id/bael-secret) handled by the auth server + * + * @author rozagerardo + * + */ +@PropertySource("classpath:webclient-auth-code-login-application.properties") +@SpringBootApplication +public class OauthClientApplication { + + public static void main(String[] args) { + SpringApplication.run(OauthClientApplication.class, args); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/configuration/WebClientConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/configuration/WebClientConfig.java new file mode 100644 index 0000000000..15458cc60a --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/configuration/WebClientConfig.java @@ -0,0 +1,31 @@ +package com.baeldung.webclient.authorizationcodelogin.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository; +import org.springframework.web.reactive.function.client.WebClient; + +@Configuration +public class WebClientConfig { + + @Bean + @Primary + WebClient webClientForAuthorized(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) { + ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients); + oauth.setDefaultOAuth2AuthorizedClient(true); + return WebClient.builder() + .filter(oauth) + .build(); + } + + @Bean + WebClient otherWebClient(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) { + ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, authorizedClients); + return WebClient.builder() + .filter(oauth) + .build(); + } +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/configuration/WebSecurityConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/configuration/WebSecurityConfig.java new file mode 100644 index 0000000000..f45fc09222 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/configuration/WebSecurityConfig.java @@ -0,0 +1,20 @@ +package com.baeldung.webclient.authorizationcodelogin.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +@Configuration +public class WebSecurityConfig { + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + http.authorizeExchange() + .anyExchange() + .authenticated() + .and() + .oauth2Login(); + return http.build(); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/web/ClientRestController.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/web/ClientRestController.java new file mode 100644 index 0000000000..55e0096525 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/authorizationcodelogin/web/ClientRestController.java @@ -0,0 +1,68 @@ +package com.baeldung.webclient.authorizationcodelogin.web; + +import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId; +import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.reactive.function.client.WebClient; + +import reactor.core.publisher.Mono; + +@RestController +public class ClientRestController { + + private static final String RESOURCE_URI = "http://localhost:8084/retrieve-resource"; + + @Autowired + WebClient webClient; + + @Autowired + @Qualifier("otherWebClient") + WebClient otherWebClient; + + @GetMapping("/auth-code") + Mono useOauthWithAuthCode() { + Mono retrievedResource = webClient.get() + .uri(RESOURCE_URI) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string); + } + + @GetMapping("/auth-code-no-client") + Mono useOauthWithNoClient() { + // This call will fail, since we don't have the client properly set for this webClient + Mono retrievedResource = otherWebClient.get() + .uri(RESOURCE_URI) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string); + } + + @GetMapping("/auth-code-annotated") + Mono useOauthWithAuthCodeAndAnnotation(@RegisteredOAuth2AuthorizedClient("bael") OAuth2AuthorizedClient authorizedClient) { + Mono retrievedResource = otherWebClient.get() + .uri(RESOURCE_URI) + .attributes(oauth2AuthorizedClient(authorizedClient)) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string + ". Principal associated: " + authorizedClient.getPrincipalName() + ". Token will expire at: " + authorizedClient.getAccessToken() + .getExpiresAt()); + } + + @GetMapping("/auth-code-explicit-client") + Mono useOauthWithExpicitClient() { + Mono retrievedResource = otherWebClient.get() + .uri(RESOURCE_URI) + .attributes(clientRegistrationId("bael")) + .retrieve() + .bodyToMono(String.class); + return retrievedResource.map(string -> "We retrieved the following resource using Oauth: " + string); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/ClientCredentialsOauthApplication.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/ClientCredentialsOauthApplication.java new file mode 100644 index 0000000000..d1b9f7f744 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/ClientCredentialsOauthApplication.java @@ -0,0 +1,26 @@ +package com.baeldung.webclient.clientcredentials; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; +import org.springframework.scheduling.annotation.EnableScheduling; + +/** + * + * Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth + * + * As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using credentials handled by the auth server (bael-user/bael-password) + * + * @author rozagerardo + * + */ +@PropertySource("classpath:webclient-client-credentials-oauth-application.properties") +@EnableScheduling +@SpringBootApplication +public class ClientCredentialsOauthApplication { + + public static void main(String[] args) { + SpringApplication.run(ClientCredentialsOauthApplication.class, args); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/configuration/WebClientConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/configuration/WebClientConfig.java new file mode 100644 index 0000000000..8ffc92b4cd --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/configuration/WebClientConfig.java @@ -0,0 +1,22 @@ +package com.baeldung.webclient.clientcredentials.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository; +import org.springframework.web.reactive.function.client.WebClient; + +@Configuration +public class WebClientConfig { + + @Bean + WebClient webClient(ReactiveClientRegistrationRepository clientRegistrations) { + ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrations, new UnAuthenticatedServerOAuth2AuthorizedClientRepository()); + oauth.setDefaultClientRegistrationId("bael"); + return WebClient.builder() + .filter(oauth) + .build(); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/service/WebClientChonJob.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/service/WebClientChonJob.java new file mode 100644 index 0000000000..dc38ce3f9e --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/clientcredentials/service/WebClientChonJob.java @@ -0,0 +1,33 @@ +package com.baeldung.webclient.clientcredentials.service; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.scheduling.annotation.Scheduled; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; +import org.springframework.stereotype.Component; +import org.springframework.web.reactive.function.client.WebClient; + +@Component +public class WebClientChonJob { + + Logger logger = LoggerFactory.getLogger(WebClientChonJob.class); + + private static final String RESOURCE_URI = "http://localhost:8084/retrieve-resource"; + + @Autowired + private WebClient webClient; + + @Scheduled(fixedRate = 1000) + public void logResourceServiceResponse() { + + webClient.get() + .uri(RESOURCE_URI) + .retrieve() + .bodyToMono(String.class) + .map(string -> "We retrieved the following resource using Client Credentials Grant Type: " + string) + .subscribe(logger::info); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/ManualRequestApplication.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/ManualRequestApplication.java new file mode 100644 index 0000000000..c2762ad559 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/ManualRequestApplication.java @@ -0,0 +1,23 @@ +package com.baeldung.webclient.manualrequest; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; + +/** + * + * Note: This app is configured to use the authorization service and the resource service located in module spring-5-security-oauth + * + * As we usually do with other well-known auth providers (github/facebook/...) we have to log-in using user credentials (bael-user/bael-password) and client configurations (bael-client-id/bael-secret) handled by the auth server + * + * @author rozagerardo + * + */ +@SpringBootApplication +public class ManualRequestApplication { + + public static void main(String[] args) { + SpringApplication.run(ManualRequestApplication.class, args); + } + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/configure/WebClientConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/configure/WebClientConfig.java new file mode 100644 index 0000000000..51fc60821a --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/configure/WebClientConfig.java @@ -0,0 +1,16 @@ +package com.baeldung.webclient.manualrequest.configure; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.reactive.function.client.WebClient; + +@Configuration +public class WebClientConfig { + + @Bean + public WebClient configureWebClient() { + return WebClient.builder() + .build(); + }; + +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/configure/WebSecurityConfig.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/configure/WebSecurityConfig.java new file mode 100644 index 0000000000..1753681db8 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/configure/WebSecurityConfig.java @@ -0,0 +1,17 @@ +package com.baeldung.webclient.manualrequest.configure; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +@Configuration +public class WebSecurityConfig { + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + http.authorizeExchange() + .anyExchange() + .permitAll(); + return http.build(); + } +} diff --git a/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/web/ManualOauthRequestController.java b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/web/ManualOauthRequestController.java new file mode 100644 index 0000000000..9f9d6d3167 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/java/com/baeldung/webclient/manualrequest/web/ManualOauthRequestController.java @@ -0,0 +1,57 @@ +package com.baeldung.webclient.manualrequest.web; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; +import org.springframework.util.Base64Utils; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.reactive.function.BodyInserters; +import org.springframework.web.reactive.function.client.WebClient; + +import com.fasterxml.jackson.databind.JsonNode; +import com.nimbusds.oauth2.sdk.GrantType; + +import reactor.core.publisher.Mono; + +@RestController +public class ManualOauthRequestController { + + private static Logger logger = LoggerFactory.getLogger(ManualOauthRequestController.class); + + private static final String TOKEN_ENDPOINT = "localhost:8085/oauth/token"; + private static final String RESOURCE_ENDPOINT = "localhost:8084/retrieve-resource"; + private static final String CLIENT_ID = "bael-client-id"; + private static final String CLIENT_SECRET = "bael-secret"; + + @Autowired + WebClient client; + + @GetMapping("/manual-request-oauth") + public Mono obtainSecuredResource() { + logger.info("Creating web client..."); + Mono resource = client.post() + .uri(TOKEN_ENDPOINT) + .header(HttpHeaders.AUTHORIZATION, "Basic " + Base64Utils.encodeToString((CLIENT_ID + ":" + CLIENT_SECRET).getBytes())) + .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, GrantType.CLIENT_CREDENTIALS.getValue())) + .retrieve() + .bodyToMono(JsonNode.class) + .flatMap(tokenResponse -> { + String accessTokenValue = tokenResponse.get("access_token") + .textValue(); + logger.info("Retrieved the following access token: {}", accessTokenValue); + return client.get() + .uri(RESOURCE_ENDPOINT) + .headers(h -> h.setBearerAuth(accessTokenValue)) + .retrieve() + .bodyToMono(String.class); + }); + logger.info("non-blocking Oauth calls registered..."); + return resource.map(res -> "Retrieved the resource using a manual approach: " + res); + + } + +} diff --git a/spring-5-reactive-oauth/src/main/resources/application.yml b/spring-5-reactive-oauth/src/main/resources/application.yml index e35e19b344..bec62fdd33 100644 --- a/spring-5-reactive-oauth/src/main/resources/application.yml +++ b/spring-5-reactive-oauth/src/main/resources/application.yml @@ -1,20 +1,3 @@ -spring: - security: - oauth2: - client: - registration: - google: - client-id: YOUR_APP_CLIENT_ID - client-secret: YOUR_APP_CLIENT_SECRET - custom: - client-id: fooClientIdPassword - client-secret: secret - scopes: read,foo - authorization-grant-type: authorization_code - redirect-uri-template: http://localhost:8080/login/oauth2/code/custom - provider: - custom: - authorization-uri: http://localhost:8081/spring-security-oauth-server/oauth/authorize - token-uri: http://localhost:8081/spring-security-oauth-server/oauth/token - user-info-uri: http://localhost:8088/spring-security-oauth-resource/users/extra - user-name-attribute: user_name \ No newline at end of file +logging: + level: + root: DEBUG \ No newline at end of file diff --git a/spring-5-reactive-oauth/src/main/resources/default-application.yml b/spring-5-reactive-oauth/src/main/resources/default-application.yml new file mode 100644 index 0000000000..e35e19b344 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/resources/default-application.yml @@ -0,0 +1,20 @@ +spring: + security: + oauth2: + client: + registration: + google: + client-id: YOUR_APP_CLIENT_ID + client-secret: YOUR_APP_CLIENT_SECRET + custom: + client-id: fooClientIdPassword + client-secret: secret + scopes: read,foo + authorization-grant-type: authorization_code + redirect-uri-template: http://localhost:8080/login/oauth2/code/custom + provider: + custom: + authorization-uri: http://localhost:8081/spring-security-oauth-server/oauth/authorize + token-uri: http://localhost:8081/spring-security-oauth-server/oauth/token + user-info-uri: http://localhost:8088/spring-security-oauth-resource/users/extra + user-name-attribute: user_name \ No newline at end of file diff --git a/spring-5-reactive-oauth/src/main/resources/webclient-auth-code-client-application.properties b/spring-5-reactive-oauth/src/main/resources/webclient-auth-code-client-application.properties new file mode 100644 index 0000000000..612777a06d --- /dev/null +++ b/spring-5-reactive-oauth/src/main/resources/webclient-auth-code-client-application.properties @@ -0,0 +1,10 @@ +spring.security.oauth2.client.registration.bael.client-name=bael +spring.security.oauth2.client.registration.bael.client-id=bael-client-id +spring.security.oauth2.client.registration.bael.client-secret=bael-secret +spring.security.oauth2.client.registration.bael.authorization-grant-type=authorization_code +spring.security.oauth2.client.registration.bael.redirect-uri=http://localhost:8080/authorize/oauth2/code/bael + +spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8085/oauth/token +spring.security.oauth2.client.provider.bael.authorization-uri=http://localhost:8085/oauth/authorize + +spring.security.user.password=pass diff --git a/spring-5-reactive-oauth/src/main/resources/webclient-auth-code-login-application.properties b/spring-5-reactive-oauth/src/main/resources/webclient-auth-code-login-application.properties new file mode 100644 index 0000000000..edd5b80b13 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/resources/webclient-auth-code-login-application.properties @@ -0,0 +1,10 @@ +spring.security.oauth2.client.registration.bael.client-name=bael +spring.security.oauth2.client.registration.bael.client-id=bael-client-id +spring.security.oauth2.client.registration.bael.client-secret=bael-secret +spring.security.oauth2.client.registration.bael.authorization-grant-type=authorization_code +spring.security.oauth2.client.registration.bael.redirect-uri=http://localhost:8080/login/oauth2/code/bael + +spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8085/oauth/token +spring.security.oauth2.client.provider.bael.authorization-uri=http://localhost:8085/oauth/authorize +spring.security.oauth2.client.provider.bael.user-info-uri=http://localhost:8084/user +spring.security.oauth2.client.provider.bael.user-name-attribute=name diff --git a/spring-5-reactive-oauth/src/main/resources/webclient-client-credentials-oauth-application.properties b/spring-5-reactive-oauth/src/main/resources/webclient-client-credentials-oauth-application.properties new file mode 100644 index 0000000000..f82f74ec48 --- /dev/null +++ b/spring-5-reactive-oauth/src/main/resources/webclient-client-credentials-oauth-application.properties @@ -0,0 +1,4 @@ +spring.security.oauth2.client.registration.bael.authorization-grant-type=client_credentials +spring.security.oauth2.client.registration.bael.client-id=bael-client-id +spring.security.oauth2.client.registration.bael.client-secret=bael-secret +spring.security.oauth2.client.provider.bael.token-uri=http://localhost:8085/oauth/token diff --git a/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/clientcredentials/OAuth2ClientCredentialsLiveTest.java b/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/clientcredentials/OAuth2ClientCredentialsLiveTest.java new file mode 100644 index 0000000000..e31815c3f8 --- /dev/null +++ b/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/clientcredentials/OAuth2ClientCredentialsLiveTest.java @@ -0,0 +1,52 @@ +package com.baeldung.webclient.clientcredentials; + +import static org.assertj.core.api.Assertions.assertThat; + +import java.util.Collection; +import java.util.stream.Collectors; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit4.SpringRunner; + +import com.baeldung.webclient.clientcredentials.service.WebClientChonJob; +import com.baeldung.webclient.utils.ListAppender; + +import ch.qos.logback.classic.spi.ILoggingEvent; + +/** + * + * Note: this Live test requires the Authorization Service and the Resource service located in the spring-5-security-oauth module + * + * @author ger + * + */ +@RunWith(SpringRunner.class) +@SpringBootTest(classes = { ClientCredentialsOauthApplication.class }) +public class OAuth2ClientCredentialsLiveTest { + + @Autowired + WebClientChonJob service; + + @Before + public void clearLogList() { + ListAppender.clearEventList(); + } + + @Test + public void givenFooWithNullId_whenProcessFoo_thenLogsWithDebugTrace() throws Exception { + service.logResourceServiceResponse(); + + Thread.sleep(3000); + + Collection allLoggedEntries = ListAppender.getEvents() + .stream() + .map(ILoggingEvent::getFormattedMessage) + .collect(Collectors.toList()); + assertThat(allLoggedEntries).anyMatch(entry -> entry.contains("We retrieved the following resource using Client Credentials Grant Type: This is the resource!")); + } + +} diff --git a/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/manualrequest/OAuth2ManualRequestLiveTest.java b/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/manualrequest/OAuth2ManualRequestLiveTest.java new file mode 100644 index 0000000000..94aa580f0a --- /dev/null +++ b/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/manualrequest/OAuth2ManualRequestLiveTest.java @@ -0,0 +1,43 @@ +package com.baeldung.webclient.manualrequest; + +import org.junit.Before; +import org.junit.Test; +import org.springframework.test.web.reactive.server.WebTestClient; +import org.springframework.test.web.reactive.server.WebTestClient.ResponseSpec; + +/** + * + * Note: this Live test requires not only the corresponding application running, + * but also the Authorization Service and the Resource service located in the spring-5-security-oauth module. + * + * + * @author ger + * + */ +public class OAuth2ManualRequestLiveTest { + + private static final String BASE_URL = "http://localhost:8080"; + private static final String MANUAL_REQUEST_URI = "/manual-request-oauth"; + + private static WebTestClient client; + + @Before + public void setup() { + client = WebTestClient.bindToServer() + .baseUrl(BASE_URL) + .build(); + } + + @Test + public void whenRequestingDebugHookOn_thenObtainExpectedMessage() { + ResponseSpec response = client.get() + .uri(MANUAL_REQUEST_URI) + .exchange(); + + response.expectStatus() + .isOk() + .expectBody(String.class) + .isEqualTo("Retrieved the resource using a manual approach: This is the resource!"); + } + +} diff --git a/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/utils/ListAppender.java b/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/utils/ListAppender.java new file mode 100644 index 0000000000..6f8fbe004a --- /dev/null +++ b/spring-5-reactive-oauth/src/test/java/com/baeldung/webclient/utils/ListAppender.java @@ -0,0 +1,25 @@ +package com.baeldung.webclient.utils; + +import java.util.ArrayList; +import java.util.List; + +import ch.qos.logback.classic.spi.ILoggingEvent; +import ch.qos.logback.core.AppenderBase; + +public class ListAppender extends AppenderBase { + + static private List events = new ArrayList<>(); + + @Override + protected void append(ILoggingEvent eventObject) { + events.add(eventObject); + } + + public static List getEvents() { + return events; + } + + public static void clearEventList() { + events.clear(); + } +} \ No newline at end of file diff --git a/spring-5-reactive-oauth/src/test/resources/logback-test.xml b/spring-5-reactive-oauth/src/test/resources/logback-test.xml new file mode 100644 index 0000000000..891c54bfd3 --- /dev/null +++ b/spring-5-reactive-oauth/src/test/resources/logback-test.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SpringOAuthApplication.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SpringOAuthApplication.java index 557c23b368..1478b03d2e 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SpringOAuthApplication.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SpringOAuthApplication.java @@ -2,7 +2,9 @@ package com.baeldung.oauth2; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; +@PropertySource("classpath:default-application.properties") @SpringBootApplication public class SpringOAuthApplication { diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java index 6ab4d525bf..174e5b0fdf 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java @@ -3,10 +3,12 @@ package com.baeldung.oauth2extractors; import org.apache.logging.log4j.util.Strings; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.AbstractEnvironment; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; +@PropertySource("classpath:default-application.properties") @SpringBootApplication @Controller public class ExtractorsApplication { diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/webclient/authorizationserver/AuthorizationServerApplication.java b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/authorizationserver/AuthorizationServerApplication.java new file mode 100644 index 0000000000..d72704386c --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/authorizationserver/AuthorizationServerApplication.java @@ -0,0 +1,17 @@ +package com.baeldung.webclient.authorizationserver; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; + +@EnableAuthorizationServer +@PropertySource("classpath:webclient-authorization-application.properties") +@SpringBootApplication +public class AuthorizationServerApplication { + + public static void main(String[] args) { + SpringApplication.run(AuthorizationServerApplication.class, args); + } + +} diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/webclient/authorizationserver/configuration/WebSecurityConfig.java b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/authorizationserver/configuration/WebSecurityConfig.java new file mode 100644 index 0000000000..5dd15f1b8c --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/authorizationserver/configuration/WebSecurityConfig.java @@ -0,0 +1,26 @@ +package com.baeldung.webclient.authorizationserver.configuration; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@EnableWebSecurity +@Configuration +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/login", "/user") + .permitAll() + .and() + .authorizeRequests() + .anyRequest() + .authenticated() + .and() + .formLogin() + .and() + .httpBasic(); + } +} diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/ResourceServerApplication.java b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/ResourceServerApplication.java new file mode 100644 index 0000000000..50ad293ef8 --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/ResourceServerApplication.java @@ -0,0 +1,17 @@ +package com.baeldung.webclient.resourceserver; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.PropertySource; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; + +@EnableResourceServer +@PropertySource("webclient-resources-application.properties") +@SpringBootApplication +public class ResourceServerApplication { + + public static void main(String[] args) { + SpringApplication.run(ResourceServerApplication.class, args); + } + +} diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/configuration/AuthorizationConfigs.java b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/configuration/AuthorizationConfigs.java new file mode 100644 index 0000000000..5aea1983db --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/configuration/AuthorizationConfigs.java @@ -0,0 +1,29 @@ +package com.baeldung.webclient.resourceserver.configuration; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.provider.token.RemoteTokenServices; +import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; + +@Configuration +public class AuthorizationConfigs { + + @Value("${oauth.authserver.client-id}") + String clientId; + + @Value("${oauth.authserver.client-secret}") + String clientSecret; + + @Value("${oauth.authserver.check-token-endpoint}") + String checkTokenEndpoint; + + @Bean + public ResourceServerTokenServices tokenSvc() { + RemoteTokenServices remoteService = new RemoteTokenServices(); + remoteService.setCheckTokenEndpointUrl(checkTokenEndpoint); + remoteService.setClientId(clientId); + remoteService.setClientSecret(clientSecret); + return remoteService; + } +} diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/web/ResourceRestController.java b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/web/ResourceRestController.java new file mode 100644 index 0000000000..aef0fb4d7d --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/webclient/resourceserver/web/ResourceRestController.java @@ -0,0 +1,23 @@ +package com.baeldung.webclient.resourceserver.web; + +import java.security.Principal; + +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class ResourceRestController { + + @GetMapping("/retrieve-resource") + public String retrieveResource() { + return "This is the resource!"; + } + + @GetMapping("/user") + @ResponseBody + public Principal user(Principal user) { + return user; + } + +} diff --git a/spring-5-security-oauth/src/main/resources/application.properties b/spring-5-security-oauth/src/main/resources/application.properties index 5912b0f755..c84e745918 100644 --- a/spring-5-security-oauth/src/main/resources/application.properties +++ b/spring-5-security-oauth/src/main/resources/application.properties @@ -1,5 +1,3 @@ -server.port=8081 - logging.level.root=INFO logging.level.com.baeldung.dsl.ClientErrorLoggingFilter=DEBUG \ No newline at end of file diff --git a/spring-5-security-oauth/src/main/resources/default-application.properties b/spring-5-security-oauth/src/main/resources/default-application.properties new file mode 100644 index 0000000000..bafddced85 --- /dev/null +++ b/spring-5-security-oauth/src/main/resources/default-application.properties @@ -0,0 +1 @@ +server.port=8081 \ No newline at end of file diff --git a/spring-5-security-oauth/src/main/resources/webclient-authorization-application.properties b/spring-5-security-oauth/src/main/resources/webclient-authorization-application.properties new file mode 100644 index 0000000000..9531045359 --- /dev/null +++ b/spring-5-security-oauth/src/main/resources/webclient-authorization-application.properties @@ -0,0 +1,13 @@ +server.port=8085 + +security.oauth2.client.client-id=bael-client-id +security.oauth2.client.client-secret=bael-secret +security.oauth2.client.scope=read,write + +security.oauth2.authorization.check-token-access=isAuthenticated() + +spring.security.user.name=bael-user +spring.security.user.password=bael-password + +security.oauth2.client.registered-redirect-uri=http://localhost:8080/login/oauth2/code/bael, http://localhost:8080/authorize/oauth2/code/bael +security.oauth2.client.use-current-uri=false \ No newline at end of file diff --git a/spring-5-security-oauth/src/main/resources/webclient-resources-application.properties b/spring-5-security-oauth/src/main/resources/webclient-resources-application.properties new file mode 100644 index 0000000000..1cfb9ca12d --- /dev/null +++ b/spring-5-security-oauth/src/main/resources/webclient-resources-application.properties @@ -0,0 +1,6 @@ +server.port=8084 + +#spring.security.oauth2.resourceserver.jwt.issuer-uri=localhost:8085 +oauth.authserver.client-id=bael-client-id +oauth.authserver.client-secret=bael-secret +oauth.authserver.check-token-endpoint=http://localhost:8085/oauth/check_token