From 0f2fea091b053a30c418532439c98ee13794767a Mon Sep 17 00:00:00 2001 From: DOHA Date: Wed, 28 Nov 2018 13:59:16 +0200 Subject: [PATCH 1/3] add more custom oauth examples --- .../CustomAuthorizationRequestResolver.java | 7 ++++++ .../LinkedinTokenResponseConverter.java | 24 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java index 025064423d..b3fcd15a9a 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java @@ -47,4 +47,11 @@ public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRe private OAuth2AuthorizationRequest customizeAuthorizationRequest1(OAuth2AuthorizationRequest req) { return OAuth2AuthorizationRequest.from(req).state("xyz").build(); } + + private OAuth2AuthorizationRequest customizeOktaReq(OAuth2AuthorizationRequest req) { + Map extraParams = new HashMap(); + extraParams.putAll(req.getAdditionalParameters()); + extraParams.put("idp", "https://idprovider.com"); + return OAuth2AuthorizationRequest.from(req).additionalParameters(extraParams).build(); + } } diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java new file mode 100644 index 0000000000..f638b6101a --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java @@ -0,0 +1,24 @@ +package com.baeldung.oauth2; + +import java.util.Map; + +import org.springframework.core.convert.converter.Converter; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; + +public class LinkedinTokenResponseConverter implements Converter, OAuth2AccessTokenResponse> { + + @Override + public OAuth2AccessTokenResponse convert(Map tokenResponseParameters) { + String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN); + long expiresIn = Long.valueOf(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN)); + + OAuth2AccessToken.TokenType accessTokenType = OAuth2AccessToken.TokenType.BEARER; + + return OAuth2AccessTokenResponse.withToken(accessToken) + .tokenType(accessTokenType) + .expiresIn(expiresIn) + .build(); + } +} From 186c2994a745dccf09a543bd578655556e2ff7c9 Mon Sep 17 00:00:00 2001 From: DOHA Date: Thu, 29 Nov 2018 01:51:07 +0200 Subject: [PATCH 2/3] organise oauth2 request code --- .../oauth2/CustomRequestSecurityConfig.java | 119 ++++++++++++++++++ .../com/baeldung/oauth2/SecurityConfig.java | 13 -- .../CustomAuthorizationRequestResolver.java | 2 +- .../CustomRequestEntityConverter.java | 2 +- .../CustomTokenResponseConverter.java | 2 +- .../LinkedinTokenResponseConverter.java | 2 +- 6 files changed, 123 insertions(+), 17 deletions(-) create mode 100644 spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java rename spring-5-security-oauth/src/main/java/com/baeldung/{oauth2 => oauth2request}/CustomAuthorizationRequestResolver.java (98%) rename spring-5-security-oauth/src/main/java/com/baeldung/{oauth2 => oauth2request}/CustomRequestEntityConverter.java (96%) rename spring-5-security-oauth/src/main/java/com/baeldung/{oauth2 => oauth2request}/CustomTokenResponseConverter.java (98%) rename spring-5-security-oauth/src/main/java/com/baeldung/{oauth2 => oauth2request}/LinkedinTokenResponseConverter.java (96%) diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java new file mode 100644 index 0000000000..51caee8178 --- /dev/null +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java @@ -0,0 +1,119 @@ +package com.baeldung.oauth2; + +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.PropertySource; +import org.springframework.core.env.Environment; +import org.springframework.http.converter.FormHttpMessageConverter; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.oauth2.client.CommonOAuth2Provider; +import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient; +import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; +import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; +import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler; +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; +import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter; +import org.springframework.web.client.RestTemplate; + +import com.baeldung.oauth2request.CustomAuthorizationRequestResolver; +import com.baeldung.oauth2request.CustomRequestEntityConverter; +import com.baeldung.oauth2request.CustomTokenResponseConverter; + +//@Configuration +@PropertySource("application-oauth2.properties") +public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/oauth_login", "/loginFailure", "/") + .permitAll() + .anyRequest() + .authenticated() + .and() + .oauth2Login() + .loginPage("/oauth_login") + .authorizationEndpoint() + .authorizationRequestResolver( new CustomAuthorizationRequestResolver(clientRegistrationRepository(),"/oauth2/authorize-client")) + + .baseUri("/oauth2/authorize-client") + .authorizationRequestRepository(authorizationRequestRepository()) + .and() + .tokenEndpoint() + .accessTokenResponseClient(accessTokenResponseClient()) + .and() + .defaultSuccessUrl("/loginSuccess") + .failureUrl("/loginFailure"); + } + + @Bean + public AuthorizationRequestRepository authorizationRequestRepository() { + return new HttpSessionOAuth2AuthorizationRequestRepository(); + } + + @Bean + public OAuth2AccessTokenResponseClient accessTokenResponseClient() { + DefaultAuthorizationCodeTokenResponseClient accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient(); + accessTokenResponseClient.setRequestEntityConverter(new CustomRequestEntityConverter()); + + OAuth2AccessTokenResponseHttpMessageConverter tokenResponseHttpMessageConverter = new OAuth2AccessTokenResponseHttpMessageConverter(); + tokenResponseHttpMessageConverter.setTokenResponseConverter(new CustomTokenResponseConverter()); + RestTemplate restTemplate = new RestTemplate(Arrays.asList(new FormHttpMessageConverter(), tokenResponseHttpMessageConverter)); + restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler()); + accessTokenResponseClient.setRestOperations(restTemplate); + return accessTokenResponseClient; + } + + + // additional configuration for non-Spring Boot projects + private static List clients = Arrays.asList("google", "facebook"); + + //@Bean + public ClientRegistrationRepository clientRegistrationRepository() { + List registrations = clients.stream() + .map(c -> getRegistration(c)) + .filter(registration -> registration != null) + .collect(Collectors.toList()); + + return new InMemoryClientRegistrationRepository(registrations); + } + + private static String CLIENT_PROPERTY_KEY = "spring.security.oauth2.client.registration."; + + @Autowired + private Environment env; + + private ClientRegistration getRegistration(String client) { + String clientId = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-id"); + + if (clientId == null) { + return null; + } + + String clientSecret = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-secret"); + if (client.equals("google")) { + return CommonOAuth2Provider.GOOGLE.getBuilder(client) + .clientId(clientId) + .clientSecret(clientSecret) + .build(); + } + if (client.equals("facebook")) { + return CommonOAuth2Provider.FACEBOOK.getBuilder(client) + .clientId(clientId) + .clientSecret(clientSecret) + .build(); + } + return null; + } + +} diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SecurityConfig.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SecurityConfig.java index cf27b01a75..e17e339142 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SecurityConfig.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/SecurityConfig.java @@ -9,22 +9,18 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; -import org.springframework.http.converter.FormHttpMessageConverter; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.oauth2.client.CommonOAuth2Provider; import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; -import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; -import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter; -import org.springframework.web.client.RestTemplate; @Configuration @PropertySource("application-oauth2.properties") @@ -41,8 +37,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .oauth2Login() .loginPage("/oauth_login") .authorizationEndpoint() - .authorizationRequestResolver( new CustomAuthorizationRequestResolver(clientRegistrationRepository(),"/oauth2/authorize-client")) - .baseUri("/oauth2/authorize-client") .authorizationRequestRepository(authorizationRequestRepository()) .and() @@ -61,13 +55,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public OAuth2AccessTokenResponseClient accessTokenResponseClient() { DefaultAuthorizationCodeTokenResponseClient accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient(); - accessTokenResponseClient.setRequestEntityConverter(new CustomRequestEntityConverter()); - - OAuth2AccessTokenResponseHttpMessageConverter tokenResponseHttpMessageConverter = new OAuth2AccessTokenResponseHttpMessageConverter(); - tokenResponseHttpMessageConverter.setTokenResponseConverter(new CustomTokenResponseConverter()); - RestTemplate restTemplate = new RestTemplate(Arrays.asList(new FormHttpMessageConverter(), tokenResponseHttpMessageConverter)); - restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler()); - accessTokenResponseClient.setRestOperations(restTemplate); return accessTokenResponseClient; } diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomAuthorizationRequestResolver.java similarity index 98% rename from spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java rename to spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomAuthorizationRequestResolver.java index b3fcd15a9a..47aacf9c06 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomAuthorizationRequestResolver.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomAuthorizationRequestResolver.java @@ -1,4 +1,4 @@ -package com.baeldung.oauth2; +package com.baeldung.oauth2request; import java.util.HashMap; import java.util.Map; diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestEntityConverter.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomRequestEntityConverter.java similarity index 96% rename from spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestEntityConverter.java rename to spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomRequestEntityConverter.java index 8884065769..5486105c34 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestEntityConverter.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomRequestEntityConverter.java @@ -1,4 +1,4 @@ -package com.baeldung.oauth2; +package com.baeldung.oauth2request; import org.springframework.core.convert.converter.Converter; import org.springframework.http.RequestEntity; diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomTokenResponseConverter.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomTokenResponseConverter.java similarity index 98% rename from spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomTokenResponseConverter.java rename to spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomTokenResponseConverter.java index 741f44871a..b9775d674a 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomTokenResponseConverter.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/CustomTokenResponseConverter.java @@ -1,4 +1,4 @@ -package com.baeldung.oauth2; +package com.baeldung.oauth2request; import java.util.Arrays; import java.util.Collections; diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/LinkedinTokenResponseConverter.java similarity index 96% rename from spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java rename to spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/LinkedinTokenResponseConverter.java index f638b6101a..89b3d32de5 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/LinkedinTokenResponseConverter.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2request/LinkedinTokenResponseConverter.java @@ -1,4 +1,4 @@ -package com.baeldung.oauth2; +package com.baeldung.oauth2request; import java.util.Map; From b02321519f0193b25a193cdbf5a7a7ce0313f5b1 Mon Sep 17 00:00:00 2001 From: Loredana Crusoveanu Date: Fri, 30 Nov 2018 19:28:39 +0200 Subject: [PATCH 3/3] Update CustomRequestSecurityConfig.java --- .../java/com/baeldung/oauth2/CustomRequestSecurityConfig.java | 1 - 1 file changed, 1 deletion(-) diff --git a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java index 51caee8178..2aba5a82ac 100644 --- a/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java +++ b/spring-5-security-oauth/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java @@ -115,5 +115,4 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter { } return null; } - }