JAVA-13321 Removed code unrelated to spring-cloud-gateway article topics
This commit is contained in:
Anastasios Ioannidis
parent
2c75cd99ce
commit
f1b3f233dc
|
|
@ -1,40 +0,0 @@
|
|||
# OAuth Test Setup
|
||||
|
||||
In order to test the OAuth-secured gateway configurations, please follow the steps below
|
||||
|
||||
## Keycloak setup
|
||||
|
||||
1. Clone or download the https://github.com/Baeldung/spring-security-oauth project
|
||||
2. Replace the file `oauth-rest/oauth-authorization-server/src/main/resources/baeldung-realm.json`
|
||||
with the one provider here
|
||||
3. Go to the oauth-rest/oauth-authorization-server folder and use maven to build the project
|
||||
4. Run the Keycloack service with `mvn spring-boot:run`
|
||||
5. Once Keycloak is up and running, go to `http://localhost:8083/auth/admin/master/console/#/realms/baeldung` and
|
||||
log in with using `bael-admin/pass` as credentials
|
||||
6. Create two test users, so that one belongs to the *Golden Customers* group and the other doesn't.
|
||||
|
||||
## Quotes backend
|
||||
|
||||
Use the provided maven profile:
|
||||
|
||||
```
|
||||
$ mvn spring-boot:run -Pquotes-application
|
||||
```
|
||||
|
||||
## Gateway as Resource Server
|
||||
|
||||
Use the provided maven profile:
|
||||
|
||||
```
|
||||
$ mvn spring-boot:run -Pgateway-as-resource-server
|
||||
```
|
||||
|
||||
## Gateway as OAuth 2.0 Client
|
||||
|
||||
Use the provided maven profile:
|
||||
|
||||
```
|
||||
$ mvn spring-boot:run -Pgateway-as-oauth-client
|
||||
```
|
||||
|
||||
|
||||
|
|
@ -121,50 +121,6 @@
|
|||
</build>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>quotes-application</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<mainClass>com.baeldung.springcloudgateway.oauth.backend.QuotesApplication</mainClass>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>gateway-as-resource-server</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<mainClass>com.baeldung.springcloudgateway.oauth.server.ResourceServerGatewayApplication</mainClass>
|
||||
<jvmArguments>-Dspring.profiles.active=resource-server</jvmArguments>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>gateway-as-oauth-client</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<mainClass>com.baeldung.springcloudgateway.oauth.server.ResourceServerGatewayApplication</mainClass>
|
||||
<jvmArguments>-Dspring.profiles.active=oauth-client</jvmArguments>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>gateway-url-rewrite</id>
|
||||
<build>
|
||||
|
|
|
|||
|
|
@ -1,44 +0,0 @@
|
|||
/**
|
||||
*
|
||||
*/
|
||||
package com.baeldung.springcloudgateway.oauth.backend;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
|
||||
|
||||
import com.baeldung.springcloudgateway.oauth.shared.KeycloakReactiveTokenInstrospector;
|
||||
|
||||
/**
|
||||
* @author Philippe
|
||||
*
|
||||
*/
|
||||
@SpringBootApplication
|
||||
@PropertySource("classpath:quotes-application.properties")
|
||||
@EnableWebFluxSecurity
|
||||
public class QuotesApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(QuotesApplication.class);
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public ReactiveOpaqueTokenIntrospector keycloakIntrospector(OAuth2ResourceServerProperties props) {
|
||||
|
||||
NimbusReactiveOpaqueTokenIntrospector delegate = new NimbusReactiveOpaqueTokenIntrospector(
|
||||
props.getOpaquetoken().getIntrospectionUri(),
|
||||
props.getOpaquetoken().getClientId(),
|
||||
props.getOpaquetoken().getClientSecret());
|
||||
|
||||
return new KeycloakReactiveTokenInstrospector(delegate);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
package com.baeldung.springcloudgateway.oauth.backend.domain;
|
||||
|
||||
|
||||
public class Quote {
|
||||
|
||||
private String symbol;
|
||||
private double price;
|
||||
|
||||
/**
|
||||
* @return the symbol
|
||||
*/
|
||||
public String getSymbol() {
|
||||
return symbol;
|
||||
}
|
||||
/**
|
||||
* @param symbol the symbol to set
|
||||
*/
|
||||
public void setSymbol(String symbol) {
|
||||
this.symbol = symbol;
|
||||
}
|
||||
/**
|
||||
* @return the price
|
||||
*/
|
||||
public double getPrice() {
|
||||
return price;
|
||||
}
|
||||
/**
|
||||
* @param price the price to set
|
||||
*/
|
||||
public void setPrice(double price) {
|
||||
this.price = price;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
package com.baeldung.springcloudgateway.oauth.backend.web;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.baeldung.springcloudgateway.oauth.backend.domain.Quote;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
@RestController
|
||||
public class QuoteApi {
|
||||
private static final GrantedAuthority GOLD_CUSTOMER = new SimpleGrantedAuthority("gold");
|
||||
|
||||
@GetMapping("/quotes/{symbol}")
|
||||
public Mono<Quote> getQuote(@PathVariable("symbol") String symbol, BearerTokenAuthentication auth ) {
|
||||
|
||||
Quote q = new Quote();
|
||||
q.setSymbol(symbol);
|
||||
|
||||
if ( auth.getAuthorities().contains(GOLD_CUSTOMER)) {
|
||||
q.setPrice(10.0);
|
||||
}
|
||||
else {
|
||||
q.setPrice(12.0);
|
||||
}
|
||||
return Mono.just(q);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
package com.baeldung.springcloudgateway.oauth.server;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableWebFluxSecurity
|
||||
public class ResourceServerGatewayApplication {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(ResourceServerGatewayApplication.class,args);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
/**
|
||||
*
|
||||
*/
|
||||
package com.baeldung.springcloudgateway.oauth.shared;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
* Custom ReactiveTokenIntrospector to map realm roles into Spring GrantedAuthorities
|
||||
*
|
||||
*/
|
||||
public class KeycloakReactiveTokenInstrospector implements ReactiveOpaqueTokenIntrospector {
|
||||
|
||||
private final ReactiveOpaqueTokenIntrospector delegate;
|
||||
|
||||
public KeycloakReactiveTokenInstrospector(ReactiveOpaqueTokenIntrospector delegate) {
|
||||
this.delegate = delegate;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
|
||||
|
||||
return delegate.introspect(token)
|
||||
.map( this::mapPrincipal);
|
||||
}
|
||||
|
||||
protected OAuth2AuthenticatedPrincipal mapPrincipal(OAuth2AuthenticatedPrincipal principal) {
|
||||
|
||||
return new DefaultOAuth2AuthenticatedPrincipal(
|
||||
principal.getName(),
|
||||
principal.getAttributes(),
|
||||
extractAuthorities(principal));
|
||||
}
|
||||
|
||||
protected Collection<GrantedAuthority> extractAuthorities(OAuth2AuthenticatedPrincipal principal) {
|
||||
|
||||
//
|
||||
Map<String,List<String>> realm_access = principal.getAttribute("realm_access");
|
||||
List<String> roles = realm_access.getOrDefault("roles", Collections.emptyList());
|
||||
List<GrantedAuthority> rolesAuthorities = roles.stream()
|
||||
.map(SimpleGrantedAuthority::new)
|
||||
.collect(Collectors.toList());
|
||||
|
||||
Set<GrantedAuthority> allAuthorities = new HashSet<>();
|
||||
allAuthorities.addAll(principal.getAuthorities());
|
||||
allAuthorities.addAll(rolesAuthorities);
|
||||
|
||||
return allAuthorities;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
server:
|
||||
port: 8087
|
||||
spring:
|
||||
cloud:
|
||||
gateway:
|
||||
redis:
|
||||
enabled: false
|
||||
routes:
|
||||
- id: quotes
|
||||
uri: http://localhost:8085
|
||||
predicates:
|
||||
- Path=/quotes/**
|
||||
filters:
- TokenRelay=
|
||||
security:
|
||||
oauth2:
|
||||
client:
provider:
keycloak:
|
||||
issuer-uri: http://localhost:8083/auth/realms/baeldung
|
||||
registration:
quotes-client:
|
||||
provider: keycloak
|
||||
client-id: quotes-client
|
||||
client-secret: 0e082231-a70d-48e8-b8a5-fbfb743041b6
|
||||
scope:
- email
|
||||
- profile
|
||||
- roles
|
||||
|
||||
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
server:
|
||||
port: 8086
|
||||
spring:
|
||||
security:
|
||||
oauth2:
|
||||
resourceserver:
|
||||
opaquetoken:
|
||||
introspection-uri: http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/token/introspect
|
||||
client-id: quotes-client
|
||||
client-secret: 0e082231-a70d-48e8-b8a5-fbfb743041b6
|
||||
cloud:
|
||||
gateway:
|
||||
redis:
|
||||
enabled: false
|
||||
routes:
|
||||
- id: quotes
|
||||
uri: http://localhost:8085
|
||||
predicates:
|
||||
- Path=/quotes/**
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
server.port=8085
|
||||
# Disable gateway & redis as we don't need them in this application
|
||||
spring.cloud.gateway.enabled=false
|
||||
spring.cloud.gateway.redis.enabled=false
|
||||
|
||||
# Resource server settings
|
||||
spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/token/introspect
|
||||
spring.security.oauth2.resourceserver.opaquetoken.client-id=quotes-client
|
||||
spring.security.oauth2.resourceserver.opaquetoken.client-secret=0e082231-a70d-48e8-b8a5-fbfb743041b6
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue