From f993bc0435953a345abd9047a64bd8a047f0c23b Mon Sep 17 00:00:00 2001
From: Bogdan Stoean <4540392+BogdanStoean@users.noreply.github.com>
Date: Mon, 15 Jan 2018 23:05:19 +0200
Subject: [PATCH] [BAEL-1410] Spring Boot OAuth2 Support (#3409)
* initial setup with spring boot/ spring data jpa/ flyway
* BAEL-1315 - added flyway test extensions for spring
* BAEL-1315 - added flyway test extensions for spring
* BAEL-1315 - created multiple migration scripts and locations
* BAEL-1315 - test insert after schema creation
* cleanup
* BAEL-1315 - test data changes by a migration
* [BAEL-1410] Spring Boot Security Auto-Configuration
* [BAEL-1410] Added some tests for incorrect credentials use case
* [BAEL-1410] Added readme and some code improvements
* [BAEL-1410] removed form based auth config because is redundant
added oauth2 server auto-configuration sample with test
* [BAEL-1410] added custom Authorization Server Config
* [BAEL-1410] update README
* [BAEL-1410]refactor tests
* [BAEL-1410]oauth2 resource server
* [BAEL-1410]oauth2 sso sample with facebook
* [BAEL-1410]remove spring-flyway
---
spring-boot-security/README.md | 8 +-
spring-boot-security/pom.xml | 4 +
.../SpringBootSecurityApplication.java | 4 +-
.../config/BasicAuthConfiguration.java} | 6 +-
.../config/FormLoginConfiguration.java | 39 -------
.../SpringBootOAuth2ResourceApplication.java | 30 +++++
...ingBootAuthorizationServerApplication.java | 30 +++++
.../config/AuthorizationServerConfig.java | 39 +++++++
.../SpringBootOAuth2SsoApplication.java | 18 +++
.../resources/application-authz.properties | 3 +
.../resources/application-resource.properties | 2 +
.../main/resources/application-sso.properties | 9 ++
.../src/main/resources/application.properties | 6 +-
.../FormConfigurationIntegrationTest.java | 106 ------------------
...asicAuthConfigurationIntegrationTest.java} | 9 +-
...figAuthorizationServerIntegrationTest.java | 75 +++++++++++++
...figAuthorizationServerIntegrationTest.java | 44 ++++++++
17 files changed, 270 insertions(+), 162 deletions(-)
rename spring-boot-security/src/main/java/com/baeldung/springbootsecurity/{ => basic_auth}/SpringBootSecurityApplication.java (80%)
rename spring-boot-security/src/main/java/com/baeldung/springbootsecurity/{config/BasicConfiguration.java => basic_auth/config/BasicAuthConfiguration.java} (84%)
delete mode 100644 spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/FormLoginConfiguration.java
create mode 100644 spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2resource/SpringBootOAuth2ResourceApplication.java
create mode 100644 spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/SpringBootAuthorizationServerApplication.java
create mode 100644 spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java
create mode 100644 spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2sso/SpringBootOAuth2SsoApplication.java
create mode 100644 spring-boot-security/src/main/resources/application-authz.properties
create mode 100644 spring-boot-security/src/main/resources/application-resource.properties
create mode 100644 spring-boot-security/src/main/resources/application-sso.properties
delete mode 100644 spring-boot-security/src/test/java/com/baeldung/springbootsecurity/FormConfigurationIntegrationTest.java
rename spring-boot-security/src/test/java/com/baeldung/springbootsecurity/{BasicConfigurationIntegrationTest.java => basic_auth/BasicAuthConfigurationIntegrationTest.java} (86%)
create mode 100644 spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/CustomConfigAuthorizationServerIntegrationTest.java
create mode 100644 spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/DefaultConfigAuthorizationServerIntegrationTest.java
diff --git a/spring-boot-security/README.md b/spring-boot-security/README.md
index 26ab8b2337..a0ddb8de7b 100644
--- a/spring-boot-security/README.md
+++ b/spring-boot-security/README.md
@@ -1,6 +1,8 @@
### Spring Boot Security Auto-Configuration
- mvn clean install
-- uncomment in application.properties spring.profiles.active=basic # for basic auth config
-- uncomment in application.properties spring.profiles.active=form # for form based auth config
-- uncomment actuator dependency simultaneously with the line from main class
+- uncomment actuator dependency simultaneously with the line from basic auth main class
+- uncomment security properties for easy testing. If not random will be generated.
+
+### CURL commands
+- curl -X POST -u baeldung-admin:baeldung -d grant_type=client_credentials -d username=baeldung-admin -d password=baeldung http://localhost:8080/oauth/token
diff --git a/spring-boot-security/pom.xml b/spring-boot-security/pom.xml
index c35191a7fc..c1ec14ff64 100644
--- a/spring-boot-security/pom.xml
+++ b/spring-boot-security/pom.xml
@@ -43,6 +43,10 @@
org.springframework.boot
spring-boot-starter-security
+
+ org.springframework.security.oauth
+ spring-security-oauth2
+
org.springframework.boot
spring-boot-starter-web
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/SpringBootSecurityApplication.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/basic_auth/SpringBootSecurityApplication.java
similarity index 80%
rename from spring-boot-security/src/main/java/com/baeldung/springbootsecurity/SpringBootSecurityApplication.java
rename to spring-boot-security/src/main/java/com/baeldung/springbootsecurity/basic_auth/SpringBootSecurityApplication.java
index 3a85da72e5..2ecad4ae35 100644
--- a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/SpringBootSecurityApplication.java
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/basic_auth/SpringBootSecurityApplication.java
@@ -1,4 +1,4 @@
-package com.baeldung.springbootsecurity;
+package com.baeldung.springbootsecurity.basic_auth;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -7,7 +7,7 @@ import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
@SpringBootApplication(exclude = {
SecurityAutoConfiguration.class
// ,ManagementWebSecurityAutoConfiguration.class
-})
+}, scanBasePackages = "com.baeldung.springbootsecurity.basic_auth")
public class SpringBootSecurityApplication {
public static void main(String[] args) {
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/BasicConfiguration.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/basic_auth/config/BasicAuthConfiguration.java
similarity index 84%
rename from spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/BasicConfiguration.java
rename to spring-boot-security/src/main/java/com/baeldung/springbootsecurity/basic_auth/config/BasicAuthConfiguration.java
index 1b08e5ee22..993c573fb0 100644
--- a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/BasicConfiguration.java
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/basic_auth/config/BasicAuthConfiguration.java
@@ -1,7 +1,6 @@
-package com.baeldung.springbootsecurity.config;
+package com.baeldung.springbootsecurity.basic_auth.config;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -9,8 +8,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
@Configuration
@EnableWebSecurity
-@Profile("basic")
-public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+public class BasicAuthConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/FormLoginConfiguration.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/FormLoginConfiguration.java
deleted file mode 100644
index b4902a9ffc..0000000000
--- a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/config/FormLoginConfiguration.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package com.baeldung.springbootsecurity.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
-@Configuration
-@EnableWebSecurity
-@Profile("form")
-public class FormLoginConfiguration extends WebSecurityConfigurerAdapter {
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth
- .inMemoryAuthentication()
- .withUser("user")
- .password("password")
- .roles("USER")
- .and()
- .withUser("admin")
- .password("password")
- .roles("USER", "ADMIN");
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- .anyRequest()
- .authenticated()
- .and()
- .formLogin()
- .and()
- .httpBasic();
- }
-}
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2resource/SpringBootOAuth2ResourceApplication.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2resource/SpringBootOAuth2ResourceApplication.java
new file mode 100644
index 0000000000..56231a28bd
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2resource/SpringBootOAuth2ResourceApplication.java
@@ -0,0 +1,30 @@
+package com.baeldung.springbootsecurity.oauth2resource;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@EnableResourceServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2resource")
+public class SpringBootOAuth2ResourceApplication {
+
+ public static void main(String[] args) {
+ new SpringApplicationBuilder()
+ .profiles("resource")
+ .sources(SpringBootOAuth2ResourceApplication.class)
+ .build()
+ .run(args);
+ }
+
+ @RestController
+ class SecuredResourceController {
+
+ @GetMapping("/securedResource")
+ public String securedResource() {
+ return "Baeldung Secured Resource OK";
+ }
+
+ }
+}
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/SpringBootAuthorizationServerApplication.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/SpringBootAuthorizationServerApplication.java
new file mode 100644
index 0000000000..44dabefbb8
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/SpringBootAuthorizationServerApplication.java
@@ -0,0 +1,30 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@EnableResourceServer
+@EnableAuthorizationServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2server")
+public class SpringBootAuthorizationServerApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(SpringBootAuthorizationServerApplication.class, args);
+ }
+
+ @RestController
+ class UserController {
+
+ @GetMapping("/user")
+ public Principal user(Principal user) {
+ return user;
+ }
+
+ }
+}
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java
new file mode 100644
index 0000000000..b403feb5c1
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java
@@ -0,0 +1,39 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+
+@Configuration
+@Profile("authz")
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+ @Autowired
+ private AuthenticationManager authenticationManager;
+
+ @Override
+ public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+ endpoints.authenticationManager(authenticationManager);
+ }
+
+ @Override
+ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+ clients
+ .inMemory()
+ .withClient("baeldung")
+ .secret("baeldung")
+ .authorizedGrantTypes("client_credentials", "password", "authorization_code")
+ .scopes("openid", "read")
+ .autoApprove(true)
+ .and()
+ .withClient("baeldung-admin")
+ .secret("baeldung")
+ .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token")
+ .scopes("read", "write")
+ .autoApprove(true);
+ }
+}
diff --git a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2sso/SpringBootOAuth2SsoApplication.java b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2sso/SpringBootOAuth2SsoApplication.java
new file mode 100644
index 0000000000..b1cd580f08
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2sso/SpringBootOAuth2SsoApplication.java
@@ -0,0 +1,18 @@
+package com.baeldung.springbootsecurity.oauth2sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+@EnableOAuth2Sso
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2sso")
+public class SpringBootOAuth2SsoApplication {
+
+ public static void main(String[] args) {
+ new SpringApplicationBuilder()
+ .profiles("sso")
+ .sources(SpringBootOAuth2SsoApplication.class)
+ .build()
+ .run(args);
+ }
+}
diff --git a/spring-boot-security/src/main/resources/application-authz.properties b/spring-boot-security/src/main/resources/application-authz.properties
new file mode 100644
index 0000000000..d29b0cdd3c
--- /dev/null
+++ b/spring-boot-security/src/main/resources/application-authz.properties
@@ -0,0 +1,3 @@
+security.user.password=password
+security.oauth2.client.client-id=client
+security.oauth2.client.client-secret=secret
diff --git a/spring-boot-security/src/main/resources/application-resource.properties b/spring-boot-security/src/main/resources/application-resource.properties
new file mode 100644
index 0000000000..b157b01d51
--- /dev/null
+++ b/spring-boot-security/src/main/resources/application-resource.properties
@@ -0,0 +1,2 @@
+server.port=8081
+security.oauth2.resource.userInfoUri=http://localhost:8080/user
\ No newline at end of file
diff --git a/spring-boot-security/src/main/resources/application-sso.properties b/spring-boot-security/src/main/resources/application-sso.properties
new file mode 100644
index 0000000000..ac6ae0cc93
--- /dev/null
+++ b/spring-boot-security/src/main/resources/application-sso.properties
@@ -0,0 +1,9 @@
+server.port=8082
+security.oauth2.client.clientId=
+security.oauth2.client.clientSecret=
+security.oauth2.client.accessTokenUri=https://graph.facebook.com/oauth/access_token
+security.oauth2.client.userAuthorizationUri=https://www.facebook.com/dialog/oauth
+security.oauth2.client.tokenName=oauth_token
+security.oauth2.client.authenticationScheme=query
+security.oauth2.client.clientAuthenticationScheme=form
+security.oauth2.resource.userInfoUri=https://graph.facebook.com/me
\ No newline at end of file
diff --git a/spring-boot-security/src/main/resources/application.properties b/spring-boot-security/src/main/resources/application.properties
index 6ca2edb175..c2b8d70dc6 100644
--- a/spring-boot-security/src/main/resources/application.properties
+++ b/spring-boot-security/src/main/resources/application.properties
@@ -1,4 +1,4 @@
#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
-#spring.profiles.active=form
-#spring.profiles.active=basic
-#security.user.password=password
\ No newline at end of file
+#security.user.password=password
+#security.oauth2.client.client-id=client
+#security.oauth2.client.client-secret=secret
diff --git a/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/FormConfigurationIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/FormConfigurationIntegrationTest.java
deleted file mode 100644
index 697a4f2868..0000000000
--- a/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/FormConfigurationIntegrationTest.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package com.baeldung.springbootsecurity;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.context.embedded.LocalServerPort;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.web.client.TestRestTemplate;
-import org.springframework.http.*;
-import org.springframework.test.context.ActiveProfiles;
-import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-
-import java.util.Collections;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import static org.junit.Assert.*;
-import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
-
-@RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = RANDOM_PORT)
-@ActiveProfiles("form")
-public class FormConfigurationIntegrationTest {
-
- @Autowired TestRestTemplate restTemplate;
- @LocalServerPort int port;
-
- @Test
- public void whenLoginPageIsRequested_ThenSuccess() {
- HttpHeaders httpHeaders = new HttpHeaders();
- httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
- ResponseEntity responseEntity = restTemplate.exchange("/login", HttpMethod.GET, new HttpEntity(httpHeaders), String.class);
- assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
- assertTrue(responseEntity
- .getBody()
- .contains("_csrf"));
- }
-
- @Test
- public void whenTryingToLoginWithCorrectCredentials_ThenAuthenticateWithSuccess() {
- HttpHeaders httpHeaders = getHeaders();
- httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
- httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
- MultiValueMap form = getFormSubmitCorrectCredentials();
- ResponseEntity responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
- assertTrue(responseEntity
- .getHeaders()
- .getLocation()
- .toString()
- .endsWith(this.port + "/"));
- assertNotNull(responseEntity
- .getHeaders()
- .get("Set-Cookie"));
- }
-
- @Test
- public void whenTryingToLoginWithInorrectCredentials_ThenAuthenticationFailed() {
- HttpHeaders httpHeaders = getHeaders();
- httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
- httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
- MultiValueMap form = getFormSubmitIncorrectCredentials();
- ResponseEntity responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
- assertTrue(responseEntity
- .getHeaders()
- .getLocation()
- .toString()
- .endsWith(this.port + "/login?error"));
- assertNull(responseEntity
- .getHeaders()
- .get("Set-Cookie"));
- }
-
- private MultiValueMap getFormSubmitCorrectCredentials() {
- MultiValueMap form = new LinkedMultiValueMap<>();
- form.set("username", "user");
- form.set("password", "password");
- return form;
- }
-
- private MultiValueMap getFormSubmitIncorrectCredentials() {
- MultiValueMap form = new LinkedMultiValueMap<>();
- form.set("username", "user");
- form.set("password", "wrongpassword");
- return form;
- }
-
- private HttpHeaders getHeaders() {
- HttpHeaders headers = new HttpHeaders();
- ResponseEntity page = this.restTemplate.getForEntity("/login", String.class);
- assertEquals(page.getStatusCode(), HttpStatus.OK);
- String cookie = page
- .getHeaders()
- .getFirst("Set-Cookie");
- headers.set("Cookie", cookie);
- Pattern pattern = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*");
- Matcher matcher = pattern.matcher(page.getBody());
- assertTrue(matcher.matches());
- headers.set("X-CSRF-TOKEN", matcher.group(1));
- return headers;
- }
-
-}
diff --git a/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/BasicConfigurationIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/basic_auth/BasicAuthConfigurationIntegrationTest.java
similarity index 86%
rename from spring-boot-security/src/test/java/com/baeldung/springbootsecurity/BasicConfigurationIntegrationTest.java
rename to spring-boot-security/src/test/java/com/baeldung/springbootsecurity/basic_auth/BasicAuthConfigurationIntegrationTest.java
index 63e1c2ac73..4e4244abb7 100644
--- a/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/BasicConfigurationIntegrationTest.java
+++ b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/basic_auth/BasicAuthConfigurationIntegrationTest.java
@@ -1,5 +1,6 @@
-package com.baeldung.springbootsecurity;
+package com.baeldung.springbootsecurity.basic_auth;
+import com.baeldung.springbootsecurity.basic_auth.SpringBootSecurityApplication;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -8,7 +9,6 @@ import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
-import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import java.io.IOException;
@@ -20,9 +20,8 @@ import static org.junit.Assert.assertTrue;
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
@RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = RANDOM_PORT)
-@ActiveProfiles("basic")
-public class BasicConfigurationIntegrationTest {
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
+public class BasicAuthConfigurationIntegrationTest {
TestRestTemplate restTemplate;
URL base;
diff --git a/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/CustomConfigAuthorizationServerIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/CustomConfigAuthorizationServerIntegrationTest.java
new file mode 100644
index 0000000000..09df9ce645
--- /dev/null
+++ b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/CustomConfigAuthorizationServerIntegrationTest.java
@@ -0,0 +1,75 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static java.lang.String.format;
+import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class)
+@ActiveProfiles("authz")
+public class CustomConfigAuthorizationServerIntegrationTest {
+
+ @Value("${local.server.port}") protected int port;
+
+ @Test
+ public void whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
+ ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
+ resourceDetails.setClientId("baeldung");
+ resourceDetails.setClientSecret("baeldung");
+ resourceDetails.setScope(singletonList("read"));
+ DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+ OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+ restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+ OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+ assertNotNull(accessToken);
+
+ }
+
+ @Test(expected = OAuth2AccessDeniedException.class)
+ public void whenAccessTokenIsRequestedWithInvalidException_ThenExceptionIsThrown() {
+ ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
+ resourceDetails.setClientId("baeldung");
+ resourceDetails.setClientSecret("baeldung");
+ resourceDetails.setScope(singletonList("write"));
+ DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+ OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+ restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+ restTemplate.getAccessToken();
+ }
+
+ @Test
+ public void whenAccessTokenIsRequestedByClientWithWriteScope_ThenAccessTokenIsNotNull() {
+ ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
+ resourceDetails.setClientId("baeldung-admin");
+ resourceDetails.setClientSecret("baeldung");
+ resourceDetails.setScope(singletonList("write"));
+ DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+ OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+ restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+ OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+ assertNotNull(accessToken);
+ }
+
+ private ClientCredentialsResourceDetails getClientCredentialsResourceDetails() {
+ ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
+ resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
+ resourceDetails.setGrantType("client_credentials");
+ return resourceDetails;
+ }
+
+}
+
diff --git a/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/DefaultConfigAuthorizationServerIntegrationTest.java b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/DefaultConfigAuthorizationServerIntegrationTest.java
new file mode 100644
index 0000000000..c7b1b4ef6c
--- /dev/null
+++ b/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/DefaultConfigAuthorizationServerIntegrationTest.java
@@ -0,0 +1,44 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static java.lang.String.format;
+import static java.util.Arrays.asList;
+import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class,
+ properties = { "security.oauth2.client.client-id=client", "security.oauth2.client.client-secret=secret" })
+public class DefaultConfigAuthorizationServerIntegrationTest {
+
+ @Value("${local.server.port}") protected int port;
+
+ @Test
+ public void whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
+ ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
+ resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
+ resourceDetails.setClientId("client");
+ resourceDetails.setClientSecret("secret");
+ resourceDetails.setGrantType("client_credentials");
+ resourceDetails.setScope(asList("read", "write"));
+ DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+ OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+ restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+ OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+ assertNotNull(accessToken);
+
+ }
+
+}
+