diff --git a/spring-openid/.classpath b/spring-openid/.classpath
new file mode 100644
index 0000000000..0cad5db2d0
--- /dev/null
+++ b/spring-openid/.classpath
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/spring-openid/.project b/spring-openid/.project
new file mode 100644
index 0000000000..81874eb896
--- /dev/null
+++ b/spring-openid/.project
@@ -0,0 +1,48 @@
+
+
+ spring-openid
+
+
+
+
+
+ org.eclipse.wst.jsdt.core.javascriptValidator
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ org.eclipse.wst.common.project.facet.core.builder
+
+
+
+
+ org.springframework.ide.eclipse.core.springbuilder
+
+
+
+
+ org.eclipse.wst.validation.validationbuilder
+
+
+
+
+ org.eclipse.m2e.core.maven2Builder
+
+
+
+
+
+ org.eclipse.jem.workbench.JavaEMFNature
+ org.eclipse.wst.common.modulecore.ModuleCoreNature
+ org.springframework.ide.eclipse.core.springnature
+ org.eclipse.jdt.core.javanature
+ org.eclipse.m2e.core.maven2Nature
+ org.eclipse.wst.common.project.facet.core.nature
+ org.eclipse.wst.jsdt.core.jsNature
+
+
diff --git a/spring-openid/pom.xml b/spring-openid/pom.xml
new file mode 100644
index 0000000000..641fe93a09
--- /dev/null
+++ b/spring-openid/pom.xml
@@ -0,0 +1,68 @@
+
+
+ 4.0.0
+
+ org.baeldung
+ spring-openid
+ 0.0.1-SNAPSHOT
+ war
+
+ spring-openid
+ Spring OpenID sample project
+
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 1.3.2.RELEASE
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-security
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+
+
+
+ org.springframework.boot
+ spring-boot-starter-tomcat
+ provided
+
+
+
+ org.springframework.security.oauth
+ spring-security-oauth2
+
+
+
+ org.springframework.security
+ spring-security-jwt
+
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+
+
+
+ UTF-8
+ 1.8
+
+
diff --git a/spring-openid/src/main/java/org/baeldung/config/GoogleOpenIdConnectConfig.java b/spring-openid/src/main/java/org/baeldung/config/GoogleOpenIdConnectConfig.java
new file mode 100644
index 0000000000..8e9c6e974e
--- /dev/null
+++ b/spring-openid/src/main/java/org/baeldung/config/GoogleOpenIdConnectConfig.java
@@ -0,0 +1,51 @@
+package org.baeldung.config;
+
+import java.util.Arrays;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+
+@Configuration
+@EnableOAuth2Client
+public class GoogleOpenIdConnectConfig {
+ @Value("${google.clientId}")
+ private String clientId;
+
+ @Value("${google.clientSecret}")
+ private String clientSecret;
+
+ @Value("${google.accessTokenUri}")
+ private String accessTokenUri;
+
+ @Value("${google.userAuthorizationUri}")
+ private String userAuthorizationUri;
+
+ @Value("${google.redirectUri}")
+ private String redirectUri;
+
+ @Bean
+ public OAuth2ProtectedResourceDetails googleOpenId() {
+ final AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
+ details.setClientId(clientId);
+ details.setClientSecret(clientSecret);
+ details.setAccessTokenUri(accessTokenUri);
+ details.setUserAuthorizationUri(userAuthorizationUri);
+ details.setScope(Arrays.asList("openid", "email"));
+ details.setPreEstablishedRedirectUri(redirectUri);
+ details.setUseCurrentUri(false);
+ return details;
+ }
+
+ @Bean
+ public OAuth2RestTemplate googleOpenIdTemplate(final OAuth2ClientContext clientContext) {
+ final OAuth2RestTemplate template = new OAuth2RestTemplate(googleOpenId(), clientContext);
+ return template;
+ }
+
+}
diff --git a/spring-openid/src/main/java/org/baeldung/config/HomeController.java b/spring-openid/src/main/java/org/baeldung/config/HomeController.java
new file mode 100644
index 0000000000..f0a5378019
--- /dev/null
+++ b/spring-openid/src/main/java/org/baeldung/config/HomeController.java
@@ -0,0 +1,22 @@
+package org.baeldung.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class HomeController {
+ private final Logger logger = LoggerFactory.getLogger(getClass());
+
+ @RequestMapping("/")
+ @ResponseBody
+ public final String home() {
+ final String username = SecurityContextHolder.getContext().getAuthentication().getName();
+ logger.info(username);
+ return "Welcome, " + username;
+ }
+
+}
diff --git a/spring-openid/src/main/java/org/baeldung/config/SecurityConfig.java b/spring-openid/src/main/java/org/baeldung/config/SecurityConfig.java
new file mode 100644
index 0000000000..d929bfd631
--- /dev/null
+++ b/spring-openid/src/main/java/org/baeldung/config/SecurityConfig.java
@@ -0,0 +1,49 @@
+package org.baeldung.config;
+
+import org.baeldung.security.OpenIdConnectFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+ @Autowired
+ private OAuth2RestTemplate restTemplate;
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ web.ignoring().antMatchers("/resources/**");
+ }
+
+ @Bean
+ public OpenIdConnectFilter myFilter() {
+ final OpenIdConnectFilter filter = new OpenIdConnectFilter("/google-login");
+ filter.setRestTemplate(restTemplate);
+ return filter;
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ // @formatter:off
+ http
+ .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
+ .addFilterAfter(myFilter(), OAuth2ClientContextFilter.class)
+ .httpBasic().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/google-login"))
+ .and()
+ .authorizeRequests()
+ // .antMatchers("/","/index*").permitAll()
+ .anyRequest().authenticated()
+ ;
+
+ // @formatter:on
+ }
+}
\ No newline at end of file
diff --git a/spring-openid/src/main/java/org/baeldung/config/SpringOpenidApplication.java b/spring-openid/src/main/java/org/baeldung/config/SpringOpenidApplication.java
new file mode 100644
index 0000000000..608e8a6819
--- /dev/null
+++ b/spring-openid/src/main/java/org/baeldung/config/SpringOpenidApplication.java
@@ -0,0 +1,13 @@
+package org.baeldung.config;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SpringOpenidApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(SpringOpenidApplication.class, args);
+ }
+
+}
diff --git a/spring-openid/src/main/java/org/baeldung/security/OpenIdConnectFilter.java b/spring-openid/src/main/java/org/baeldung/security/OpenIdConnectFilter.java
new file mode 100644
index 0000000000..c0970ab3cf
--- /dev/null
+++ b/spring-openid/src/main/java/org/baeldung/security/OpenIdConnectFilter.java
@@ -0,0 +1,71 @@
+package org.baeldung.security;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.jwt.Jwt;
+import org.springframework.security.jwt.JwtHelper;
+import org.springframework.security.oauth2.client.OAuth2RestOperations;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class OpenIdConnectFilter extends AbstractAuthenticationProcessingFilter {
+ public OAuth2RestOperations restTemplate;
+
+ public OpenIdConnectFilter(String defaultFilterProcessesUrl) {
+ super(defaultFilterProcessesUrl);
+ setAuthenticationManager(new NoopAuthenticationManager());
+ }
+
+ @Override
+ public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
+
+ OAuth2AccessToken accessToken;
+ try {
+ accessToken = restTemplate.getAccessToken();
+ } catch (final OAuth2Exception e) {
+ throw new BadCredentialsException("Could not obtain access token", e);
+ }
+ try {
+ final String idToken = accessToken.getAdditionalInformation().get("id_token").toString();
+ final Jwt tokenDecoded = JwtHelper.decode(idToken);
+ System.out.println("===== : " + tokenDecoded.getClaims());
+
+ final Map authInfo = new ObjectMapper().readValue(tokenDecoded.getClaims(), Map.class);
+
+ final OpenIdConnectUserDetails user = new OpenIdConnectUserDetails(authInfo, accessToken);
+ return new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
+ } catch (final InvalidTokenException e) {
+ throw new BadCredentialsException("Could not obtain user details from token", e);
+ }
+
+ }
+
+ public void setRestTemplate(OAuth2RestTemplate restTemplate2) {
+ restTemplate = restTemplate2;
+
+ }
+
+ private static class NoopAuthenticationManager implements AuthenticationManager {
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ throw new UnsupportedOperationException("No authentication should be done with this AuthenticationManager");
+ }
+
+ }
+}
diff --git a/spring-openid/src/main/java/org/baeldung/security/OpenIdConnectUserDetails.java b/spring-openid/src/main/java/org/baeldung/security/OpenIdConnectUserDetails.java
new file mode 100644
index 0000000000..f0d91fdc27
--- /dev/null
+++ b/spring-openid/src/main/java/org/baeldung/security/OpenIdConnectUserDetails.java
@@ -0,0 +1,81 @@
+package org.baeldung.security;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Map;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+
+public class OpenIdConnectUserDetails implements UserDetails {
+
+ private static final long serialVersionUID = 1L;
+
+ private String userId;
+ private String username;
+ private OAuth2AccessToken token;
+
+ public OpenIdConnectUserDetails(Map userInfo, OAuth2AccessToken token) {
+ this.userId = userInfo.get("sub");
+ this.username = userInfo.get("email");
+ this.token = token;
+ }
+
+ @Override
+ public String getUsername() {
+ return username;
+ }
+
+ @Override
+ public Collection extends GrantedAuthority> getAuthorities() {
+ return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public OAuth2AccessToken getToken() {
+ return token;
+ }
+
+ public void setToken(OAuth2AccessToken token) {
+ this.token = token;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ @Override
+ public String getPassword() {
+ return null;
+ }
+
+ @Override
+ public boolean isAccountNonExpired() {
+ return true;
+ }
+
+ @Override
+ public boolean isAccountNonLocked() {
+ return true;
+ }
+
+ @Override
+ public boolean isCredentialsNonExpired() {
+ return true;
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return true;
+ }
+
+}
diff --git a/spring-openid/src/main/resources/application.properties b/spring-openid/src/main/resources/application.properties
new file mode 100644
index 0000000000..fa567a164c
--- /dev/null
+++ b/spring-openid/src/main/resources/application.properties
@@ -0,0 +1,6 @@
+server.port=8081
+google.clientId=497324626536-d6fphsh1qpl2o6j2j66nukajrfqc0rtq.apps.googleusercontent.com
+google.clientSecret=vtueZycMsrRjjCjnY6JzbEZT
+google.accessTokenUri=https://www.googleapis.com/oauth2/v3/token
+google.userAuthorizationUri=https://accounts.google.com/o/oauth2/auth
+google.redirectUri=http://localhost:8081/google-login
\ No newline at end of file