[BAEL-1410] Spring Boot OAuth2 Support (#3409)

* initial setup with spring boot/ spring data jpa/ flyway * BAEL-1315 - added flyway test extensions for spring * BAEL-1315 - added flyway test extensions for spring * BAEL-1315 - created multiple migration scripts and locations * BAEL-1315 - test insert after schema creation * cleanup * BAEL-1315 - test data changes by a migration * [BAEL-1410] Spring Boot Security Auto-Configuration * [BAEL-1410] Added some tests for incorrect credentials use case * [BAEL-1410] Added readme and some code improvements * [BAEL-1410] removed form based auth config because is redundant added oauth2 server auto-configuration sample with test * [BAEL-1410] added custom Authorization Server Config * [BAEL-1410] update README * [BAEL-1410]refactor tests * [BAEL-1410]oauth2 resource server * [BAEL-1410]oauth2 sso sample with facebook * [BAEL-1410]remove spring-flyway
2018-01-15 23:05:19 +02:00
parent 293968321e
commit f993bc0435
17 changed files with 270 additions and 162 deletions
@@ -1,4 +1,4 @@
-package com.baeldung.springbootsecurity;
+package com.baeldung.springbootsecurity.basic_auth;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -7,7 +7,7 @@ import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
@SpringBootApplication(exclude = {
  SecurityAutoConfiguration.class
  //    ,ManagementWebSecurityAutoConfiguration.class
-})
+}, scanBasePackages = "com.baeldung.springbootsecurity.basic_auth")
 public class SpringBootSecurityApplication {

    public static void main(String[] args) {
@@ -1,7 +1,6 @@
-package com.baeldung.springbootsecurity.config;
+package com.baeldung.springbootsecurity.basic_auth.config;

 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -9,8 +8,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur

@Configuration
@EnableWebSecurity
-@Profile("basic")
-public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+public class BasicAuthConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -1,39 +0,0 @@
-package com.baeldung.springbootsecurity.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
-@Configuration
-@EnableWebSecurity
-@Profile("form")
-public class FormLoginConfiguration extends WebSecurityConfigurerAdapter {
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-          .inMemoryAuthentication()
-          .withUser("user")
-          .password("password")
-          .roles("USER")
-          .and()
-          .withUser("admin")
-          .password("password")
-          .roles("USER", "ADMIN");
-    }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-          .authorizeRequests()
-          .anyRequest()
-          .authenticated()
-          .and()
-          .formLogin()
-          .and()
-          .httpBasic();
-    }
-}
@@ -0,0 +1,30 @@
+package com.baeldung.springbootsecurity.oauth2resource;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@EnableResourceServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2resource")
+public class SpringBootOAuth2ResourceApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder()
+          .profiles("resource")
+          .sources(SpringBootOAuth2ResourceApplication.class)
+          .build()
+          .run(args);
+    }
+
+    @RestController
+    class SecuredResourceController {
+
+        @GetMapping("/securedResource")
+        public String securedResource() {
+            return "Baeldung Secured Resource OK";
+        }
+
+    }
+}
@@ -0,0 +1,30 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@EnableResourceServer
+@EnableAuthorizationServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2server")
+public class SpringBootAuthorizationServerApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootAuthorizationServerApplication.class, args);
+    }
+
+    @RestController
+    class UserController {
+
+        @GetMapping("/user")
+        public Principal user(Principal user) {
+            return user;
+        }
+
+    }
+}
@@ -0,0 +1,39 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+
+@Configuration
+@Profile("authz")
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.authenticationManager(authenticationManager);
+    }
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients
+          .inMemory()
+          .withClient("baeldung")
+          .secret("baeldung")
+          .authorizedGrantTypes("client_credentials", "password", "authorization_code")
+          .scopes("openid", "read")
+          .autoApprove(true)
+          .and()
+          .withClient("baeldung-admin")
+          .secret("baeldung")
+          .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token")
+          .scopes("read", "write")
+          .autoApprove(true);
+    }
+}
@@ -0,0 +1,18 @@
+package com.baeldung.springbootsecurity.oauth2sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+@EnableOAuth2Sso
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2sso")
+public class SpringBootOAuth2SsoApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder()
+          .profiles("sso")
+          .sources(SpringBootOAuth2SsoApplication.class)
+          .build()
+          .run(args);
+    }
+}
@@ -0,0 +1,3 @@
+security.user.password=password
+security.oauth2.client.client-id=client
+security.oauth2.client.client-secret=secret
@@ -0,0 +1,2 @@
+server.port=8081
+security.oauth2.resource.userInfoUri=http://localhost:8080/user
@@ -0,0 +1,9 @@
+server.port=8082
+security.oauth2.client.clientId=<generated_app_id>
+security.oauth2.client.clientSecret=<app_secret>
+security.oauth2.client.accessTokenUri=https://graph.facebook.com/oauth/access_token
+security.oauth2.client.userAuthorizationUri=https://www.facebook.com/dialog/oauth
+security.oauth2.client.tokenName=oauth_token
+security.oauth2.client.authenticationScheme=query
+security.oauth2.client.clientAuthenticationScheme=form
+security.oauth2.resource.userInfoUri=https://graph.facebook.com/me
@@ -1,4 +1,4 @@
 #spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
-#spring.profiles.active=form
-#spring.profiles.active=basic
-#security.user.password=password
+#security.user.password=password
+#security.oauth2.client.client-id=client
+#security.oauth2.client.client-secret=secret