[BAEL-1410] Spring Boot OAuth2 Support (#3409)

* initial setup with spring boot/ spring data jpa/ flyway

* BAEL-1315 - added flyway test extensions for spring

* BAEL-1315 - added flyway test extensions for spring

* BAEL-1315 - created multiple migration scripts and locations

* BAEL-1315 - test insert after schema creation

* cleanup

* BAEL-1315 - test data changes by a migration

* [BAEL-1410] Spring Boot Security Auto-Configuration

* [BAEL-1410] Added some tests for incorrect credentials use case

* [BAEL-1410] Added readme and some code improvements

* [BAEL-1410] removed form based auth config because is redundant
added oauth2 server auto-configuration sample with test

* [BAEL-1410] added custom Authorization Server Config

* [BAEL-1410] update README

* [BAEL-1410]refactor tests

* [BAEL-1410]oauth2 resource server

* [BAEL-1410]oauth2 sso sample with facebook

* [BAEL-1410]remove spring-flyway

spring-boot-security/src/test/java/com/baeldung/springbootsecurity/FormConfigurationIntegrationTest.java

@@ -1,106 +0,0 @@
-package com.baeldung.springbootsecurity;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.context.embedded.LocalServerPort;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.web.client.TestRestTemplate;
-import org.springframework.http.*;
-import org.springframework.test.context.ActiveProfiles;
-import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-
-import java.util.Collections;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import static org.junit.Assert.*;
-import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
-
-@RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = RANDOM_PORT)
-@ActiveProfiles("form")
-public class FormConfigurationIntegrationTest {
-
-    @Autowired TestRestTemplate restTemplate;
-    @LocalServerPort int port;
-
-    @Test
-    public void whenLoginPageIsRequested_ThenSuccess() {
-        HttpHeaders httpHeaders = new HttpHeaders();
-        httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
-        ResponseEntity<String> responseEntity = restTemplate.exchange("/login", HttpMethod.GET, new HttpEntity<Void>(httpHeaders), String.class);
-        assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
-        assertTrue(responseEntity
-          .getBody()
-          .contains("_csrf"));
-    }
-
-    @Test
-    public void whenTryingToLoginWithCorrectCredentials_ThenAuthenticateWithSuccess() {
-        HttpHeaders httpHeaders = getHeaders();
-        httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
-        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
-        MultiValueMap<String, String> form = getFormSubmitCorrectCredentials();
-        ResponseEntity<String> responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
-        assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
-        assertTrue(responseEntity
-          .getHeaders()
-          .getLocation()
-          .toString()
-          .endsWith(this.port + "/"));
-        assertNotNull(responseEntity
-          .getHeaders()
-          .get("Set-Cookie"));
-    }
-
-    @Test
-    public void whenTryingToLoginWithInorrectCredentials_ThenAuthenticationFailed() {
-        HttpHeaders httpHeaders = getHeaders();
-        httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
-        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
-        MultiValueMap<String, String> form = getFormSubmitIncorrectCredentials();
-        ResponseEntity<String> responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
-        assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
-        assertTrue(responseEntity
-          .getHeaders()
-          .getLocation()
-          .toString()
-          .endsWith(this.port + "/login?error"));
-        assertNull(responseEntity
-          .getHeaders()
-          .get("Set-Cookie"));
-    }
-
-    private MultiValueMap<String, String> getFormSubmitCorrectCredentials() {
-        MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
-        form.set("username", "user");
-        form.set("password", "password");
-        return form;
-    }
-
-    private MultiValueMap<String, String> getFormSubmitIncorrectCredentials() {
-        MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
-        form.set("username", "user");
-        form.set("password", "wrongpassword");
-        return form;
-    }
-
-    private HttpHeaders getHeaders() {
-        HttpHeaders headers = new HttpHeaders();
-        ResponseEntity<String> page = this.restTemplate.getForEntity("/login", String.class);
-        assertEquals(page.getStatusCode(), HttpStatus.OK);
-        String cookie = page
-          .getHeaders()
-          .getFirst("Set-Cookie");
-        headers.set("Cookie", cookie);
-        Pattern pattern = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*");
-        Matcher matcher = pattern.matcher(page.getBody());
-        assertTrue(matcher.matches());
-        headers.set("X-CSRF-TOKEN", matcher.group(1));
-        return headers;
-    }
-
-}

spring-boot-security/src/test/java/com/baeldung/springbootsecurity/basic_auth/BasicAuthConfigurationIntegrationTest.java

@@ -1,5 +1,6 @@
-package com.baeldung.springbootsecurity;
+package com.baeldung.springbootsecurity.basic_auth;
 
+import com.baeldung.springbootsecurity.basic_auth.SpringBootSecurityApplication;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -8,7 +9,6 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import java.io.IOException;
@@ -20,9 +20,8 @@ import static org.junit.Assert.assertTrue;
 import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
 
 @RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = RANDOM_PORT)
-@ActiveProfiles("basic")
-public class BasicConfigurationIntegrationTest {
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
+public class BasicAuthConfigurationIntegrationTest {
 
     TestRestTemplate restTemplate;
     URL base;

spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/CustomConfigAuthorizationServerIntegrationTest.java

@@ -0,0 +1,75 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static java.lang.String.format;
+import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class)
+@ActiveProfiles("authz")
+public class CustomConfigAuthorizationServerIntegrationTest {
+
+    @Value("${local.server.port}") protected int port;
+
+    @Test
+    public void whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
+        resourceDetails.setClientId("baeldung");
+        resourceDetails.setClientSecret("baeldung");
+        resourceDetails.setScope(singletonList("read"));
+        DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+        restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+        OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+        assertNotNull(accessToken);
+
+    }
+
+    @Test(expected = OAuth2AccessDeniedException.class)
+    public void whenAccessTokenIsRequestedWithInvalidException_ThenExceptionIsThrown() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
+        resourceDetails.setClientId("baeldung");
+        resourceDetails.setClientSecret("baeldung");
+        resourceDetails.setScope(singletonList("write"));
+        DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+        restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+        restTemplate.getAccessToken();
+    }
+
+    @Test
+    public void whenAccessTokenIsRequestedByClientWithWriteScope_ThenAccessTokenIsNotNull() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails();
+        resourceDetails.setClientId("baeldung-admin");
+        resourceDetails.setClientSecret("baeldung");
+        resourceDetails.setScope(singletonList("write"));
+        DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+        restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+        OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+        assertNotNull(accessToken);
+    }
+
+    private ClientCredentialsResourceDetails getClientCredentialsResourceDetails() {
+        ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
+        resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
+        resourceDetails.setGrantType("client_credentials");
+        return resourceDetails;
+    }
+
+}
+

spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/DefaultConfigAuthorizationServerIntegrationTest.java

@@ -0,0 +1,44 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static java.lang.String.format;
+import static java.util.Arrays.asList;
+import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class,
+                properties = { "security.oauth2.client.client-id=client", "security.oauth2.client.client-secret=secret" })
+public class DefaultConfigAuthorizationServerIntegrationTest {
+
+    @Value("${local.server.port}") protected int port;
+
+    @Test
+    public void whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
+        ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
+        resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
+        resourceDetails.setClientId("client");
+        resourceDetails.setClientSecret("secret");
+        resourceDetails.setGrantType("client_credentials");
+        resourceDetails.setScope(asList("read", "write"));
+        DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+        restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+        OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+        assertNotNull(accessToken);
+
+    }
+
+}
+