Remove prototype samples

Issue gh-25
2020-08-19 11:19:47 -04:00 · 2020-08-19 11:19:47 -04:00 · 5927475597
commit 5927475597
parent bfb646fff4
14 changed files with 0 additions and 693 deletions
--- a/samples/boot/minimal/README.md
+++ b/samples/boot/minimal/README.md
@ -1,12 +0,0 @@
 ## Minimal Authorization Server Sample
 #### How to run
 ```
 ./gradlew spring-authorization-server-samples-boot-minimal:bootRun
 ```
 ```
 curl http://localhost:8080/.well-known/jwk_uris
 ```
--- a/samples/boot/minimal/spring-security-samples2-boot-minimal.gradle
+++ b/samples/boot/minimal/spring-security-samples2-boot-minimal.gradle
@ -1,16 +0,0 @@
 apply plugin: 'io.spring.convention.spring-sample-boot'
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation project(':spring-security-oauth2-authorization-server')
 	implementation 'com.nimbusds:oauth2-oidc-sdk'
 	testImplementation('org.springframework.boot:spring-boot-starter-test') {
 		exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
 	}
 }
 test {
 	useJUnitPlatform()
 }
--- a/samples/boot/minimal/src/main/java/sample/ClientCredentialsAuthenticationFilter.java
+++ b/samples/boot/minimal/src/main/java/sample/ClientCredentialsAuthenticationFilter.java
@ -1,103 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.nio.charset.Charset;
 import java.util.Base64;
 import static java.nio.charset.StandardCharsets.UTF_8;
 /**
 * A filter to perform client authentication for the Token Endpoint.
 *
 * See <a href="https://tools.ietf.org/html/rfc6749#section-2.3.1">RFC-6749 2.3.1</a>.
 */
 public class ClientCredentialsAuthenticationFilter extends OncePerRequestFilter {
 	private final AuthenticationManager authenticationManager;
 	private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/oauth2/token", HttpMethod.POST.name());
 	public ClientCredentialsAuthenticationFilter(AuthenticationManager authenticationManager) {
 		this.authenticationManager = authenticationManager;
 	}
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
 			throws ServletException, IOException {
 		if (this.requestMatcher.matches(request)) {
 			String[] credentials = extractBasicAuthenticationCredentials(request);
 			String clientId = credentials[0];
 			String clientSecret = credentials[1];
 			OAuth2ClientAuthenticationToken authenticationToken = new OAuth2ClientAuthenticationToken(clientId, clientSecret);
 			Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
 			SecurityContextHolder.getContext().setAuthentication(authentication);
 		}
 		chain.doFilter(request, response);
 	}
 	private String[] extractBasicAuthenticationCredentials(HttpServletRequest request) {
 		String header = request.getHeader("Authorization");
 		if (header != null && header.toLowerCase().startsWith("basic ")) {
 			return extractAndDecodeHeader(header, request);
 		}
 		throw new BadCredentialsException("Missing basic authentication header");
 	}
 	// Taken from BasicAuthenticationFilter (spring-security-web)
 	private String[] extractAndDecodeHeader(String header, HttpServletRequest request) {
 		byte[] base64Token = header.substring(6).getBytes(UTF_8);
 		byte[] decoded;
 		try {
 			decoded = Base64.getDecoder().decode(base64Token);
 		}
 		catch (IllegalArgumentException e) {
 			throw new BadCredentialsException("Failed to decode basic authentication token");
 		}
 		String token = new String(decoded, getCredentialsCharset(request));
 		int delim = token.indexOf(":");
 		if (delim == -1) {
 			throw new BadCredentialsException("Invalid basic authentication token");
 		}
 		return new String[] { token.substring(0, delim), token.substring(delim + 1) };
 	}
 	protected Charset getCredentialsCharset(HttpServletRequest httpRequest) {
 		return UTF_8;
 	}
 }
--- a/samples/boot/minimal/src/main/java/sample/JwkSetEndpointFilter.java
+++ b/samples/boot/minimal/src/main/java/sample/JwkSetEndpointFilter.java
@ -1,65 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import com.nimbusds.jose.jwk.JWKSet;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.OncePerRequestFilter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.Writer;
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 public class JwkSetEndpointFilter extends OncePerRequestFilter {
 	static final String DEFAULT_JWK_SET_URI = "/oauth2/jwks";
 	private final RequestMatcher requestMatcher = new AntPathRequestMatcher(DEFAULT_JWK_SET_URI, GET.name());
 	private final JWKSet jwkSet;
 	public JwkSetEndpointFilter(JWKSet jwkSet) {
 		Assert.notNull(jwkSet, "jwkSet cannot be null");
 		this.jwkSet = jwkSet;
 	}
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 		if (matchesRequest(request)) {
 			respond(response);
 		} else {
 			filterChain.doFilter(request, response);
 		}
 	}
 	private void respond(HttpServletResponse response) throws IOException {
 		response.setContentType(APPLICATION_JSON_VALUE);
 		try (Writer writer = response.getWriter()) {
 			writer.write(this.jwkSet.toPublicJWKSet().toJSONObject().toJSONString());
 		}
 	}
 	private boolean matchesRequest(HttpServletRequest request) {
 		return this.requestMatcher.matches(request);
 	}
 }
--- a/samples/boot/minimal/src/main/java/sample/MinimalAuthorizationServerApplication.java
+++ b/samples/boot/minimal/src/main/java/sample/MinimalAuthorizationServerApplication.java
@ -1,28 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
 public class MinimalAuthorizationServerApplication {
 	public static void main(String[] args) {
 		SpringApplication.run(MinimalAuthorizationServerApplication.class, args);
 	}
 }
--- a/samples/boot/minimal/src/main/java/sample/SecurityConfig.java
+++ b/samples/boot/minimal/src/main/java/sample/SecurityConfig.java
@ -1,40 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
@EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http.addFilterBefore(new JwkSetEndpointFilter(generateJwkSet()), LogoutFilter.class);
 	}
 	private JWKSet generateJwkSet() throws JOSEException {
 		JWK jwk = new RSAKeyGenerator(2048).keyID("minimal-ASA").keyUse(KeyUse.SIGNATURE).generate();
 		return new JWKSet(jwk);
 	}
 }
--- a/samples/boot/minimal/src/test/java/sample/ClientCredentialsAuthenticationFilterTests.java
+++ b/samples/boot/minimal/src/test/java/sample/ClientCredentialsAuthenticationFilterTests.java
@ -1,113 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.util.Assert;
 import static java.net.URI.create;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Base64.getEncoder;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 public class ClientCredentialsAuthenticationFilterTests {
 	private static final String CLIENT_ID = "myclientid";
 	private static final String CLIENT_SECRET = "myclientsecret";
 	private final AuthenticationManager authenticationManager = authentication -> {
 		Assert.isInstanceOf(OAuth2ClientAuthenticationToken.class, authentication);
 		OAuth2ClientAuthenticationToken token = (OAuth2ClientAuthenticationToken) authentication;
 		if (CLIENT_ID.equals(token.getPrincipal()) && CLIENT_SECRET.equals(token.getCredentials())) {
 			authentication.setAuthenticated(true);
 			return authentication;
 		}
 		throw new BadCredentialsException("Bad credentials");
 	};
 	private final ClientCredentialsAuthenticationFilter filter = new ClientCredentialsAuthenticationFilter(this.authenticationManager);
 	@BeforeEach
 	public void setup() {
 		SecurityContextHolder.clearContext();
 	}
 	@Test
 	public void doFilterWhenUrlDoesNotMatchThenDontAuthenticate() throws Exception {
 		MockHttpServletRequest request = post(create("/someotherendpoint")).buildRequest(new MockServletContext());
 		request.addHeader("Authorization", basicAuthHeader(CLIENT_ID, CLIENT_SECRET));
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
 		assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
 	}
 	@Test
 	public void doFilterWhenRequestMatchesThenAuthenticate() throws Exception {
 		MockHttpServletRequest request = post(create("/oauth2/token")).buildRequest(new MockServletContext());
 		request.addHeader("Authorization", basicAuthHeader(CLIENT_ID, CLIENT_SECRET));
 		filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
 		assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isTrue();
 	}
 	@Test
 	public void doFilterWhenBasicAuthenticationHeaderIsMissingThenThrowBadCredentialsException() {
 		MockHttpServletRequest request = post(create("/oauth2/token")).buildRequest(new MockServletContext());
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() ->
 				filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()));
 	}
 	@Test
 	public void doFilterWhenBasicAuthenticationHeaderHasInvalidSyntaxThenThrowBadCredentialsException() {
 		MockHttpServletRequest request = post(create("/oauth2/token")).buildRequest(new MockServletContext());
 		request.addHeader("Authorization", "Basic invalid");
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() ->
 				filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()));
 	}
 	@Test
 	public void doFilterWhenBasicAuthenticationProvidesIncorrectSecretThenThrowBadCredentialsException() {
 		MockHttpServletRequest request = post(create("/oauth2/token")).buildRequest(new MockServletContext());
 		request.addHeader("Authorization", basicAuthHeader(CLIENT_ID, "incorrectsecret"));
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() ->
 				filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()));
 	}
 	@Test
 	public void doFilterWhenBasicAuthenticationProvidesIncorrectClientIdThenThrowBadCredentialsException() {
 		MockHttpServletRequest request = post(create("/oauth2/token")).buildRequest(new MockServletContext());
 		request.addHeader("Authorization", basicAuthHeader("anotherclientid", CLIENT_SECRET));
 		assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() ->
 				filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()));
 	}
 	private static String basicAuthHeader(String clientId, String clientSecret) {
 		return "Basic " + getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes(UTF_8));
 	}
 }
--- a/samples/boot/minimal/src/test/java/sample/JwkSetEndpointFilterTests.java
+++ b/samples/boot/minimal/src/test/java/sample/JwkSetEndpointFilterTests.java
@ -1,128 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.TestInstance.Lifecycle;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.hamcrest.Matchers.is;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.only;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 import static sample.JwkSetEndpointFilter.DEFAULT_JWK_SET_URI;
@TestInstance(Lifecycle.PER_CLASS)
 public class JwkSetEndpointFilterTests {
 	private JWK jwk;
 	private JWKSet jwkSet;
 	private JwkSetEndpointFilter filter;
 	private MockMvc mvc;
 	@BeforeAll
 	void setup() throws JOSEException {
 		this.jwk = new RSAKeyGenerator(2048).keyID("endpoint-test").keyUse(KeyUse.SIGNATURE).generate();
 		this.jwkSet = new JWKSet(this.jwk);
 		this.filter = new JwkSetEndpointFilter(this.jwkSet);
 		this.mvc = MockMvcBuilders.standaloneSetup(new HelloController()).addFilters(this.filter).alwaysDo(print()).build();
 	}
 	@Test
 	void constructorWhenJWKSetNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> new JwkSetEndpointFilter(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 	@Test
 	void doFilterWhenRequestMatchesThenProcess() throws Exception {
 		String requestUri = DEFAULT_JWK_SET_URI;
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, filterChain);
 		verifyNoInteractions(filterChain);
 	}
 	@Test
 	void doFilterWhenRequestDoesNotMatchThenContinueChain() throws Exception {
 		String requestUri = "/path";
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
 		request.setServletPath(requestUri);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		FilterChain filterChain = mock(FilterChain.class);
 		this.filter.doFilter(request, response, filterChain);
 		verify(filterChain, only()).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
 	@Test
 	void requestWhenMatchesThenResponseContainsKeys() throws Exception {
 		this.mvc.perform(get(DEFAULT_JWK_SET_URI))
 				.andDo(print())
 				.andExpect(status().isOk())
 				.andExpect(jsonPath("$.keys").isArray())
 				.andExpect(jsonPath("$.keys").isNotEmpty())
 				.andExpect(jsonPath("$.keys[0].kid").value(this.jwk.getKeyID()))
 				.andExpect(jsonPath("$.keys[0].kty").value(this.jwk.getKeyType().toString()));
 	}
 	@Test
 	void requestWhenDoesNotMatchThenResponseContainsOther() throws Exception {
 		this.mvc.perform(get("/hello"))
 				.andDo(print())
 				.andExpect(status().isOk())
 				.andExpect(content().string(is("hello")));
 	}
 	@RestController
 	static class HelloController {
 		@RequestMapping("/hello")
 		String hello() {
 			return "hello";
 		}
 	}
 }
--- a/samples/boot/minimal/src/test/java/sample/MinimalAuthorizationServerApplicationTests.java
+++ b/samples/boot/minimal/src/test/java/sample/MinimalAuthorizationServerApplicationTests.java
@ -1,41 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.web.server.LocalServerPort;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.client.RestTemplate;
 import static org.assertj.core.api.Assertions.assertThat;
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class MinimalAuthorizationServerApplicationTests {
 	private RestTemplate rest = new RestTemplate();
 	@LocalServerPort
 	private int serverPort;
 	@Test
 	void requestWhenNotAuthenticatedThenJwkSetEndpointStillAccessible() {
 		ResponseEntity<String> responseEntity = this.rest.getForEntity(
 				"http://localhost:" + this.serverPort + JwkSetEndpointFilter.DEFAULT_JWK_SET_URI, String.class);
 		assertThat(responseEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
 	}
 }
--- a/samples/boot/oauth2resourceserver/spring-security-samples2-boot-oauth2resourceserver.gradle
+++ b/samples/boot/oauth2resourceserver/spring-security-samples2-boot-oauth2resourceserver.gradle
@ -1,15 +0,0 @@
 apply plugin: 'io.spring.convention.spring-sample-boot'
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.security:spring-security-config'
 	implementation 'org.springframework.security:spring-security-oauth2-resource-server'
 	implementation 'org.springframework.security:spring-security-oauth2-jose'
 	testImplementation('org.springframework.boot:spring-boot-starter-test') {
 		exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
 	}
 }
 test {
 	useJUnitPlatform()
 }
--- a/samples/boot/oauth2resourceserver/src/main/java/sample/ResourceController.java
+++ b/samples/boot/oauth2resourceserver/src/main/java/sample/ResourceController.java
@ -1,29 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
@RestController
 public class ResourceController {
 	@GetMapping("/")
 	public String resource() {
 		return "resource";
 	}
 }
--- a/samples/boot/oauth2resourceserver/src/main/java/sample/ResourceServerApplication.java
+++ b/samples/boot/oauth2resourceserver/src/main/java/sample/ResourceServerApplication.java
@ -1,27 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
 public class ResourceServerApplication {
 	public static void main(String[] args) {
 		SpringApplication.run(ResourceServerApplication.class, args);
 	}
 }
--- a/samples/boot/oauth2resourceserver/src/main/resources/application.yml
+++ b/samples/boot/oauth2resourceserver/src/main/resources/application.yml
@ -1,6 +0,0 @@
 spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: https://localhost:8090/oauth2/keys
--- a/samples/boot/oauth2resourceserver/src/test/java/sample/ResourceControllerTests.java
+++ b/samples/boot/oauth2resourceserver/src/test/java/sample/ResourceControllerTests.java
@ -1,70 +0,0 @@
 /*
 * Copyright 2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package sample;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 import java.time.Instant;
 import java.util.HashMap;
 import java.util.Map;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.test.web.servlet.MockMvc;
@SpringBootTest
@AutoConfigureMockMvc
 public class ResourceControllerTests {
 	@Autowired
 	private MockMvc mockMvc;
 	@Test
 	public void shouldReturnOkWithToken() throws Exception {
 		this.mockMvc.perform(get("/").header("Authorization", "Bearer TOKEN"))
 			.andExpect(status().isOk());
 	}
 	@Test
 	public void shouldReturnUnauthorizedWithoutToken() throws Exception {
 		this.mockMvc.perform(get("/"))
 			.andExpect(status().isUnauthorized());
 	}
 	@TestConfiguration
 	static class ResourceControllerTestConfiguration {
 		@Bean
 		public JwtDecoder jwtDecoder() {
 			return (token) -> {
 				Map<String, Object> headers = new HashMap<>();
 				headers.put("alg", "RS256");
 				headers.put("typ", "JWT");
 				Map<String, Object> claims = new HashMap<>();
 				claims.put("sub", "1234567");
 				claims.put("name", "John Doe");
 				return new Jwt(token, Instant.now(), Instant.now().plusMillis(5000), headers, claims);
 			};
 		}
 	}
 }