From 668bb069f2c14fff53d87159a8195da92b46c766 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 10 Dec 2020 15:46:56 -0500 Subject: [PATCH] Update sample to use OpenID Connect and Provider Configuration endpoint Issue gh-53 gh-55 --- .../sample/config/AuthorizationServerConfig.java | 10 ++++++++++ .../src/main/java/sample/config/SecurityConfig.java | 6 +++--- .../client/src/main/resources/application.yml | 13 +++++++++++-- .../src/main/resources/application.yml | 2 +- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index cf60661..270c594 100644 --- a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -23,9 +23,11 @@ import org.springframework.security.crypto.key.CryptoKeySource; import org.springframework.security.crypto.key.StaticKeyGeneratingCryptoKeySource; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; import java.util.UUID; @@ -45,8 +47,11 @@ public class AuthorizationServerConfig { .clientSecret("secret") .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) + .redirectUri("http://localhost:8080/login/oauth2/code/messaging-client-oidc") .redirectUri("http://localhost:8080/authorized") + .scope(OidcScopes.OPENID) .scope("message.read") .scope("message.write") .clientSettings(clientSettings -> clientSettings.requireUserConsent(true)) @@ -59,4 +64,9 @@ public class AuthorizationServerConfig { public CryptoKeySource keySource() { return new StaticKeyGeneratingCryptoKeySource(); } + + @Bean + public ProviderSettings providerSettings() { + return new ProviderSettings().issuer("http://auth-server:9000"); + } } diff --git a/samples/boot/oauth2-integration/client/src/main/java/sample/config/SecurityConfig.java b/samples/boot/oauth2-integration/client/src/main/java/sample/config/SecurityConfig.java index 679b114..f08964c 100644 --- a/samples/boot/oauth2-integration/client/src/main/java/sample/config/SecurityConfig.java +++ b/samples/boot/oauth2-integration/client/src/main/java/sample/config/SecurityConfig.java @@ -40,10 +40,10 @@ public class SecurityConfig { SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().permitAll() + authorizeRequests.anyRequest().authenticated() ) - .logout() - .disable() + .oauth2Login(oauth2Login -> + oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc")) .oauth2Client(withDefaults()); return http.build(); } diff --git a/samples/boot/oauth2-integration/client/src/main/resources/application.yml b/samples/boot/oauth2-integration/client/src/main/resources/application.yml index 60e6ee1..c6922f0 100644 --- a/samples/boot/oauth2-integration/client/src/main/resources/application.yml +++ b/samples/boot/oauth2-integration/client/src/main/resources/application.yml @@ -16,6 +16,14 @@ spring: oauth2: client: registration: + messaging-client-oidc: + provider: spring + client-id: messaging-client + client-secret: secret + authorization-grant-type: authorization_code + redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" + scope: openid + client-name: messaging-client-oidc messaging-client-authorization-code: provider: spring client-id: messaging-client @@ -23,16 +31,17 @@ spring: authorization-grant-type: authorization_code redirect-uri: "{baseUrl}/authorized" scope: message.read,message.write + client-name: messaging-client-authorization-code messaging-client-client-credentials: provider: spring client-id: messaging-client client-secret: secret authorization-grant-type: client_credentials scope: message.read,message.write + client-name: messaging-client-client-credentials provider: spring: - authorization-uri: http://auth-server:9000/oauth2/authorize - token-uri: http://auth-server:9000/oauth2/token + issuer-uri: http://auth-server:9000 messages: base-uri: http://localhost:8090/messages diff --git a/samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml b/samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml index fce6a17..af58f11 100644 --- a/samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml +++ b/samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml @@ -14,4 +14,4 @@ spring: oauth2: resourceserver: jwt: - jwk-set-uri: http://auth-server:9000/oauth2/jwks + issuer-uri: http://auth-server:9000