Update sample to use OpenID Connect and Provider Configuration endpoint

Issue gh-53 gh-55
This commit is contained in:
Joe Grandja 2020-12-10 15:46:56 -05:00
parent f2bb523105
commit 668bb069f2
4 changed files with 25 additions and 6 deletions

View File

@ -23,9 +23,11 @@ import org.springframework.security.crypto.key.CryptoKeySource;
import org.springframework.security.crypto.key.StaticKeyGeneratingCryptoKeySource; import org.springframework.security.crypto.key.StaticKeyGeneratingCryptoKeySource;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
import java.util.UUID; import java.util.UUID;
@ -45,8 +47,11 @@ public class AuthorizationServerConfig {
.clientSecret("secret") .clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://localhost:8080/login/oauth2/code/messaging-client-oidc")
.redirectUri("http://localhost:8080/authorized") .redirectUri("http://localhost:8080/authorized")
.scope(OidcScopes.OPENID)
.scope("message.read") .scope("message.read")
.scope("message.write") .scope("message.write")
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true)) .clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
@ -59,4 +64,9 @@ public class AuthorizationServerConfig {
public CryptoKeySource keySource() { public CryptoKeySource keySource() {
return new StaticKeyGeneratingCryptoKeySource(); return new StaticKeyGeneratingCryptoKeySource();
} }
@Bean
public ProviderSettings providerSettings() {
return new ProviderSettings().issuer("http://auth-server:9000");
}
} }

View File

@ -40,10 +40,10 @@ public class SecurityConfig {
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http http
.authorizeRequests(authorizeRequests -> .authorizeRequests(authorizeRequests ->
authorizeRequests.anyRequest().permitAll() authorizeRequests.anyRequest().authenticated()
) )
.logout() .oauth2Login(oauth2Login ->
.disable() oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc"))
.oauth2Client(withDefaults()); .oauth2Client(withDefaults());
return http.build(); return http.build();
} }

View File

@ -16,6 +16,14 @@ spring:
oauth2: oauth2:
client: client:
registration: registration:
messaging-client-oidc:
provider: spring
client-id: messaging-client
client-secret: secret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
scope: openid
client-name: messaging-client-oidc
messaging-client-authorization-code: messaging-client-authorization-code:
provider: spring provider: spring
client-id: messaging-client client-id: messaging-client
@ -23,16 +31,17 @@ spring:
authorization-grant-type: authorization_code authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/authorized" redirect-uri: "{baseUrl}/authorized"
scope: message.read,message.write scope: message.read,message.write
client-name: messaging-client-authorization-code
messaging-client-client-credentials: messaging-client-client-credentials:
provider: spring provider: spring
client-id: messaging-client client-id: messaging-client
client-secret: secret client-secret: secret
authorization-grant-type: client_credentials authorization-grant-type: client_credentials
scope: message.read,message.write scope: message.read,message.write
client-name: messaging-client-client-credentials
provider: provider:
spring: spring:
authorization-uri: http://auth-server:9000/oauth2/authorize issuer-uri: http://auth-server:9000
token-uri: http://auth-server:9000/oauth2/token
messages: messages:
base-uri: http://localhost:8090/messages base-uri: http://localhost:8090/messages

View File

@ -14,4 +14,4 @@ spring:
oauth2: oauth2:
resourceserver: resourceserver:
jwt: jwt:
jwk-set-uri: http://auth-server:9000/oauth2/jwks issuer-uri: http://auth-server:9000