forked from Baeldung/spring-security-oauth
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BAEL-4754 Spring Security OAuth Authorization Server
- Loading branch information
majewsk6
committed
Mar 3, 2021
1 parent
cb0fe2e
commit 1842fdc
Showing
18 changed files
with
487 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<groupId>com.baeldung</groupId> | ||
<artifactId>authorization-server</artifactId> | ||
<version>0.1.0-SNAPSHOT</version> | ||
<packaging>jar</packaging> | ||
|
||
<parent> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-parent</artifactId> | ||
<version>2.4.3</version> | ||
<relativePath/> <!-- lookup parent from repository --> | ||
</parent> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-web</artifactId> | ||
<version>2.4.3</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-security</artifactId> | ||
<version>2.4.3</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.security.experimental</groupId> | ||
<artifactId>spring-security-oauth2-authorization-server</artifactId> | ||
<version>0.1.0</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<properties> | ||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
<java.version>11</java.version> | ||
</properties> | ||
|
||
</project> |
13 changes: 13 additions & 0 deletions
13
...authorization-server/src/main/java/com/baeldung/OAuth2AuthorizationServerApplication.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package com.baeldung; | ||
|
||
import org.springframework.boot.SpringApplication; | ||
import org.springframework.boot.autoconfigure.SpringBootApplication; | ||
|
||
@SpringBootApplication | ||
public class OAuth2AuthorizationServerApplication { | ||
|
||
public static void main(String[] args) { | ||
SpringApplication.run(OAuth2AuthorizationServerApplication.class, args); | ||
} | ||
|
||
} |
73 changes: 73 additions & 0 deletions
73
...ver/authorization-server/src/main/java/com/baeldung/config/AuthorizationServerConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package com.baeldung.config; | ||
|
||
import com.nimbusds.jose.jwk.JWKSet; | ||
import com.nimbusds.jose.jwk.RSAKey; | ||
import com.nimbusds.jose.jwk.source.JWKSource; | ||
import com.nimbusds.jose.proc.SecurityContext; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.context.annotation.Import; | ||
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; | ||
import org.springframework.security.oauth2.core.AuthorizationGrantType; | ||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; | ||
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; | ||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; | ||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; | ||
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings; | ||
|
||
import java.security.KeyPair; | ||
import java.security.KeyPairGenerator; | ||
import java.security.interfaces.RSAPrivateKey; | ||
import java.security.interfaces.RSAPublicKey; | ||
import java.util.UUID; | ||
|
||
@Configuration(proxyBeanMethods = false) | ||
@Import(OAuth2AuthorizationServerConfiguration.class) | ||
public class AuthorizationServerConfig { | ||
|
||
@Bean | ||
public RegisteredClientRepository registeredClientRepository() { | ||
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) | ||
.clientId("article-client").clientSecret("secret") | ||
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) | ||
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) | ||
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) | ||
.redirectUri("http://localhost:8080/login/oauth2/code/articles-client-oidc") | ||
.scope("articles.read").build(); | ||
return new InMemoryRegisteredClientRepository(registeredClient); | ||
} | ||
|
||
@Bean | ||
public JWKSource<SecurityContext> jwkSource() { | ||
RSAKey rsaKey = generateRsa(); | ||
JWKSet jwkSet = new JWKSet(rsaKey); | ||
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); | ||
} | ||
|
||
private static RSAKey generateRsa() { | ||
KeyPair keyPair = generateRsaKey(); | ||
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); | ||
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); | ||
return new RSAKey.Builder(publicKey) | ||
.privateKey(privateKey) | ||
.keyID(UUID.randomUUID().toString()) | ||
.build(); | ||
} | ||
|
||
private static KeyPair generateRsaKey() { | ||
KeyPair keyPair; | ||
try { | ||
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); | ||
keyPairGenerator.initialize(2048); | ||
keyPair = keyPairGenerator.generateKeyPair(); | ||
} catch (Exception ex) { | ||
throw new IllegalStateException(ex); | ||
} | ||
return keyPair; | ||
} | ||
|
||
@Bean | ||
public ProviderSettings providerSettings() { | ||
return new ProviderSettings().issuer("http://127.0.0.1:9000"); | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
...-server/authorization-server/src/main/java/com/baeldung/config/DefaultSecurityConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
package com.baeldung.config; | ||
|
||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.core.userdetails.User; | ||
import org.springframework.security.core.userdetails.UserDetails; | ||
import org.springframework.security.core.userdetails.UserDetailsService; | ||
import org.springframework.security.provisioning.InMemoryUserDetailsManager; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
|
||
import static org.springframework.security.config.Customizer.withDefaults; | ||
|
||
@EnableWebSecurity | ||
public class DefaultSecurityConfig { | ||
|
||
@Bean | ||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { | ||
http.authorizeRequests(authorizeRequests -> | ||
authorizeRequests.anyRequest().authenticated() | ||
) | ||
.formLogin(withDefaults()); | ||
return http.build(); | ||
} | ||
|
||
@Bean | ||
UserDetailsService users() { | ||
UserDetails user = User.withDefaultPasswordEncoder() | ||
.username("admin") | ||
.password("password") | ||
.roles("USER") | ||
.build(); | ||
return new InMemoryUserDetailsManager(user); | ||
} | ||
|
||
} |
9 changes: 9 additions & 0 deletions
9
oauth-authorization-server/authorization-server/src/main/resources/application.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
server: | ||
port: 9000 | ||
|
||
logging: | ||
level: | ||
root: INFO | ||
org.springframework.web: INFO | ||
org.springframework.security: INFO | ||
org.springframework.security.oauth2: INFO |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<groupId>com.baeldung</groupId> | ||
<artifactId>client-server</artifactId> | ||
<version>0.1.0-SNAPSHOT</version> | ||
<packaging>jar</packaging> | ||
|
||
<parent> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-parent</artifactId> | ||
<version>2.4.3</version> | ||
<relativePath/> <!-- lookup parent from repository --> | ||
</parent> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-web</artifactId> | ||
<version>2.4.3</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-security</artifactId> | ||
<version>2.4.3</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-oauth2-client</artifactId> | ||
<version>2.4.3</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework</groupId> | ||
<artifactId>spring-webflux</artifactId> | ||
<version>5.3.4</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.projectreactor.netty</groupId> | ||
<artifactId>reactor-netty</artifactId> | ||
<version>1.0.4</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<properties> | ||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
<java.version>11</java.version> | ||
</properties> | ||
|
||
</project> |
13 changes: 13 additions & 0 deletions
13
...uthorization-server/client-server/src/main/java/com/baeldung/OAuth2ClientApplication.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package com.baeldung; | ||
|
||
import org.springframework.boot.SpringApplication; | ||
import org.springframework.boot.autoconfigure.SpringBootApplication; | ||
|
||
@SpringBootApplication | ||
public class OAuth2ClientApplication { | ||
|
||
public static void main(String[] args) { | ||
SpringApplication.run(OAuth2ClientApplication.class, args); | ||
} | ||
|
||
} |
24 changes: 24 additions & 0 deletions
24
...-authorization-server/client-server/src/main/java/com/baeldung/config/SecurityConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package com.baeldung.config; | ||
|
||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
|
||
import static org.springframework.security.config.Customizer.withDefaults; | ||
|
||
@EnableWebSecurity | ||
public class SecurityConfig { | ||
|
||
@Bean | ||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { | ||
http | ||
.authorizeRequests(authorizeRequests -> | ||
authorizeRequests.anyRequest().authenticated() | ||
) | ||
.oauth2Login(oauth2Login -> | ||
oauth2Login.loginPage("/oauth2/authorization/articles-client-oidc")) | ||
.oauth2Client(withDefaults()); | ||
return http.build(); | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
...authorization-server/client-server/src/main/java/com/baeldung/config/WebClientConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package com.baeldung.config; | ||
|
||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager; | ||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider; | ||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder; | ||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; | ||
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager; | ||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; | ||
import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction; | ||
import org.springframework.web.reactive.function.client.WebClient; | ||
|
||
@Configuration | ||
public class WebClientConfig { | ||
|
||
@Bean | ||
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) { | ||
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client = | ||
new ServletOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager); | ||
return WebClient.builder() | ||
.apply(oauth2Client.oauth2Configuration()) | ||
.build(); | ||
} | ||
|
||
@Bean | ||
OAuth2AuthorizedClientManager authorizedClientManager( | ||
ClientRegistrationRepository clientRegistrationRepository, | ||
OAuth2AuthorizedClientRepository authorizedClientRepository) { | ||
|
||
OAuth2AuthorizedClientProvider authorizedClientProvider = | ||
OAuth2AuthorizedClientProviderBuilder.builder() | ||
.authorizationCode() | ||
.refreshToken() | ||
.build(); | ||
DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( | ||
clientRegistrationRepository, authorizedClientRepository); | ||
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); | ||
|
||
return authorizedClientManager; | ||
} | ||
} |
26 changes: 26 additions & 0 deletions
26
...authorization-server/client-server/src/main/java/com/baeldung/web/ArticlesController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package com.baeldung.web; | ||
|
||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; | ||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
import org.springframework.web.bind.annotation.RestController; | ||
import org.springframework.web.reactive.function.client.WebClient; | ||
|
||
import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; | ||
|
||
@RestController | ||
public class ArticlesController { | ||
|
||
private WebClient webClient; | ||
|
||
@GetMapping(value = "/articles") | ||
public String[] getArticles(@RegisteredOAuth2AuthorizedClient("articles-client-authorization-code") OAuth2AuthorizedClient authorizedClient) { | ||
return this.webClient | ||
.get() | ||
.uri("http://localhost:8090/articles") | ||
.attributes(oauth2AuthorizedClient(authorizedClient)) | ||
.retrieve() | ||
.bodyToMono(String[].class) | ||
.block(); | ||
} | ||
} |
34 changes: 34 additions & 0 deletions
34
oauth-authorization-server/client-server/src/main/resources/application.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
server: | ||
port: 8080 | ||
|
||
logging: | ||
level: | ||
root: INFO | ||
org.springframework.web: INFO | ||
org.springframework.security: INFO | ||
org.springframework.security.oauth2: INFO | ||
|
||
spring: | ||
security: | ||
oauth2: | ||
client: | ||
registration: | ||
articles-client-oidc: | ||
provider: spring | ||
client-id: articles-client | ||
client-secret: secret | ||
authorization-grant-type: authorization_code | ||
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" | ||
scope: openid | ||
client-name: articles-client-oidc | ||
articles-client-authorization-code: | ||
provider: spring | ||
client-id: articles-client | ||
client-secret: secret | ||
authorization-grant-type: authorization_code | ||
redirect-uri: "{baseUrl}/authorized" | ||
scope: articles.read | ||
client-name: articles-client-authorization-code | ||
provider: | ||
spring: | ||
issuer-uri: http://127.0.0.1:9000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<description>Spring Security OAuth Authorization Server</description> | ||
|
||
<groupId>com.baeldung</groupId> | ||
<artifactId>oauth-authorization-server</artifactId> | ||
<version>0.1.0-SNAPSHOT</version> | ||
<packaging>pom</packaging> | ||
|
||
<modules> | ||
<module>authorization-server</module> | ||
<module>resource-server</module> | ||
<module>client-server</module> | ||
</modules> | ||
|
||
</project> |
Oops, something went wrong.