Authorization server & resource server combined

2020-12-10 11:44:51 +01:00
parent a90d98aa1e
commit 2445eeeea8
5 changed files with 47 additions and 3 deletions
--- a/samples/boot/oauth2-integration/authorizationserver/spring-security-samples-boot-oauth2-integrated-authorizationserver.gradle
+++ b/samples/boot/oauth2-integration/authorizationserver/spring-security-samples-boot-oauth2-integrated-authorizationserver.gradle
@@ -3,5 +3,6 @@ apply plugin: 'io.spring.convention.spring-sample-boot'
 dependencies {
 	compile 'org.springframework.boot:spring-boot-starter-web'
 	compile 'org.springframework.boot:spring-boot-starter-security'
+	compile 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
 	compile project(':spring-security-oauth2-authorization-server')
 }
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
@@ -38,9 +38,13 @@ public class DefaultSecurityConfig {
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests(authorizeRequests ->
-				authorizeRequests.anyRequest().authenticated()
+				authorizeRequests
+						.mvcMatchers("/messages/**").access("hasAuthority('SCOPE_message.read')")
+						.anyRequest().authenticated()
 			)
-			.formLogin(withDefaults());
+			.formLogin(withDefaults())
+			.oauth2ResourceServer()
+				.jwt();
 		return http.build();
 	}
 	// formatter:on
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/web/MessagesController.java
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/web/MessagesController.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package sample.web;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+@RestController
+public class MessagesController {
+
+	@GetMapping("/messages")
+	public String[] getMessages() {
+		return new String[] {"Message 1", "Message 2", "Message 3"};
+	}
+}
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/resources/application.yml
@@ -8,3 +8,10 @@ logging:
    org.springframework.security: INFO
    org.springframework.security.oauth2: INFO
 #    org.springframework.boot.autoconfigure: DEBUG
+
+spring:
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://auth-server:9000/oauth2/jwks
--- a/samples/boot/oauth2-integration/client/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/client/src/main/resources/application.yml
@@ -44,4 +44,4 @@ spring:
            issuer-uri: http://auth-server:9000

 messages:
-  base-uri: http://localhost:8090/messages
+  base-uri: http://localhost:9000/messages