From 2445eeeea8a4e488ae2ae01dce00e19e195e720f Mon Sep 17 00:00:00 2001
From: Daniel Garnier-Moiroux <dgarnier@vmware.com>
Date: Thu, 10 Dec 2020 11:44:51 +0100
Subject: [PATCH] Authorization server & resource server combined

---
 ...uth2-integrated-authorizationserver.gradle |  1 +
 .../sample/config/DefaultSecurityConfig.java  |  8 +++--
 .../java/sample/web/MessagesController.java   | 32 +++++++++++++++++++
 .../src/main/resources/application.yml        |  7 ++++
 .../client/src/main/resources/application.yml |  2 +-
 5 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/web/MessagesController.java

diff --git a/samples/boot/oauth2-integration/authorizationserver/spring-security-samples-boot-oauth2-integrated-authorizationserver.gradle b/samples/boot/oauth2-integration/authorizationserver/spring-security-samples-boot-oauth2-integrated-authorizationserver.gradle
index b53da68d..ce4ee81a 100644
--- a/samples/boot/oauth2-integration/authorizationserver/spring-security-samples-boot-oauth2-integrated-authorizationserver.gradle
+++ b/samples/boot/oauth2-integration/authorizationserver/spring-security-samples-boot-oauth2-integrated-authorizationserver.gradle
@@ -3,5 +3,6 @@ apply plugin: 'io.spring.convention.spring-sample-boot'
 dependencies {
 	compile 'org.springframework.boot:spring-boot-starter-web'
 	compile 'org.springframework.boot:spring-boot-starter-security'
+	compile 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
 	compile project(':spring-security-oauth2-authorization-server')
 }
diff --git a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
index 9d569197..ef022339 100644
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
@@ -38,9 +38,13 @@ public class DefaultSecurityConfig {
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests(authorizeRequests ->
-				authorizeRequests.anyRequest().authenticated()
+				authorizeRequests
+						.mvcMatchers("/messages/**").access("hasAuthority('SCOPE_message.read')")
+						.anyRequest().authenticated()
 			)
-			.formLogin(withDefaults());
+			.formLogin(withDefaults())
+			.oauth2ResourceServer()
+				.jwt();
 		return http.build();
 	}
 	// formatter:on
diff --git a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/web/MessagesController.java b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/web/MessagesController.java
new file mode 100644
index 00000000..501fb2d5
--- /dev/null
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/web/MessagesController.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package sample.web;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+@RestController
+public class MessagesController {
+
+	@GetMapping("/messages")
+	public String[] getMessages() {
+		return new String[] {"Message 1", "Message 2", "Message 3"};
+	}
+}
diff --git a/samples/boot/oauth2-integration/authorizationserver/src/main/resources/application.yml b/samples/boot/oauth2-integration/authorizationserver/src/main/resources/application.yml
index 5e879a67..cbcfb2d1 100644
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/resources/application.yml
@@ -8,3 +8,10 @@ logging:
     org.springframework.security: INFO
     org.springframework.security.oauth2: INFO
 #    org.springframework.boot.autoconfigure: DEBUG
+
+spring:
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://auth-server:9000/oauth2/jwks
diff --git a/samples/boot/oauth2-integration/client/src/main/resources/application.yml b/samples/boot/oauth2-integration/client/src/main/resources/application.yml
index c6922f08..ba2c2432 100644
--- a/samples/boot/oauth2-integration/client/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/client/src/main/resources/application.yml
@@ -44,4 +44,4 @@ spring:
             issuer-uri: http://auth-server:9000
 
 messages:
-  base-uri: http://localhost:8090/messages
+  base-uri: http://localhost:9000/messages