mindol1004/spring-boot-rest
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #8364 from catalin-burcea/BAEL-9552

Browse Source 
[BAEL-9552] - Create spring-security-modules folder
This commit is contained in:
Josh Cummings
2019-12-16 10:55:28 -07:00
committed by GitHub
parent 2e1d1ffb01 0110c0eec5
commit 71b7954aed
712 changed files with 1140 additions and 1141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
spring-security-sso/spring-security-sso-auth-server/pom.xml
View File

@@ -1,27 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-security-sso-auth-server</artifactId>
<name>spring-security-sso-auth-server</name>
<packaging>war</packaging>
<parent>
<groupId>org.baeldung</groupId>
<artifactId>spring-security-sso</artifactId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>${oauth.version}</version>
</dependency>
</dependencies>
</project>

39
spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java
View File

@@ -1,39 +0,0 @@
package org.baeldung.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("SampleClientId")
.secret(passwordEncoder.encode("secret"))
.authorizedGrantTypes("authorization_code")
.scopes("user_info")
.autoApprove(true)
.redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login","http://www.example.com/")
// .accessTokenValiditySeconds(3600)
; // 1 hour
}
}

16
spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthorizationServerApplication.java
View File

@@ -1,16 +0,0 @@
package org.baeldung.config;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@SpringBootApplication
@EnableResourceServer
public class AuthorizationServerApplication extends SpringBootServletInitializer {
public static void main(String[] args) {
SpringApplication.run(AuthorizationServerApplication.class, args);
}
}

41
spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/SecurityConfig.java
View File

@@ -1,41 +0,0 @@
package org.baeldung.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception { // @formatter:off
http.requestMatchers()
.antMatchers("/login", "/oauth/authorize")
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll()
.and().csrf().disable();
} // @formatter:on
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off
auth.inMemoryAuthentication()
.withUser("john")
.password(passwordEncoder().encode("123"))
.roles("USER");
} // @formatter:on
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}

16
spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/UserController.java
View File

@@ -1,16 +0,0 @@
package org.baeldung.config;
import java.security.Principal;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class UserController {
@RequestMapping("/user/me")
public Principal user(Principal principal) {
System.out.println(principal);
return principal;
}
}

3
spring-security-sso/spring-security-sso-auth-server/src/main/resources/application.properties
View File

@@ -1,3 +0,0 @@
server.port=8081
server.servlet.context-path=/auth
#logging.level.org.springframework=DEBUG

13
spring-security-sso/spring-security-sso-auth-server/src/main/resources/logback.xml
View File

@@ -1,13 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
</configuration>

18
spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/SpringContextTest.java
View File

@@ -1,18 +0,0 @@
package org.baeldung;
import org.baeldung.config.AuthorizationServerApplication;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = AuthorizationServerApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
public class SpringContextTest {
@Test
public void whenLoadApplication_thenSuccess() {
}
}

51
spring-security-sso/spring-security-sso-auth-server/src/test/java/org/baeldung/UserInfoEndpointLiveTest.java
View File

@@ -1,51 +0,0 @@
package org.baeldung;
import static org.junit.Assert.assertEquals;
import java.util.HashMap;
import java.util.Map;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import io.restassured.RestAssured;
import io.restassured.response.Response;
public class UserInfoEndpointLiveTest {
@Test
public void givenAccessToken_whenAccessUserInfoEndpoint_thenSuccess() {
String accessToken = obtainAccessTokenUsingAuthorizationCodeFlow("john","123");
Response response = RestAssured.given().header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken).get("http://localhost:8081/auth/user/me");
assertEquals(HttpStatus.OK.value(), response.getStatusCode());
assertEquals("john", response.jsonPath().get("name"));
}
private String obtainAccessTokenUsingAuthorizationCodeFlow(String username, String password) {
final String authServerUri = "http://localhost:8081/auth";
final String redirectUrl = "http://www.example.com/";
final String authorizeUrl = authServerUri + "/oauth/authorize?response_type=code&client_id=SampleClientId&redirect_uri=" + redirectUrl;
final String tokenUrl = authServerUri + "/oauth/token";
// user login
Response response = RestAssured.given().formParams("username", username, "password", password).post(authServerUri + "/login");
final String cookieValue = response.getCookie("JSESSIONID");
// get authorization code
RestAssured.given().cookie("JSESSIONID", cookieValue).get(authorizeUrl);
response = RestAssured.given().cookie("JSESSIONID", cookieValue).post(authorizeUrl);
assertEquals(HttpStatus.FOUND.value(), response.getStatusCode());
final String location = response.getHeader(HttpHeaders.LOCATION);
final String code = location.substring(location.indexOf("code=") + 5);
// get access token
Map<String, String> params = new HashMap<String, String>();
params.put("grant_type", "authorization_code");
params.put("code", code);
params.put("client_id", "SampleClientId");
params.put("redirect_uri", redirectUrl);
response = RestAssured.given().auth().basic("SampleClientId", "secret").formParams(params).post(tokenUrl);
return response.jsonPath().getString("access_token");
}
}