From d05f4572f8a7e9eefe9e97ff6b952b96ff04988d Mon Sep 17 00:00:00 2001 From: db Date: Tue, 31 Jul 2018 22:42:52 +0100 Subject: [PATCH] OAuth2 Principal and Authorities example - refactor and added example using custom authorization server --- .../ExtractorsApplication.java | 9 ++++++ .../configuration/SecurityConfig.java | 31 ++++++++++++++----- .../custom/BaeldungAuthoritiesExtractor.java | 29 +++++++++++++++++ .../custom/BaeldungPrincipalExtractor.java | 13 ++++++++ .../GithubAuthoritiesExtractor.java} | 4 +-- .../GithubPrincipalExtractor.java} | 4 +-- ...tion-oauth2-extractors-baeldung.properties | 6 ++++ ...ation-oauth2-extractors-github.properties} | 1 + .../oauth2extractors/ExtractorsUnitTest.java | 2 ++ .../org/baeldung/config/AuthServerConfig.java | 2 +- 10 files changed, 88 insertions(+), 13 deletions(-) create mode 100644 spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungAuthoritiesExtractor.java create mode 100644 spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungPrincipalExtractor.java rename spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/{CustomAuthoritiesExtractor.java => github/GithubAuthoritiesExtractor.java} (89%) rename spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/{CustomPrincipalExtractor.java => github/GithubPrincipalExtractor.java} (66%) create mode 100644 spring-5-security/src/main/resources/application-oauth2-extractors-baeldung.properties rename spring-5-security/src/main/resources/{application-oauth2-extractors.properties => application-oauth2-extractors-github.properties} (96%) diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java index c9a18d1599..6ab4d525bf 100644 --- a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java +++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java @@ -1,7 +1,9 @@ package com.baeldung.oauth2extractors; +import org.apache.logging.log4j.util.Strings; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.core.env.AbstractEnvironment; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -9,6 +11,13 @@ import org.springframework.web.bind.annotation.RequestMapping; @Controller public class ExtractorsApplication { public static void main(String[] args) { + if (Strings.isEmpty(System.getProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME))) { + /*System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME, + "oauth2-extractors-baeldung");*/ + System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME, + "oauth2-extractors-github"); + } + SpringApplication.run(ExtractorsApplication.class, args); } diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java index cc1258d14b..b2ea19c008 100644 --- a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java +++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java @@ -1,18 +1,19 @@ package com.baeldung.oauth2extractors.configuration; -import com.baeldung.oauth2extractors.extractor.CustomAuthoritiesExtractor; -import com.baeldung.oauth2extractors.extractor.CustomPrincipalExtractor; +import com.baeldung.oauth2extractors.extractor.custom.BaeldungAuthoritiesExtractor; +import com.baeldung.oauth2extractors.extractor.custom.BaeldungPrincipalExtractor; +import com.baeldung.oauth2extractors.extractor.github.GithubAuthoritiesExtractor; +import com.baeldung.oauth2extractors.extractor.github.GithubPrincipalExtractor; import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor; import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.PropertySource; +import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration -@PropertySource("application-oauth2-extractors.properties") @EnableOAuth2Sso public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -29,12 +30,26 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public PrincipalExtractor principalExtractor() { - return new CustomPrincipalExtractor(); + @Profile("oauth2-extractors-baeldung") + public PrincipalExtractor baeldungPrincipalExtractor() { + return new BaeldungPrincipalExtractor(); } @Bean - public AuthoritiesExtractor authoritiesExtractor() { - return new CustomAuthoritiesExtractor(); + @Profile("oauth2-extractors-baeldung") + public AuthoritiesExtractor baeldungAuthoritiesExtractor() { + return new BaeldungAuthoritiesExtractor(); + } + + @Bean + @Profile("oauth2-extractors-github") + public PrincipalExtractor githubPrincipalExtractor() { + return new GithubPrincipalExtractor(); + } + + @Bean + @Profile("oauth2-extractors-github") + public AuthoritiesExtractor githubAuthoritiesExtractor() { + return new GithubAuthoritiesExtractor(); } } \ No newline at end of file diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungAuthoritiesExtractor.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungAuthoritiesExtractor.java new file mode 100644 index 0000000000..275bcd0d31 --- /dev/null +++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungAuthoritiesExtractor.java @@ -0,0 +1,29 @@ +package com.baeldung.oauth2extractors.extractor.custom; + +import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.AuthorityUtils; + +import java.util.ArrayList; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; + +public class BaeldungAuthoritiesExtractor implements AuthoritiesExtractor { + + @Override + public List extractAuthorities(Map map) { + return AuthorityUtils + .commaSeparatedStringToAuthorityList(asAuthorities(map)); + } + + private String asAuthorities(Map map) { + List authorities = new ArrayList<>(); + authorities.add("BAELDUNG_USER"); + List> authz = (List>) map.get("authorities"); + for (LinkedHashMap entry : authz) { + authorities.add(entry.get("authority")); + } + return String.join(",", authorities); + } +} diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungPrincipalExtractor.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungPrincipalExtractor.java new file mode 100644 index 0000000000..6f1b20df10 --- /dev/null +++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/custom/BaeldungPrincipalExtractor.java @@ -0,0 +1,13 @@ +package com.baeldung.oauth2extractors.extractor.custom; + +import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor; + +import java.util.Map; + +public class BaeldungPrincipalExtractor implements PrincipalExtractor { + + @Override + public Object extractPrincipal(Map map) { + return map.get("name"); + } +} diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomAuthoritiesExtractor.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubAuthoritiesExtractor.java similarity index 89% rename from spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomAuthoritiesExtractor.java rename to spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubAuthoritiesExtractor.java index ad23f6c32f..5d90164f06 100644 --- a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomAuthoritiesExtractor.java +++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubAuthoritiesExtractor.java @@ -1,4 +1,4 @@ -package com.baeldung.oauth2extractors.extractor; +package com.baeldung.oauth2extractors.extractor.github; import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor; import org.springframework.security.core.GrantedAuthority; @@ -9,7 +9,7 @@ import java.util.List; import java.util.Map; import java.util.Objects; -public class CustomAuthoritiesExtractor implements AuthoritiesExtractor { +public class GithubAuthoritiesExtractor implements AuthoritiesExtractor { private List GITHUB_FREE_AUTHORITIES = AuthorityUtils .commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_FREE"); private List GITHUB_SUBSCRIBED_AUTHORITIES = AuthorityUtils diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomPrincipalExtractor.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubPrincipalExtractor.java similarity index 66% rename from spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomPrincipalExtractor.java rename to spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubPrincipalExtractor.java index c35522f0f3..fdc5c0c9f3 100644 --- a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomPrincipalExtractor.java +++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/github/GithubPrincipalExtractor.java @@ -1,10 +1,10 @@ -package com.baeldung.oauth2extractors.extractor; +package com.baeldung.oauth2extractors.extractor.github; import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor; import java.util.Map; -public class CustomPrincipalExtractor implements PrincipalExtractor { +public class GithubPrincipalExtractor implements PrincipalExtractor { @Override public Object extractPrincipal(Map map) { diff --git a/spring-5-security/src/main/resources/application-oauth2-extractors-baeldung.properties b/spring-5-security/src/main/resources/application-oauth2-extractors-baeldung.properties new file mode 100644 index 0000000000..6ef0f5000b --- /dev/null +++ b/spring-5-security/src/main/resources/application-oauth2-extractors-baeldung.properties @@ -0,0 +1,6 @@ +server.port=8082 +security.oauth2.client.client-id=SampleClientId +security.oauth2.client.client-secret=secret +security.oauth2.client.access-token-uri=http://localhost:8081/auth/oauth/token +security.oauth2.client.user-authorization-uri=http://localhost:8081/auth/oauth/authorize +security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user/me \ No newline at end of file diff --git a/spring-5-security/src/main/resources/application-oauth2-extractors.properties b/spring-5-security/src/main/resources/application-oauth2-extractors-github.properties similarity index 96% rename from spring-5-security/src/main/resources/application-oauth2-extractors.properties rename to spring-5-security/src/main/resources/application-oauth2-extractors-github.properties index 51d6ee7d6e..8a151dcb98 100644 --- a/spring-5-security/src/main/resources/application-oauth2-extractors.properties +++ b/spring-5-security/src/main/resources/application-oauth2-extractors-github.properties @@ -1,3 +1,4 @@ +server.port=8082 security.oauth2.client.client-id=89a7c4facbb3434d599d security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token diff --git a/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java b/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java index 164bc4933f..491d618291 100644 --- a/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java +++ b/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java @@ -6,6 +6,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; @@ -21,6 +22,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringRunner.class) @SpringBootTest(classes = ExtractorsApplication.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) @ContextConfiguration(classes = {SecurityConfig.class}) +@ActiveProfiles("oauth2-extractors-github") public class ExtractorsUnitTest { @Autowired diff --git a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java index 56229d4d38..07057c3875 100644 --- a/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java +++ b/spring-security-sso/spring-security-sso-auth-server/src/main/java/org/baeldung/config/AuthServerConfig.java @@ -30,7 +30,7 @@ public class AuthServerConfig extends AuthorizationServerConfigurerAdapter { .authorizedGrantTypes("authorization_code") .scopes("user_info") .autoApprove(true) - .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login") + .redirectUris("http://localhost:8082/ui/login","http://localhost:8083/ui2/login","http://localhost:8082/login") // .accessTokenValiditySeconds(3600) ; // 1 hour }