├── README.md
├── build.gradle
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
└── src
├── main
├── java
│ └── org
│ │ └── springframework
│ │ └── security
│ │ └── oauth
│ │ └── samples
│ │ ├── SampleApplication.java
│ │ ├── config
│ │ ├── AuthorizationServerConfig.java
│ │ ├── OAuth2ClientConfig.java
│ │ ├── ResourceServerConfig.java
│ │ └── SecurityConfig.java
│ │ └── web
│ │ ├── DefaultController.java
│ │ ├── MessagesController.java
│ │ └── MessagingAppController.java
└── resources
│ ├── application.yml
│ ├── static
│ └── css
│ │ └── main.css
│ └── templates
│ ├── index.html
│ ├── login.html
│ └── user
│ └── index.html
└── test
└── java
└── org
└── springframework
└── security
└── oauth
└── samples
└── SampleApplicationTests.java
/README.md:
--------------------------------------------------------------------------------
1 | # spring-security-oauth-sample
--------------------------------------------------------------------------------
/build.gradle:
--------------------------------------------------------------------------------
1 | buildscript {
2 | repositories {
3 | maven { url "https://repo.spring.io/plugins-release" }
4 | }
5 | dependencies {
6 | classpath("org.springframework.boot:spring-boot-gradle-plugin:1.4.0.RELEASE")
7 | }
8 | }
9 |
10 | group = 'org.springframework.security.oauth.samples'
11 | version = '1.0-SNAPSHOT'
12 |
13 | apply plugin: 'java'
14 | apply plugin: 'spring-boot'
15 |
16 | sourceCompatibility = 1.8
17 | targetCompatibility = 1.8
18 |
19 | repositories {
20 | mavenCentral()
21 | }
22 |
23 | springBoot {
24 | mainClass = 'org.springframework.security.oauth.samples.SampleApplication'
25 | }
26 |
27 | dependencies {
28 | compile 'org.springframework.boot:spring-boot-starter-web',
29 | 'org.springframework.boot:spring-boot-starter-security',
30 | 'org.springframework.boot:spring-boot-starter-thymeleaf',
31 | 'org.thymeleaf.extras:thymeleaf-extras-springsecurity4:2.1.2.RELEASE',
32 | 'org.springframework.security.oauth:spring-security-oauth2:2.0.11.RELEASE'
33 |
34 | testCompile 'org.springframework.boot:spring-boot-starter-test',
35 | 'org.springframework.security:spring-security-test',
36 | 'junit:junit:4.12'
37 | }
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jgrandja/spring-security-oauth-sample/dbb24595701e82ae62b1190a070630efe5cee096/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Fri Aug 19 17:01:32 EDT 2016
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-2.13-bin.zip
7 |
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | ##############################################################################
4 | ##
5 | ## Gradle start up script for UN*X
6 | ##
7 | ##############################################################################
8 |
9 | # Attempt to set APP_HOME
10 | # Resolve links: $0 may be a link
11 | PRG="$0"
12 | # Need this for relative symlinks.
13 | while [ -h "$PRG" ] ; do
14 | ls=`ls -ld "$PRG"`
15 | link=`expr "$ls" : '.*-> \(.*\)$'`
16 | if expr "$link" : '/.*' > /dev/null; then
17 | PRG="$link"
18 | else
19 | PRG=`dirname "$PRG"`"/$link"
20 | fi
21 | done
22 | SAVED="`pwd`"
23 | cd "`dirname \"$PRG\"`/" >/dev/null
24 | APP_HOME="`pwd -P`"
25 | cd "$SAVED" >/dev/null
26 |
27 | APP_NAME="Gradle"
28 | APP_BASE_NAME=`basename "$0"`
29 |
30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
31 | DEFAULT_JVM_OPTS=""
32 |
33 | # Use the maximum available, or set MAX_FD != -1 to use that value.
34 | MAX_FD="maximum"
35 |
36 | warn ( ) {
37 | echo "$*"
38 | }
39 |
40 | die ( ) {
41 | echo
42 | echo "$*"
43 | echo
44 | exit 1
45 | }
46 |
47 | # OS specific support (must be 'true' or 'false').
48 | cygwin=false
49 | msys=false
50 | darwin=false
51 | nonstop=false
52 | case "`uname`" in
53 | CYGWIN* )
54 | cygwin=true
55 | ;;
56 | Darwin* )
57 | darwin=true
58 | ;;
59 | MINGW* )
60 | msys=true
61 | ;;
62 | NONSTOP* )
63 | nonstop=true
64 | ;;
65 | esac
66 |
67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
68 |
69 | # Determine the Java command to use to start the JVM.
70 | if [ -n "$JAVA_HOME" ] ; then
71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
72 | # IBM's JDK on AIX uses strange locations for the executables
73 | JAVACMD="$JAVA_HOME/jre/sh/java"
74 | else
75 | JAVACMD="$JAVA_HOME/bin/java"
76 | fi
77 | if [ ! -x "$JAVACMD" ] ; then
78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
79 |
80 | Please set the JAVA_HOME variable in your environment to match the
81 | location of your Java installation."
82 | fi
83 | else
84 | JAVACMD="java"
85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
86 |
87 | Please set the JAVA_HOME variable in your environment to match the
88 | location of your Java installation."
89 | fi
90 |
91 | # Increase the maximum file descriptors if we can.
92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
93 | MAX_FD_LIMIT=`ulimit -H -n`
94 | if [ $? -eq 0 ] ; then
95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
96 | MAX_FD="$MAX_FD_LIMIT"
97 | fi
98 | ulimit -n $MAX_FD
99 | if [ $? -ne 0 ] ; then
100 | warn "Could not set maximum file descriptor limit: $MAX_FD"
101 | fi
102 | else
103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
104 | fi
105 | fi
106 |
107 | # For Darwin, add options to specify how the application appears in the dock
108 | if $darwin; then
109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
110 | fi
111 |
112 | # For Cygwin, switch paths to Windows format before running java
113 | if $cygwin ; then
114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
116 | JAVACMD=`cygpath --unix "$JAVACMD"`
117 |
118 | # We build the pattern for arguments to be converted via cygpath
119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 | SEP=""
121 | for dir in $ROOTDIRSRAW ; do
122 | ROOTDIRS="$ROOTDIRS$SEP$dir"
123 | SEP="|"
124 | done
125 | OURCYGPATTERN="(^($ROOTDIRS))"
126 | # Add a user-defined pattern to the cygpath arguments
127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 | fi
130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 | i=0
132 | for arg in "$@" ; do
133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
135 |
136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 | else
139 | eval `echo args$i`="\"$arg\""
140 | fi
141 | i=$((i+1))
142 | done
143 | case $i in
144 | (0) set -- ;;
145 | (1) set -- "$args0" ;;
146 | (2) set -- "$args0" "$args1" ;;
147 | (3) set -- "$args0" "$args1" "$args2" ;;
148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 | esac
155 | fi
156 |
157 | # Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
158 | function splitJvmOpts() {
159 | JVM_OPTS=("$@")
160 | }
161 | eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
162 | JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
163 |
164 | exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
165 |
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
1 | @if "%DEBUG%" == "" @echo off
2 | @rem ##########################################################################
3 | @rem
4 | @rem Gradle startup script for Windows
5 | @rem
6 | @rem ##########################################################################
7 |
8 | @rem Set local scope for the variables with windows NT shell
9 | if "%OS%"=="Windows_NT" setlocal
10 |
11 | set DIRNAME=%~dp0
12 | if "%DIRNAME%" == "" set DIRNAME=.
13 | set APP_BASE_NAME=%~n0
14 | set APP_HOME=%DIRNAME%
15 |
16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
17 | set DEFAULT_JVM_OPTS=
18 |
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 |
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 |
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 |
32 | goto fail
33 |
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 |
38 | if exist "%JAVA_EXE%" goto init
39 |
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 |
46 | goto fail
47 |
48 | :init
49 | @rem Get command-line arguments, handling Windows variants
50 |
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 | if "%@eval[2+2]" == "4" goto 4NT_args
53 |
54 | :win9xME_args
55 | @rem Slurp the command line arguments.
56 | set CMD_LINE_ARGS=
57 | set _SKIP=2
58 |
59 | :win9xME_args_slurp
60 | if "x%~1" == "x" goto execute
61 |
62 | set CMD_LINE_ARGS=%*
63 | goto execute
64 |
65 | :4NT_args
66 | @rem Get arguments from the 4NT Shell from JP Software
67 | set CMD_LINE_ARGS=%$
68 |
69 | :execute
70 | @rem Setup the command line
71 |
72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
73 |
74 | @rem Execute Gradle
75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
76 |
77 | :end
78 | @rem End local scope for the variables with windows NT shell
79 | if "%ERRORLEVEL%"=="0" goto mainEnd
80 |
81 | :fail
82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
83 | rem the _cmd.exe /c_ return code!
84 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
85 | exit /b 1
86 |
87 | :mainEnd
88 | if "%OS%"=="Windows_NT" endlocal
89 |
90 | :omega
91 |
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/SampleApplication.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples;
17 |
18 | import org.springframework.boot.SpringApplication;
19 | import org.springframework.boot.autoconfigure.SpringBootApplication;
20 |
21 | /**
22 | * @author Joe Grandja
23 | */
24 | @SpringBootApplication
25 | public class SampleApplication {
26 |
27 | public static void main(String[] args) {
28 | SpringApplication.run(SampleApplication.class, args);
29 | }
30 |
31 | }
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/config/AuthorizationServerConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.config;
17 |
18 | import org.springframework.beans.factory.annotation.Value;
19 | import org.springframework.context.annotation.Configuration;
20 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
21 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
22 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
23 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
24 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
25 |
26 | /**
27 | * @author Joe Grandja
28 | */
29 | @Configuration
30 | @EnableAuthorizationServer
31 | public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
32 |
33 | @Value("${server.url}")
34 | private String serverUrl;
35 |
36 | @Override
37 | public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
38 | super.configure(security);
39 | }
40 |
41 | @Override
42 | public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
43 | // @formatter:off
44 | clients.inMemory()
45 | .withClient("messaging-app-client")
46 | .authorizedGrantTypes("authorization_code", "refresh_token")
47 | .authorities("ROLE_CLIENT", "ROLE_MESSAGING_CLIENT")
48 | .scopes("message.read", "message.write")
49 | .secret("secret")
50 | .redirectUris(serverUrl + "/messaging")
51 | .and()
52 | .withClient("basic-client")
53 | .authorizedGrantTypes("client_credentials")
54 | .authorities("ROLE_CLIENT", "ROLE_MESSAGING_CLIENT")
55 | .scopes("message.read")
56 | .secret("secret");
57 | // @formatter:on
58 | }
59 |
60 | @Override
61 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
62 | super.configure(endpoints);
63 | }
64 | }
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/config/OAuth2ClientConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.config;
17 |
18 | import org.springframework.beans.factory.annotation.Autowired;
19 | import org.springframework.beans.factory.annotation.Qualifier;
20 | import org.springframework.boot.context.properties.ConfigurationProperties;
21 | import org.springframework.context.annotation.Bean;
22 | import org.springframework.context.annotation.Configuration;
23 | import org.springframework.security.oauth2.client.OAuth2ClientContext;
24 | import org.springframework.security.oauth2.client.OAuth2RestTemplate;
25 | import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
26 | import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
27 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
28 |
29 | /**
30 | * @author Joe Grandja
31 | */
32 | @Configuration
33 | @EnableOAuth2Client
34 | public class OAuth2ClientConfig {
35 |
36 | @Autowired
37 | @Qualifier("messagingAppClientDetails")
38 | private OAuth2ProtectedResourceDetails messagingAppClientDetails;
39 |
40 | @Autowired
41 | private OAuth2ClientContext oauth2ClientContext;
42 |
43 | @Bean
44 | public OAuth2RestTemplate messagingAppRestTemplate() {
45 | return new OAuth2RestTemplate(messagingAppClientDetails, oauth2ClientContext);
46 | }
47 |
48 | @ConfigurationProperties(prefix = "security.oauth2.client.messaging-app-client")
49 | @Bean
50 | public OAuth2ProtectedResourceDetails messagingAppClientDetails() {
51 | return new AuthorizationCodeResourceDetails();
52 | }
53 | }
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/config/ResourceServerConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.config;
17 |
18 | import org.springframework.context.annotation.Configuration;
19 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
20 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
21 | import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
22 | import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
23 |
24 | /**
25 | * @author Joe Grandja
26 | */
27 | @Configuration
28 | @EnableResourceServer
29 | public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
30 | private static final String RESOURCE_ID = "messages-resource";
31 |
32 | @Override
33 | public void configure(ResourceServerSecurityConfigurer security) throws Exception {
34 | security.resourceId(RESOURCE_ID);
35 | }
36 |
37 | @Override
38 | public void configure(HttpSecurity http) throws Exception {
39 | // @formatter:off
40 | http
41 | .antMatcher("/messages/**")
42 | .authorizeRequests()
43 | .antMatchers("/messages/**").access("#oauth2.hasScope('message.read') or hasRole('CLIENT') or hasRole('MESSAGING_CLIENT')");
44 | // @formatter:on
45 | }
46 | }
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.config;
17 |
18 | import org.springframework.beans.factory.annotation.Autowired;
19 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
20 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
21 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
22 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
23 |
24 | /**
25 | * @author Joe Grandja
26 | */
27 | @EnableWebSecurity
28 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
29 |
30 | // @formatter:off
31 | @Override
32 | protected void configure(HttpSecurity http) throws Exception {
33 | http
34 | .authorizeRequests()
35 | .antMatchers("/css/**", "/index").permitAll()
36 | .antMatchers("/user/**").hasRole("USER")
37 | .and()
38 | .formLogin().loginPage("/login").failureUrl("/login-error");
39 | }
40 | // @formatter:on
41 |
42 | // @formatter:off
43 | @Autowired
44 | public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
45 | auth
46 | .inMemoryAuthentication()
47 | .withUser("user").password("password").roles("USER");
48 | }
49 | // @formatter:on
50 | }
51 |
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/web/DefaultController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.web;
17 |
18 | import org.springframework.stereotype.Controller;
19 | import org.springframework.ui.Model;
20 | import org.springframework.web.bind.annotation.RequestMapping;
21 |
22 | /**
23 | * @author Joe Grandja
24 | */
25 | @Controller
26 | public class DefaultController {
27 |
28 | @RequestMapping("/")
29 | public String root() {
30 | return "redirect:/index";
31 | }
32 |
33 | @RequestMapping("/index")
34 | public String index() {
35 | return "index";
36 | }
37 |
38 | @RequestMapping("/user/index")
39 | public String userIndex() {
40 | return "user/index";
41 | }
42 |
43 | @RequestMapping("/login")
44 | public String login() {
45 | return "login";
46 | }
47 |
48 | @RequestMapping("/login-error")
49 | public String loginError(Model model) {
50 | model.addAttribute("loginError", true);
51 | return login();
52 | }
53 |
54 | }
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/web/MessagesController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.web;
17 |
18 | import org.springframework.web.bind.annotation.RequestMapping;
19 | import org.springframework.web.bind.annotation.RequestMethod;
20 | import org.springframework.web.bind.annotation.RestController;
21 |
22 | /**
23 | * @author Joe Grandja
24 | */
25 | @RestController
26 | @RequestMapping("/messages")
27 | public class MessagesController {
28 |
29 | @RequestMapping(method = RequestMethod.GET)
30 | public String[] getMessages() {
31 | String[] messages = new String[] {"Message 1", "Message 2", "Message 3"};
32 |
33 | return messages;
34 | }
35 |
36 | }
--------------------------------------------------------------------------------
/src/main/java/org/springframework/security/oauth/samples/web/MessagingAppController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples.web;
17 |
18 | import org.springframework.beans.factory.annotation.Autowired;
19 | import org.springframework.beans.factory.annotation.Qualifier;
20 | import org.springframework.beans.factory.annotation.Value;
21 | import org.springframework.security.oauth2.client.OAuth2RestTemplate;
22 | import org.springframework.stereotype.Controller;
23 | import org.springframework.web.bind.annotation.RequestMapping;
24 | import org.springframework.web.bind.annotation.RequestMethod;
25 | import org.springframework.web.bind.annotation.ResponseBody;
26 |
27 | /**
28 | * @author Joe Grandja
29 | */
30 | @Controller
31 | @RequestMapping("/messaging")
32 | public class MessagingAppController {
33 |
34 | @Value("${messages.base-uri}")
35 | private String messagesBaseUri;
36 |
37 | @Autowired
38 | @Qualifier("messagingAppRestTemplate")
39 | private OAuth2RestTemplate messagingAppRestTemplate;
40 |
41 | @RequestMapping(method = RequestMethod.GET)
42 | public String root() {
43 | return "redirect:/messaging/index";
44 | }
45 |
46 | @RequestMapping("/index")
47 | @ResponseBody
48 | public String[] index() {
49 | String[] messages = messagingAppRestTemplate.getForObject(messagesBaseUri, String[].class);
50 |
51 | return messages;
52 | }
53 |
54 | }
--------------------------------------------------------------------------------
/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | server:
2 | port: 8080
3 | url: http://localhost:${server.port}
4 |
5 | logging:
6 | level:
7 | root: WARN
8 | org.springframework.web: INFO
9 | org.springframework.security: INFO
10 | org.springframework.security.oauth2: INFO
11 |
12 | spring:
13 | thymeleaf:
14 | cache: false
15 |
16 | security:
17 | oauth2:
18 | client:
19 | messaging-app-client:
20 | client-id: messaging-app-client
21 | client-secret: secret
22 | user-authorization-uri: ${server.url}/oauth/authorize
23 | access-token-uri: ${server.url}/oauth/token
24 | scope: message.read, message.write
25 | pre-established-redirect-uri: ${server.url}/messaging
26 |
27 | messages:
28 | base-uri: ${server.url}/messages
29 |
--------------------------------------------------------------------------------
/src/main/resources/static/css/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | font-family: sans;
3 | font-size: 1em;
4 | }
5 |
6 | p.error {
7 | font-weight: bold;
8 | color: red;
9 | }
10 |
11 | div.logout {
12 | float: right;
13 | }
--------------------------------------------------------------------------------
/src/main/resources/templates/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Hello Spring Security
5 |
6 |
7 |
8 |
9 |
10 | Logged in user:
|
11 | Roles:
12 |
13 |
16 |
17 |
Hello Spring Security
19 | This is an unsecured page, but you can access the secured pages after authenticating.
20 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/src/main/resources/templates/login.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Login page
5 |
6 |
7 |
8 |
9 | Login page
10 | Example user: user / password
11 | Wrong user or password
12 |
19 | Back to home page
20 |
21 |
22 |
--------------------------------------------------------------------------------
/src/main/resources/templates/user/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Hello Spring Security
5 |
6 |
7 |
8 |
9 |
10 | This is a secured page!
11 | Back to home page
12 |
13 |
14 |
--------------------------------------------------------------------------------
/src/test/java/org/springframework/security/oauth/samples/SampleApplicationTests.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2012-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.security.oauth.samples;
17 |
18 | import org.junit.Before;
19 | import org.junit.Test;
20 | import org.junit.runner.RunWith;
21 | import org.springframework.beans.factory.annotation.Autowired;
22 | import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
23 | import org.springframework.boot.test.context.SpringBootTest;
24 | import org.springframework.mock.web.MockHttpSession;
25 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
26 | import org.springframework.test.web.servlet.MockMvc;
27 | import org.springframework.test.web.servlet.MvcResult;
28 | import org.springframework.web.context.WebApplicationContext;
29 |
30 | import static org.assertj.core.api.Assertions.assertThat;
31 | import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
32 | import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
33 | import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
34 | import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
35 | import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
36 | import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
37 | import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
38 |
39 | /**
40 | *
41 | * @author Joe Grandja
42 | */
43 | @RunWith(SpringJUnit4ClassRunner.class)
44 | @SpringBootTest(classes = SampleApplication.class)
45 | @AutoConfigureMockMvc
46 | public class SampleApplicationTests {
47 |
48 | @Autowired
49 | private WebApplicationContext context;
50 |
51 | @Autowired
52 | MockMvc mockMvc;
53 |
54 | @Before
55 | public void setup() {
56 | }
57 |
58 | @Test
59 | public void accessUnprotected() throws Exception {
60 | this.mockMvc.perform(get("/index"))
61 | .andExpect(status().isOk());
62 | }
63 |
64 | @Test
65 | public void accessProtectedRedirectsToLogin() throws Exception {
66 | MvcResult mvcResult = this.mockMvc.perform(get("/user/index"))
67 | .andExpect(status().is3xxRedirection())
68 | .andReturn();
69 |
70 | assertThat(mvcResult.getResponse().getRedirectedUrl()).endsWith("/login");
71 | }
72 |
73 | @Test
74 | public void loginUser() throws Exception {
75 | this.mockMvc.perform(formLogin().user("user").password("password"))
76 | .andExpect(authenticated());
77 | }
78 |
79 | @Test
80 | public void loginInvalidUser() throws Exception {
81 | this.mockMvc.perform(formLogin().user("invalid").password("invalid"))
82 | .andExpect(unauthenticated())
83 | .andExpect(status().is3xxRedirection());
84 | }
85 |
86 | @Test
87 | public void loginUserAccessProtected() throws Exception {
88 | MvcResult mvcResult = this.mockMvc.perform(formLogin().user("user").password("password"))
89 | .andExpect(authenticated())
90 | .andReturn();
91 |
92 | MockHttpSession httpSession = MockHttpSession.class.cast(mvcResult.getRequest().getSession(false));
93 |
94 | this.mockMvc.perform(get("/user/index")
95 | .session(httpSession))
96 | .andExpect(status().isOk());
97 | }
98 |
99 | @Test
100 | public void loginUserValidateLogout() throws Exception {
101 | MvcResult mvcResult = this.mockMvc.perform(formLogin().user("user").password("password"))
102 | .andExpect(authenticated())
103 | .andReturn();
104 |
105 | MockHttpSession httpSession = MockHttpSession.class.cast(mvcResult.getRequest().getSession(false));
106 |
107 | this.mockMvc.perform(post("/logout").with(csrf())
108 | .session(httpSession))
109 | .andExpect(unauthenticated());
110 |
111 | this.mockMvc.perform(get("/user/index")
112 | .session(httpSession))
113 | .andExpect(unauthenticated())
114 | .andExpect(status().is3xxRedirection());
115 | }
116 | }
117 |
--------------------------------------------------------------------------------