├── README.md
├── build.gradle
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
└── src
└── main
├── java
└── sample
│ ├── OAuth2LoginApplication.java
│ └── web
│ └── MainController.java
└── resources
├── application.yml
└── templates
├── index.html
└── userinfo.html
/README.md:
--------------------------------------------------------------------------------
1 | # OAuth 2.0 Login Demo
2 |
3 | ## Login
4 | Branch: **demo-1**
5 | 1. Google Login (Spring Boot 2.0 complete configuration)
6 | 2. Google Login (Spring Boot 2.0 minimal configuration)
7 | 3. GitHub Login (Spring Boot 2.0 minimal configuration)
8 | 4. Google Login (Java configuration)
9 |
10 | ## Mapping User Authorities
11 | Branch: **demo-2**
12 | 1. Mapping Authorities for an Okta User
13 |
14 | ## Using the Access Token
15 | Branch: **demo-3**
16 | 1. Requesting the **UserInfo** Resource
17 |
--------------------------------------------------------------------------------
/build.gradle:
--------------------------------------------------------------------------------
1 | buildscript {
2 | repositories {
3 | maven { url 'https://repo.spring.io/libs-milestone' }
4 | }
5 | dependencies {
6 | classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.0.0.M7'
7 | }
8 | }
9 |
10 | group = 'org.springframework.security.samples'
11 | version = '1.0-SNAPSHOT'
12 |
13 | apply plugin: 'java'
14 | apply plugin: 'org.springframework.boot'
15 | apply plugin: 'io.spring.dependency-management'
16 |
17 | sourceCompatibility = 1.8
18 | targetCompatibility = 1.8
19 |
20 | repositories {
21 | maven { url "https://repo.spring.io/libs-milestone" }
22 | mavenCentral()
23 | }
24 |
25 | dependencies {
26 | compile "org.springframework.boot:spring-boot-starter-web",
27 | "org.springframework.boot:spring-boot-starter-thymeleaf",
28 | "org.springframework.boot:spring-boot-starter-security",
29 | "org.springframework.security:spring-security-oauth2-client",
30 | "org.springframework.security:spring-security-oauth2-jose",
31 | "org.thymeleaf.extras:thymeleaf-extras-springsecurity4",
32 | "org.springframework:spring-webflux",
33 | "io.projectreactor.ipc:reactor-netty"
34 |
35 | testCompile "org.springframework.boot:spring-boot-starter-test",
36 | "org.springframework.security:spring-security-test",
37 | "net.sourceforge.htmlunit:htmlunit",
38 | "junit:junit",
39 | "org.assertj:assertj-core"
40 | }
41 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jgrandja/springone2017-demo/a5f9eaeed7b20f080c73537c26669ba3d459ddbb/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Thu Nov 23 15:22:27 EST 2017
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.2.1-all.zip
7 |
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | ##############################################################################
4 | ##
5 | ## Gradle start up script for UN*X
6 | ##
7 | ##############################################################################
8 |
9 | # Attempt to set APP_HOME
10 | # Resolve links: $0 may be a link
11 | PRG="$0"
12 | # Need this for relative symlinks.
13 | while [ -h "$PRG" ] ; do
14 | ls=`ls -ld "$PRG"`
15 | link=`expr "$ls" : '.*-> \(.*\)$'`
16 | if expr "$link" : '/.*' > /dev/null; then
17 | PRG="$link"
18 | else
19 | PRG=`dirname "$PRG"`"/$link"
20 | fi
21 | done
22 | SAVED="`pwd`"
23 | cd "`dirname \"$PRG\"`/" >/dev/null
24 | APP_HOME="`pwd -P`"
25 | cd "$SAVED" >/dev/null
26 |
27 | APP_NAME="Gradle"
28 | APP_BASE_NAME=`basename "$0"`
29 |
30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
31 | DEFAULT_JVM_OPTS=""
32 |
33 | # Use the maximum available, or set MAX_FD != -1 to use that value.
34 | MAX_FD="maximum"
35 |
36 | warn () {
37 | echo "$*"
38 | }
39 |
40 | die () {
41 | echo
42 | echo "$*"
43 | echo
44 | exit 1
45 | }
46 |
47 | # OS specific support (must be 'true' or 'false').
48 | cygwin=false
49 | msys=false
50 | darwin=false
51 | nonstop=false
52 | case "`uname`" in
53 | CYGWIN* )
54 | cygwin=true
55 | ;;
56 | Darwin* )
57 | darwin=true
58 | ;;
59 | MINGW* )
60 | msys=true
61 | ;;
62 | NONSTOP* )
63 | nonstop=true
64 | ;;
65 | esac
66 |
67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
68 |
69 | # Determine the Java command to use to start the JVM.
70 | if [ -n "$JAVA_HOME" ] ; then
71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
72 | # IBM's JDK on AIX uses strange locations for the executables
73 | JAVACMD="$JAVA_HOME/jre/sh/java"
74 | else
75 | JAVACMD="$JAVA_HOME/bin/java"
76 | fi
77 | if [ ! -x "$JAVACMD" ] ; then
78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
79 |
80 | Please set the JAVA_HOME variable in your environment to match the
81 | location of your Java installation."
82 | fi
83 | else
84 | JAVACMD="java"
85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
86 |
87 | Please set the JAVA_HOME variable in your environment to match the
88 | location of your Java installation."
89 | fi
90 |
91 | # Increase the maximum file descriptors if we can.
92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
93 | MAX_FD_LIMIT=`ulimit -H -n`
94 | if [ $? -eq 0 ] ; then
95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
96 | MAX_FD="$MAX_FD_LIMIT"
97 | fi
98 | ulimit -n $MAX_FD
99 | if [ $? -ne 0 ] ; then
100 | warn "Could not set maximum file descriptor limit: $MAX_FD"
101 | fi
102 | else
103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
104 | fi
105 | fi
106 |
107 | # For Darwin, add options to specify how the application appears in the dock
108 | if $darwin; then
109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
110 | fi
111 |
112 | # For Cygwin, switch paths to Windows format before running java
113 | if $cygwin ; then
114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
116 | JAVACMD=`cygpath --unix "$JAVACMD"`
117 |
118 | # We build the pattern for arguments to be converted via cygpath
119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 | SEP=""
121 | for dir in $ROOTDIRSRAW ; do
122 | ROOTDIRS="$ROOTDIRS$SEP$dir"
123 | SEP="|"
124 | done
125 | OURCYGPATTERN="(^($ROOTDIRS))"
126 | # Add a user-defined pattern to the cygpath arguments
127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 | fi
130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 | i=0
132 | for arg in "$@" ; do
133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
135 |
136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 | else
139 | eval `echo args$i`="\"$arg\""
140 | fi
141 | i=$((i+1))
142 | done
143 | case $i in
144 | (0) set -- ;;
145 | (1) set -- "$args0" ;;
146 | (2) set -- "$args0" "$args1" ;;
147 | (3) set -- "$args0" "$args1" "$args2" ;;
148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 | esac
155 | fi
156 |
157 | # Escape application args
158 | save () {
159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
160 | echo " "
161 | }
162 | APP_ARGS=$(save "$@")
163 |
164 | # Collect all arguments for the java command, following the shell quoting and substitution rules
165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
166 |
167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
169 | cd "$(dirname "$0")"
170 | fi
171 |
172 | exec "$JAVACMD" "$@"
173 |
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
1 | @if "%DEBUG%" == "" @echo off
2 | @rem ##########################################################################
3 | @rem
4 | @rem Gradle startup script for Windows
5 | @rem
6 | @rem ##########################################################################
7 |
8 | @rem Set local scope for the variables with windows NT shell
9 | if "%OS%"=="Windows_NT" setlocal
10 |
11 | set DIRNAME=%~dp0
12 | if "%DIRNAME%" == "" set DIRNAME=.
13 | set APP_BASE_NAME=%~n0
14 | set APP_HOME=%DIRNAME%
15 |
16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
17 | set DEFAULT_JVM_OPTS=
18 |
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 |
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 |
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 |
32 | goto fail
33 |
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 |
38 | if exist "%JAVA_EXE%" goto init
39 |
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 |
46 | goto fail
47 |
48 | :init
49 | @rem Get command-line arguments, handling Windows variants
50 |
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 |
53 | :win9xME_args
54 | @rem Slurp the command line arguments.
55 | set CMD_LINE_ARGS=
56 | set _SKIP=2
57 |
58 | :win9xME_args_slurp
59 | if "x%~1" == "x" goto execute
60 |
61 | set CMD_LINE_ARGS=%*
62 |
63 | :execute
64 | @rem Setup the command line
65 |
66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
67 |
68 | @rem Execute Gradle
69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
70 |
71 | :end
72 | @rem End local scope for the variables with windows NT shell
73 | if "%ERRORLEVEL%"=="0" goto mainEnd
74 |
75 | :fail
76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
77 | rem the _cmd.exe /c_ return code!
78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
79 | exit /b 1
80 |
81 | :mainEnd
82 | if "%OS%"=="Windows_NT" endlocal
83 |
84 | :omega
85 |
--------------------------------------------------------------------------------
/src/main/java/sample/OAuth2LoginApplication.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2002-2017 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package sample;
17 |
18 | import org.springframework.boot.SpringApplication;
19 | import org.springframework.boot.autoconfigure.SpringBootApplication;
20 |
21 | /**
22 | * @author Joe Grandja
23 | */
24 | @SpringBootApplication
25 | public class OAuth2LoginApplication {
26 |
27 | public static void main(String[] args) {
28 | SpringApplication.run(OAuth2LoginApplication.class, args);
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/main/java/sample/web/MainController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2002-2017 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package sample.web;
17 |
18 | import org.springframework.beans.factory.annotation.Autowired;
19 | import org.springframework.http.HttpHeaders;
20 | import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
21 | import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
22 | import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
23 | import org.springframework.stereotype.Controller;
24 | import org.springframework.ui.Model;
25 | import org.springframework.util.StringUtils;
26 | import org.springframework.web.bind.annotation.GetMapping;
27 | import org.springframework.web.reactive.function.client.ClientRequest;
28 | import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
29 | import org.springframework.web.reactive.function.client.WebClient;
30 | import reactor.core.publisher.Mono;
31 |
32 | import java.util.Collections;
33 | import java.util.Map;
34 |
35 | /**
36 | * @author Joe Grandja
37 | */
38 | @Controller
39 | public class MainController {
40 |
41 | @Autowired
42 | private OAuth2AuthorizedClientService authorizedClientService;
43 |
44 | @GetMapping("/")
45 | public String index(Model model, OAuth2AuthenticationToken authentication) {
46 | OAuth2AuthorizedClient authorizedClient =
47 | this.authorizedClientService.loadAuthorizedClient(
48 | authentication.getAuthorizedClientRegistrationId(),
49 | authentication.getName());
50 | model.addAttribute("userName", authentication.getName());
51 | model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());
52 | return "index";
53 | }
54 |
55 | @GetMapping("/userinfo")
56 | public String userinfo(Model model, OAuth2AuthenticationToken authentication) {
57 | OAuth2AuthorizedClient authorizedClient =
58 | this.authorizedClientService.loadAuthorizedClient(
59 | authentication.getAuthorizedClientRegistrationId(),
60 | authentication.getName());
61 | Map userAttributes = Collections.emptyMap();
62 | String userInfoEndpointUri = authorizedClient.getClientRegistration()
63 | .getProviderDetails().getUserInfoEndpoint().getUri();
64 | if (!StringUtils.isEmpty(userInfoEndpointUri)) { // userInfoEndpointUri is optional for OIDC Clients
65 | userAttributes = WebClient.builder()
66 | .filter(oauth2Credentials(authorizedClient))
67 | .build()
68 | .get()
69 | .uri(userInfoEndpointUri)
70 | .retrieve()
71 | .bodyToMono(Map.class)
72 | .block();
73 | }
74 | model.addAttribute("userAttributes", userAttributes);
75 | return "userinfo";
76 | }
77 |
78 | private ExchangeFilterFunction oauth2Credentials(OAuth2AuthorizedClient authorizedClient) {
79 | return ExchangeFilterFunction.ofRequestProcessor(
80 | clientRequest -> {
81 | ClientRequest authorizedRequest = ClientRequest.from(clientRequest)
82 | .header(HttpHeaders.AUTHORIZATION, "Bearer " + authorizedClient.getAccessToken().getTokenValue())
83 | .build();
84 | return Mono.just(authorizedRequest);
85 | });
86 | }
87 | }
88 |
--------------------------------------------------------------------------------
/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | server:
2 | port: 8080
3 |
4 | logging:
5 | level:
6 | root: INFO
7 | org.springframework.web: INFO
8 | org.springframework.security: INFO
9 | # org.springframework.boot.autoconfigure: DEBUG
10 |
11 | spring:
12 | thymeleaf:
13 | cache: false
14 | security:
15 | oauth2:
16 | client:
17 | registration:
18 | google:
19 | client-id: your-app-client-id
20 | client-secret: your-app-client-secret
21 |
--------------------------------------------------------------------------------
/src/main/resources/templates/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Spring Security - OAuth 2.0 Login
5 |
6 |
7 |
8 |
9 |
10 | User:
11 |
12 |
13 |
14 |
17 |
18 |
OAuth 2.0 Login with Spring Security
20 |
21 | You are successfully logged in
22 | via the OAuth 2.0 Client
23 |
24 |
25 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/src/main/resources/templates/userinfo.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Spring Security - OAuth 2.0 User Info
5 |
6 |
7 |
8 |
9 | OAuth 2.0 User Info
10 |
11 |
User Attributes:
12 |
17 |