Merge federated-identity-authorizationserver into featured-authorizat…

…ionserver

Issue gh-1189

samples/featured-authorizationserver/samples-featured-authorizationserver.gradle

@@ -17,8 +17,12 @@ dependencies {
 	implementation "org.springframework.boot:spring-boot-starter-web"
 	implementation "org.springframework.boot:spring-boot-starter-thymeleaf"
 	implementation "org.springframework.boot:spring-boot-starter-security"
+	implementation "org.springframework.boot:spring-boot-starter-oauth2-client"
 	implementation "org.springframework.boot:spring-boot-starter-jdbc"
 	implementation project(":spring-security-oauth2-authorization-server")
+	implementation "org.webjars:webjars-locator-core"
+	implementation "org.webjars:bootstrap:3.4.1"
+	implementation "org.webjars:jquery:3.4.1"
 	runtimeOnly "com.h2database:h2"
 
 	testImplementation "org.springframework.boot:spring-boot-starter-test"

samples/featured-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java

@@ -22,6 +22,8 @@
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import sample.jose.Jwks;
+import sample.security.FederatedIdentityConfigurer;
+import sample.security.FederatedIdentityIdTokenCustomizer;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -48,12 +50,15 @@
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 
 /**
  * @author Joe Grandja
  * @author Daniel Garnier-Moiroux
+ * @author Steve Riesenberg
  * @since 1.1.0
  */
 @Configuration(proxyBeanMethods = false)
@@ -75,7 +80,8 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h
 				exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
 			)
 			.oauth2ResourceServer(oauth2ResourceServer ->
-				oauth2ResourceServer.jwt(Customizer.withDefaults()));
+				oauth2ResourceServer.jwt(Customizer.withDefaults()))
+			.apply(new FederatedIdentityConfigurer());
 		// @formatter:on
 		return http.build();
 	}
@@ -121,6 +127,11 @@ public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplat
 		return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository);
 	}
 
+	@Bean
+	public OAuth2TokenCustomizer<JwtEncodingContext> idTokenCustomizer() {
+		return new FederatedIdentityIdTokenCustomizer();
+	}
+
 	@Bean
 	public JWKSource<SecurityContext> jwkSource() {
 		RSAKey rsaKey = Jwks.generateRsa();

samples/featured-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java

@@ -15,6 +15,9 @@
  */
 package sample.config;
 
+import sample.security.FederatedIdentityConfigurer;
+import sample.security.UserRepositoryOAuth2UserHandler;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -32,6 +35,7 @@
 
 /**
  * @author Joe Grandja
+ * @author Steve Riesenberg
  * @since 1.1.0
  */
 @EnableWebSecurity
@@ -41,11 +45,17 @@ public class DefaultSecurityConfig {
 	// @formatter:off
 	@Bean
 	public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
+		FederatedIdentityConfigurer federatedIdentityConfigurer = new FederatedIdentityConfigurer()
+				.oauth2UserHandler(new UserRepositoryOAuth2UserHandler());
+
 		http
 			.authorizeHttpRequests(authorize ->
-				authorize.anyRequest().authenticated()
+				authorize
+					.requestMatchers("/assets/**", "/webjars/**", "/login").permitAll()
+					.anyRequest().authenticated()
 			)
-			.formLogin(withDefaults());
+			.formLogin(withDefaults())
+			.apply(federatedIdentityConfigurer);
 		return http.build();
 	}
 	// @formatter:on

samples/federated-identity-authorizationserver/src/main/java/sample/security/FederatedIdentityAuthenticationEntryPoint.java → samples/featured-authorizationserver/src/main/java/sample/security/FederatedIdentityAuthenticationEntryPoint.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,7 +38,7 @@
  * {@code registrationId} of the desired {@link ClientRegistration}.
  *
  * @author Steve Riesenberg
- * @since 0.2.3
+ * @since 1.1.0
  */
 public final class FederatedIdentityAuthenticationEntryPoint implements AuthenticationEntryPoint {
 

samples/federated-identity-authorizationserver/src/main/java/sample/security/FederatedIdentityAuthenticationSuccessHandler.java → samples/featured-authorizationserver/src/main/java/sample/security/FederatedIdentityAuthenticationSuccessHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@
  * {@link OAuth2User} for Federated Account Linking or JIT Account Provisioning.
  *
  * @author Steve Riesenberg
- * @since 0.2.3
+ * @since 1.1.0
  */
 public final class FederatedIdentityAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
 

samples/federated-identity-authorizationserver/src/main/java/sample/security/FederatedIdentityConfigurer.java → samples/featured-authorizationserver/src/main/java/sample/security/FederatedIdentityConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@
  * A configurer for setting up Federated Identity Management.
  *
  * @author Steve Riesenberg
- * @since 0.2.3
+ * @since 1.1.0
  */
 public final class FederatedIdentityConfigurer extends AbstractHttpConfigurer<FederatedIdentityConfigurer, HttpSecurity> {
 

samples/federated-identity-authorizationserver/src/main/java/sample/security/FederatedIdentityIdTokenCustomizer.java → samples/featured-authorizationserver/src/main/java/sample/security/FederatedIdentityIdTokenCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@
  * the {@code id_token} produced by this authorization server.
  *
  * @author Steve Riesenberg
- * @since 0.2.3
+ * @since 1.1.0
  */
 public final class FederatedIdentityIdTokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
 

samples/federated-identity-authorizationserver/src/main/java/sample/security/UserRepositoryOAuth2UserHandler.java → samples/featured-authorizationserver/src/main/java/sample/security/UserRepositoryOAuth2UserHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@
  * Example {@link Consumer} to perform JIT provisioning of an {@link OAuth2User}.
  *
  * @author Steve Riesenberg
- * @since 0.2.3
+ * @since 1.1.0
  */
 public final class UserRepositoryOAuth2UserHandler implements Consumer<OAuth2User> {
 

samples/federated-identity-authorizationserver/src/main/java/sample/web/LoginController.java → samples/featured-authorizationserver/src/main/java/sample/web/LoginController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,7 +20,7 @@
 
 /**
  * @author Steve Riesenberg
- * @since 0.2.3
+ * @since 1.1.0
  */
 @Controller
 public class LoginController {

samples/featured-authorizationserver/src/main/resources/application.yml

@@ -1,6 +1,29 @@
 server:
   port: 9000
 
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          google-idp:
+            provider: google
+            client-id: ${GOOGLE_CLIENT_ID:google-client-id}
+            client-secret: ${GOOGLE_CLIENT_SECRET:google-client-secret}
+            scope: openid, https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/userinfo.email
+            client-name: Sign in with Google
+          github-idp:
+            provider: github
+            client-id: ${GITHUB_CLIENT_ID:github-client-id}
+            client-secret: ${GITHUB_CLIENT_SECRET:github-client-secret}
+            scope: user:email, read:user
+            client-name: Sign in with GitHub
+        provider:
+          google:
+            user-name-attribute: email
+          github:
+            user-name-attribute: login
+
 logging:
   level:
     root: INFO