Commit f6a773f6 authored by William Loosman's avatar William Loosman Committed by 陈健

Added discovery.

Updated spring OAuth version.

Changed UserInfo to most minimalistic version.

removed .properties (todo: setup config instructions inside the readme).
parent 36f144ba
...@@ -23,7 +23,7 @@ ...@@ -23,7 +23,7 @@
<dependency> <dependency>
<groupId>org.springframework.security.oauth</groupId> <groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId> <artifactId>spring-security-oauth2</artifactId>
<version>2.0.4.RELEASE</version> <version>2.3.3.RELEASE</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.google.guava</groupId> <groupId>com.google.guava</groupId>
......
package com.github.fromi.openidconnect.security; package com.github.fromi.openidconnect.security;
import static java.util.Arrays.asList; import static org.springframework.security.oauth2.common.AuthenticationScheme.header;
import static org.springframework.security.oauth2.common.AuthenticationScheme.form;
import javax.annotation.Resource; import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
...@@ -13,31 +12,45 @@ import org.springframework.context.annotation.ScopedProxyMode; ...@@ -13,31 +12,45 @@ import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.security.oauth2.client.OAuth2ClientContext; import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations; import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.discovery.ProviderConfiguration;
import org.springframework.security.oauth2.client.discovery.ProviderDiscoveryClient;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails; import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import java.util.Arrays;
@Configuration @Configuration
@EnableOAuth2Client @EnableOAuth2Client
public class OAuth2Client { public class OAuth2Client {
@Value("${google.oauth2.clientId}") @Value("${onegini.oauth2.clientId}")
private String clientId; private String clientId;
@Value("${google.oauth2.clientSecret}") @Value("${onegini.oauth2.clientSecret}")
private String clientSecret; private String clientSecret;
@Value("${onegini.oauth2.issuer}")
private String issuer;
public static ProviderConfiguration providerConfiguration = null;
@Bean @Bean
// TODO retrieve from https://accounts.google.com/.well-known/openid-configuration ?
public OAuth2ProtectedResourceDetails googleOAuth2Details() { public OAuth2ProtectedResourceDetails googleOAuth2Details() {
AuthorizationCodeResourceDetails googleOAuth2Details = new AuthorizationCodeResourceDetails();
googleOAuth2Details.setAuthenticationScheme(form); //Discover endpoints
googleOAuth2Details.setClientAuthenticationScheme(form); ProviderDiscoveryClient dc = new ProviderDiscoveryClient(issuer);
googleOAuth2Details.setClientId(clientId); providerConfiguration = dc.discover();
googleOAuth2Details.setClientSecret(clientSecret);
googleOAuth2Details.setUserAuthorizationUri("https://accounts.google.com/o/oauth2/auth"); //setup OAuth
googleOAuth2Details.setAccessTokenUri("https://www.googleapis.com/oauth2/v3/token"); AuthorizationCodeResourceDetails conf = new AuthorizationCodeResourceDetails();
googleOAuth2Details.setScope(asList("openid")); conf.setAuthenticationScheme(header);
return googleOAuth2Details; conf.setClientAuthenticationScheme(header);
conf.setClientId(clientId);
conf.setClientSecret(clientSecret);
conf.setUserAuthorizationUri(providerConfiguration.getAuthorizationEndpoint().toString());
conf.setAccessTokenUri(providerConfiguration.getTokenEndpoint().toString());
conf.setScope(Arrays.asList("openid", "profile"));
return conf;
} }
@SuppressWarnings("SpringJavaAutowiringInspection") // Provided by Spring Boot @SuppressWarnings("SpringJavaAutowiringInspection") // Provided by Spring Boot
......
package com.github.fromi.openidconnect.security; package com.github.fromi.openidconnect.security;
import static com.github.fromi.openidconnect.security.OAuth2Client.providerConfiguration;
import static java.util.Optional.empty; import static java.util.Optional.empty;
import static org.springframework.security.core.authority.AuthorityUtils.NO_AUTHORITIES; import static org.springframework.security.core.authority.AuthorityUtils.NO_AUTHORITIES;
...@@ -30,7 +31,8 @@ public class OpenIDConnectAuthenticationFilter extends AbstractAuthenticationPro ...@@ -30,7 +31,8 @@ public class OpenIDConnectAuthenticationFilter extends AbstractAuthenticationPro
@Override @Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException { throws AuthenticationException, IOException, ServletException {
final ResponseEntity<UserInfo> userInfoResponseEntity = restTemplate.getForEntity("https://www.googleapis.com/oauth2/v2/userinfo", UserInfo.class); //todo: use id token for user info instead of endpoint
final ResponseEntity<UserInfo> userInfoResponseEntity = restTemplate.getForEntity(providerConfiguration.getUserInfoEndpoint().toString(), UserInfo.class);
return new PreAuthenticatedAuthenticationToken(userInfoResponseEntity.getBody(), empty(), NO_AUTHORITIES); return new PreAuthenticatedAuthenticationToken(userInfoResponseEntity.getBody(), empty(), NO_AUTHORITIES);
} }
} }
package com.github.fromi.openidconnect.security; package com.github.fromi.openidconnect.security;
import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
@JsonIgnoreProperties(ignoreUnknown = true)
public class UserInfo { public class UserInfo {
private final String id; private final String id;
private final String name; private final String name;
private final String givenName; // private final String givenName;
private final String familyName; // private final String familyName;
private final String gender; // private final String locale;
private final String picture; // private final String preferred_username;
private final String link;
@JsonCreator @JsonCreator
public UserInfo(@JsonProperty("id") String id, public UserInfo(@JsonProperty("sub") String id//,
@JsonProperty("name") String name, //@JsonProperty("name") String name,
@JsonProperty("given_name") String givenName, //@JsonProperty("given_name") String givenName,
@JsonProperty("family_name") String familyName, //@JsonProperty("family_name") String familyName,
@JsonProperty("gender") String gender, //@JsonProperty("locale") String locale,
@JsonProperty("picture") String picture, //@JsonProperty("preferred_username") String preferred_username
@JsonProperty("link") String link) { ){
this.id = id; this.id = id;
this.name = name; this.name = id;
this.givenName = givenName; //this.name = name;
this.familyName = familyName; //this.givenName = givenName;
this.gender = gender; //this.familyName = familyName;
this.picture = picture; //this.locale = locale;
this.link = link; //this.preferred_username = preferred_username;
} }
public String getId() { public String getId() {
...@@ -37,23 +38,19 @@ public class UserInfo { ...@@ -37,23 +38,19 @@ public class UserInfo {
return name; return name;
} }
public String getGivenName() { // public String getGivenName() {
return givenName; // return givenName;
} // }
//
public String getFamilyName() { // public String getFamilyName() {
return familyName; // return familyName;
} // }
//
public String getGender() { // public String getLocale() {
return gender; // return locale;
} // }
//
public String getPicture() { // public String getPreferred_username() {
return picture; // return preferred_username;
} // }
public String getLink() {
return link;
}
} }
google.oauth2.clientId=<client_id>
google.oauth2.clientSecret=<client_secret>
\ No newline at end of file
...@@ -46,6 +46,6 @@ public class SecurityIT { ...@@ -46,6 +46,6 @@ public class SecurityIT {
public void loginPageRedirectsToGoogle() { public void loginPageRedirectsToGoogle() {
given().redirects().follow(false).when().get("/login").then() given().redirects().follow(false).when().get("/login").then()
.statusCode(HttpStatus.SC_MOVED_TEMPORARILY) .statusCode(HttpStatus.SC_MOVED_TEMPORARILY)
.header("Location", startsWith("https://accounts.google.com/o/oauth2/auth")); .header("Location", startsWith("https://dev-514378.oktapreview.com/oauth2/default/v1/authorize"));
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment