oktadev · mraible · Jan 23, 2018 · Jan 23, 2018 · Jan 23, 2018 · Jan 23, 2018
diff --git a/beer-catalog-service/pom.xml b/beer-catalog-service/pom.xml
@@ -24,24 +24,9 @@
         <java.version>1.8</java.version>
         <spring-cloud.version>Dalston.RELEASE</spring-cloud.version>
         <bouncycastle.version>1.56</bouncycastle.version>
-        <juiser.version>1.0.0</juiser.version>
     </properties>
 
     <dependencies>
-        <dependency>
-            <!-- To handle the X-Forwarded-User header: -->
-            <groupId>org.juiser</groupId>
-            <artifactId>juiser-spring-boot-starter</artifactId>
-            <version>${juiser.version}</version>
-        </dependency>
-        <dependency>
-            <!-- So juiser can read *.pem public key files to verify the signature of the JWT in the
-                 X-Forwarded-User header: -->
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcpkix-jdk15on</artifactId>
-            <version>${bouncycastle.version}</version>
-            <scope>runtime</scope>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
@@ -54,6 +39,14 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-web</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>

diff --git a/beer-catalog-service/src/main/java/com/example/HomeController.java b/beer-catalog-service/src/main/java/com/example/HomeController.java
@@ -1,21 +1,24 @@
 package com.example;
 
-import org.juiser.model.User;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 
+import java.security.Principal;
+import java.util.Map;
+
 @Controller
 public class HomeController {
 
-    private final User user;
-
-    public HomeController(User user) {
-        this.user = user;
+    public HomeController() {
     }
 
     @GetMapping("/home")
-    public String howdy(Model model) {
+    @SuppressWarnings("unchecked")
+    public String howdy(Model model, Principal principal) {
+        OAuth2Authentication authentication = (OAuth2Authentication) principal;
+        Map<String, Object> user = (Map<String, Object>) authentication.getUserAuthentication().getDetails();
         model.addAttribute("user", user);
         return "home";
     }

diff --git a/beer-catalog-service/src/main/java/com/example/ResourceServerConfig.java b/beer-catalog-service/src/main/java/com/example/ResourceServerConfig.java
@@ -0,0 +1,20 @@
+package com.example;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
+
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http
+            .requestMatcher(new RequestHeaderRequestMatcher("Authorization"))
+            .authorizeRequests().anyRequest().fullyAuthenticated();
+    }
+
+}
diff --git a/beer-catalog-service/src/main/resources/application.properties b/beer-catalog-service/src/main/resources/application.properties
@@ -1,3 +1,12 @@
 spring.application.name=beer-catalog-service
-server.use-forward-headers=true
-juiser.header.jwt.key.resource=classpath:rsatest.pub.pem
+
+security.basic.enabled=false
+security.oauth2.client.access-token-uri=http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/token
+security.oauth2.client.user-authorization-uri=http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/auth
+security.oauth2.client.client-id=web_app
+security.oauth2.client.client-secret=web_app
+security.oauth2.client.scope=openid profile email
+security.oauth2.resource.filter-order=3
+security.oauth2.resource.user-info-uri=http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/userinfo
+security.oauth2.resource.token-info-uri=http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/token/introspect
+security.oauth2.resource.prefer-token-info=false
diff --git a/beer-catalog-service/src/main/resources/logback-spring.xml b/beer-catalog-service/src/main/resources/logback-spring.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration scan="true">
+    <include resource="org/springframework/boot/logging/logback/base.xml"/>
+
+    <logger name="org.springframework" level="WARN"/>
+    <logger name="org.springframework.web" level="WARN"/>
+    <logger name="org.springframework.security" level="WARN"/>
+
+    <!-- https://logback.qos.ch/manual/configuration.html#shutdownHook and https://jira.qos.ch/browse/LOGBACK-1090 -->
+    <shutdownHook class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
+
+    <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator">
+        <resetJUL>true</resetJUL>
+    </contextListener>
+
+</configuration>
diff --git a/beer-catalog-service/src/main/resources/rsatest.pub.pem b/beer-catalog-service/src/main/resources/rsatest.pub.pem
diff --git a/beer-catalog-service/src/main/resources/templates/home.html b/beer-catalog-service/src/main/resources/templates/home.html
@@ -31,11 +31,11 @@
     </style>
 </head>
 <body>
-<h1>Hello<span th:if="${user.authenticated}" th:text="' ' + ${user.givenName}"> Joe</span>!</h1>
-<div th:unless="${user.authenticated}">
+<h1>Hello<span th:if="${user}" th:text="' ' + ${user.name}"> Joe</span>!</h1>
+<div th:unless="${user}">
     <a th:href="@{/login}">Login</a>
 </div>
-<div th:if="${user.authenticated}">
+<div th:if="${user}">
     <form id="logoutForm" th:action="@{/logout}" method="post">
         <input type="submit" value="Logout"/>
     </form>
@@ -51,92 +51,32 @@ <h2>User Properties</h2>
     </thead>
     <tbody>
     <tr>
-        <td>anonymous</td>
-        <td th:text="${user.anonymous}"></td>
-    </tr>
-    <tr>
-        <td>authenticated</td>
-        <td th:text="${user.authenticated}"></td>
-    </tr>
-    <tr>
-        <td>href</td>
-        <td th:text="${user.href}"></td>
-    </tr>
-    <tr>
-        <td>id</td>
-        <td th:text="${user.id}"></td>
+        <td>sub</td>
+        <td th:text="${user.sub}"></td>
     </tr>
     <tr>
         <td>name</td>
         <td th:text="${user.name}"></td>
     </tr>
     <tr>
-        <td>givenName</td>
-        <td th:text="${user.givenName}"></td>
-    </tr>
-    <tr>
-        <td>middleName</td>
-        <td th:text="${user.middleName}"></td>
-    </tr>
-    <tr>
-        <td>familyName</td>
-        <td th:text="${user.familyName}"></td>
-    </tr>
-    <tr>
-        <td>nickname</td>
-        <td th:text="${user.nickname}"></td>
-    </tr>
-    <tr>
-        <td>username</td>
-        <td th:text="${user.username}"></td>
-    </tr>
-    <tr>
-        <td>profile</td>
-        <td th:text="${user.profile}"></td>
+        <td>given_name</td>
+        <td th:text="${user.given_name}"></td>
     </tr>
     <tr>
-        <td>picture</td>
-        <td th:text="${user.picture}"></td>
+        <td>family_name</td>
+        <td th:text="${user.family_name}"></td>
     </tr>
     <tr>
-        <td>website</td>
-        <td th:text="${user.website}"></td>
+        <td>preferred_username</td>
+        <td th:text="${user.preferred_username}"></td>
     </tr>
     <tr>
         <td>email</td>
         <td th:text="${user.email}"></td>
     </tr>
     <tr>
-        <td>emailVerified</td>
-        <td th:text="${user.emailVerified}"></td>
-    </tr>
-    <tr>
-        <td>gender</td>
-        <td th:text="${user.gender}"></td>
-    </tr>
-    <tr>
-        <td>birthdate</td>
-        <td th:text="${user.birthdate}"></td>
-    </tr>
-    <tr>
-        <td>zoneInfo</td>
-        <td th:text="${user.zoneInfo}"></td>
-    </tr>
-    <tr>
-        <td>phoneNumber</td>
-        <td th:text="${user.phone}"></td>
-    </tr>
-    <tr>
-        <td>phoneNumberVerified</td>
-        <td th:text="${user.phoneNumberVerified}"></td>
-    </tr>
-    <tr>
-        <td>createdAt</td>
-        <td th:text="${user.createdAt}"></td>
-    </tr>
-    <tr>
-        <td>updatedAt</td>
-        <td th:text="${user.updatedAt}"></td>
+        <td>roles</td>
+        <td th:text="${user.roles}"></td>
     </tr>
     </tbody>
 </table>

diff --git a/client/src/app/shared/okta/okta.service.ts b/client/src/app/shared/okta/okta.service.ts
@@ -8,7 +8,7 @@ export class OktaService {
   constructor() {
     this.widget = new OktaSignIn({
       baseUrl: 'https://dev-158606.oktapreview.com',
-      clientId: 'MjlYvTtFW26gOoOAHKOz',
+      clientId: '0oac1m42hrA5FthoW0h7',
       authParams: {
         issuer: 'default',
         responseType: ['id_token', 'token'],

diff --git a/edge-service/pom.xml b/edge-service/pom.xml
@@ -38,6 +38,18 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-hystrix</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-zuul</artifactId>
@@ -50,21 +62,21 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
             <optional>true</optional>
         </dependency>
-        <dependency>
-            <groupId>com.stormpath.spring</groupId>
-            <artifactId>stormpath-zuul-spring-cloud-starter</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-security</artifactId>
+            <version>1.2.2.BUILD-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>
@@ -76,13 +88,6 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-            <dependency>
-                <groupId>com.stormpath.sdk</groupId>
-                <artifactId>stormpath-bom</artifactId>
-                <version>2.0.4-okta</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
         </dependencies>
     </dependencyManagement>
 

diff --git a/edge-service/src/main/java/com/example/EdgeServiceApplication.java b/edge-service/src/main/java/com/example/EdgeServiceApplication.java
@@ -2,30 +2,38 @@
 
 import com.netflix.hystrix.contrib.javanica.annotation.HystrixCommand;
 import com.netflix.hystrix.contrib.javanica.annotation.HystrixProperty;
-import com.stormpath.sdk.servlet.account.AccountStringResolver;
-import com.stormpath.sdk.servlet.http.Resolver;
 import feign.RequestInterceptor;
 import lombok.Data;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.cloud.netflix.feign.EnableFeignClients;
 import org.springframework.cloud.netflix.feign.FeignClient;
 import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
 import org.springframework.context.annotation.Bean;
+import org.springframework.core.Ordered;
 import org.springframework.hateoas.Resources;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.http.HttpRequest;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.stream.Collectors;
 
 @EnableFeignClients
 @EnableCircuitBreaker
 @EnableDiscoveryClient
 @EnableZuulProxy
+@EnableOAuth2Sso
 @SpringBootApplication
 public class EdgeServiceApplication {
 
@@ -34,9 +42,17 @@ public static void main(String[] args) {
     }
 
     @Bean
-    public RequestInterceptor forwardedAccountRequestInterceptor(
-            @Qualifier("stormpathForwardedAccountHeaderValueResolver") Resolver<String> accountStringResolver) {
-        return new ForwardedAccountRequestInterceptor(accountStringResolver);
+    public FilterRegistrationBean simpleCorsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.setAllowedOrigins(Collections.singletonList("http://localhost:4200"));
+        config.setAllowedMethods(Collections.singletonList("*"));
+        config.setAllowedHeaders(Collections.singletonList("*"));
+        source.registerCorsConfiguration("/**", config);
+        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
+        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return bean;
     }
 }
 
@@ -65,9 +81,7 @@ public Collection<Beer> fallback() {
         return new ArrayList<>();
     }
 
-    @HystrixCommand(fallbackMethod = "fallback", commandProperties = {
-            @HystrixProperty(name="execution.isolation.strategy", value="SEMAPHORE")
-    })
+    @HystrixCommand(fallbackMethod = "fallback")
     @GetMapping("/good-beers")
     @CrossOrigin(origins = "*")
     public Collection<Beer> goodBeers() {