AlvaWymer
diff --git a/‎auth-server/src/main/java/com/example/SocialApplication.java‎
Lines changed: 14 additions & 62 deletions b/‎auth-server/src/main/java/com/example/SocialApplication.java‎
Lines changed: 14 additions & 62 deletions
diff --git a/‎custom-error/README.adoc‎
Lines changed: 12 additions & 0 deletions b/‎custom-error/README.adoc‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎github/src/main/java/com/example/SocialApplication.java‎
Lines changed: 16 additions & 64 deletions b/‎github/src/main/java/com/example/SocialApplication.java‎
Lines changed: 16 additions & 64 deletions
diff --git a/‎logout/README.adoc‎
Lines changed: 1 addition & 40 deletions b/‎logout/README.adoc‎
Lines changed: 1 addition & 40 deletions
@@ -15,19 +15,13 @@
  */
 package com.example;
 
-import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
 import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
@@ -53,15 +47,10 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import org.springframework.security.web.csrf.CsrfFilter;
-import org.springframework.security.web.csrf.CsrfToken;
-import org.springframework.security.web.csrf.CsrfTokenRepository;
-import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.filter.CompositeFilter;
-import org.springframework.web.filter.OncePerRequestFilter;
-import org.springframework.web.util.WebUtils;
 
 @SpringBootApplication
 @RestController
@@ -82,29 +71,23 @@ public Map<String, String> user(Principal principal) {
 
 @Override
 protected void configure(HttpSecurity http) throws Exception {
-// @formatter:off
-http.antMatcher("/**")
-.authorizeRequests()
-.antMatchers("/", "/login**", "/webjars/**").permitAll()
-.anyRequest().authenticated()
-.and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
-.and().logout().logoutSuccessUrl("/").permitAll()
-.and().csrf().csrfTokenRepository(csrfTokenRepository())
-.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
-.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
+// @formatter:off
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+.authenticated().and().exceptionHandling()
+.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
+.logoutSuccessUrl("/").permitAll().and().csrf()
+.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
+.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
 // @formatter:on
 }
 
 @Configuration
 @EnableResourceServer
-protected static class ResourceServerConfiguration
-extends ResourceServerConfigurerAdapter {
+protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
 @Override
 public void configure(HttpSecurity http) throws Exception {
 // @formatter:off
-http
-.antMatcher("/me")
-.authorizeRequests().anyRequest().authenticated();
+http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
 // @formatter:on
 }
 }
@@ -114,8 +97,7 @@ public static void main(String[] args) {
 }
 
 @Bean
-public FilterRegistrationBean oauth2ClientFilterRegistration(
-OAuth2ClientContextFilter filter) {
+public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
 FilterRegistrationBean registration = new FilterRegistrationBean();
 registration.setFilter(filter);
 registration.setOrder(-100);
@@ -146,43 +128,13 @@ private Filter ssoFilter() {
 private Filter ssoFilter(ClientResources client, String path) {
 OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter(
 path);
-OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(client.getClient(),
-oauth2ClientContext);
+OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
 facebookFilter.setRestTemplate(facebookTemplate);
-facebookFilter.setTokenServices(new UserInfoTokenServices(
-client.getResource().getUserInfoUri(), client.getClient().getClientId()));
+facebookFilter.setTokenServices(
+new UserInfoTokenServices(client.getResource().getUserInfoUri(), client.getClient().getClientId()));
 return facebookFilter;
 }
 
-private Filter csrfHeaderFilter() {
-return new OncePerRequestFilter() {
-@Override
-protected void doFilterInternal(HttpServletRequest request,
-HttpServletResponse response, FilterChain filterChain)
-throws ServletException, IOException {
-CsrfToken csrf = (CsrfToken) request
-.getAttribute(CsrfToken.class.getName());
-if (csrf != null) {
-Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
-String token = csrf.getToken();
-if (cookie == null
-|| token != null && !token.equals(cookie.getValue())) {
-cookie = new Cookie("XSRF-TOKEN", token);
-cookie.setPath("/");
-response.addCookie(cookie);
-}
-}
-filterChain.doFilter(request, response);
-}
-};
-}
-
-private CsrfTokenRepository csrfTokenRepository() {
-HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
-repository.setHeaderName("X-XSRF-TOKEN");
-return repository;
-}
-
 }
 
 class ClientResources {
 
@@ -153,6 +153,18 @@ authenticate successfully and you are not in the Spring Engineering
 team. If there is no match, we throw `BadCredentialsException` and
 this is picked up by Spring Security and turned in to a 401 response.
 
+The `OAuth2RestOperations` has to be created as a bean as well (as of
+Spring Boot 1.4), but that's trivial because its ingredients are all
+autowirable by virtue of having used `@EnableOAuth2Sso`:
+
+[source,java,indent=0]
+----
+@Bean
+public OAuth2RestTemplate oauth2RestTemplate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context) {
+return new OAuth2RestTemplate(resource, context);
+}
+----
+
 TIP: Obviously the code above can be generalized to other
 authentication rules, some applicable to Github and some to other
 OAuth2 providers. All you need is the `OAuth2RestOperations` and some
 
@@ -15,19 +15,13 @@
  */
 package com.example;
 
-import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
 import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
@@ -53,15 +47,10 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import org.springframework.security.web.csrf.CsrfFilter;
-import org.springframework.security.web.csrf.CsrfToken;
-import org.springframework.security.web.csrf.CsrfTokenRepository;
-import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.filter.CompositeFilter;
-import org.springframework.web.filter.OncePerRequestFilter;
-import org.springframework.web.util.WebUtils;
 
 @SpringBootApplication
 @RestController
@@ -82,29 +71,23 @@ public Map<String, String> user(Principal principal) {
 
 @Override
 protected void configure(HttpSecurity http) throws Exception {
-// @formatter:off
-http.antMatcher("/**")
-.authorizeRequests()
-.antMatchers("/", "/login**", "/webjars/**").permitAll()
-.anyRequest().authenticated()
-.and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
-.and().logout().logoutSuccessUrl("/").permitAll()
-.and().csrf().csrfTokenRepository(csrfTokenRepository())
-.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
-.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
+// @formatter:off
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+.authenticated().and().exceptionHandling()
+.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
+.logoutSuccessUrl("/").permitAll().and().csrf()
+.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
+.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
 // @formatter:on
 }
 
 @Configuration
 @EnableResourceServer
-protected static class ResourceServerConfiguration
-extends ResourceServerConfigurerAdapter {
+protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
 @Override
 public void configure(HttpSecurity http) throws Exception {
 // @formatter:off
-http
-.antMatcher("/me")
-.authorizeRequests().anyRequest().authenticated();
+http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
 // @formatter:on
 }
 }
@@ -114,8 +97,7 @@ public static void main(String[] args) {
 }
 
 @Bean
-public FilterRegistrationBean oauth2ClientFilterRegistration(
-OAuth2ClientContextFilter filter) {
+public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
 FilterRegistrationBean registration = new FilterRegistrationBean();
 registration.setFilter(filter);
 registration.setOrder(-100);
@@ -144,47 +126,17 @@ private Filter ssoFilter() {
 }
 
 private Filter ssoFilter(ClientResources client, String path) {
-OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter =
-new OAuth2ClientAuthenticationProcessingFilter(path);
-OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(),
-oauth2ClientContext);
+OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
+path);
+OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
 oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
-UserInfoTokenServices tokenServices = new UserInfoTokenServices(
-client.getResource().getUserInfoUri(), client.getClient().getClientId());
+UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
+client.getClient().getClientId());
 tokenServices.setRestTemplate(oAuth2RestTemplate);
 oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
 return oAuth2ClientAuthenticationFilter;
 }
 
-private Filter csrfHeaderFilter() {
-return new OncePerRequestFilter() {
-@Override
-protected void doFilterInternal(HttpServletRequest request,
-HttpServletResponse response, FilterChain filterChain)
-throws ServletException, IOException {
-CsrfToken csrf = (CsrfToken) request
-.getAttribute(CsrfToken.class.getName());
-if (csrf != null) {
-Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
-String token = csrf.getToken();
-if (cookie == null
-|| token != null && !token.equals(cookie.getValue())) {
-cookie = new Cookie("XSRF-TOKEN", token);
-cookie.setPath("/");
-response.addCookie(cookie);
-}
-}
-filterChain.doFilter(request, response);
-}
-};
-}
-
-private CsrfTokenRepository csrfTokenRepository() {
-HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
-repository.setHeaderName("X-XSRF-TOKEN");
-return repository;
-}
-
 }
 
 class ClientResources {
 
@@ -92,46 +92,7 @@ header name. In the `WebSecurityConfigurer`:
 protected void configure(HttpSecurity http) throws Exception {
  http.antMatcher("/**")
  ... // existing code here
- .and().csrf().csrfTokenRepository(csrfTokenRepository())
- .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
-}
-----
-
-where the `csrfHeaderFilter()` is a custom filter:
-
-.SocialApplication.java
-[source,java]
-----
-private Filter csrfHeaderFilter() {
- return new OncePerRequestFilter() {
- @Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
- FilterChain filterChain) throws ServletException, IOException {
- CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
- if (csrf != null) {
- Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
- String token = csrf.getToken();
- if (cookie == null || token != null && !token.equals(cookie.getValue())) {
- cookie = new Cookie("XSRF-TOKEN", token);
- cookie.setPath("/");
- response.addCookie(cookie);
- }
- }
- filterChain.doFilter(request, response);
- }
- };
-}
-----
-
-and the `csrfTokenRepository()` is defined here:
-
-.SocialApplication.java
-[source,java]
-----
-private CsrfTokenRepository csrfTokenRepository() {
- HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
- repository.setHeaderName("X-XSRF-TOKEN");
- return repository;
+ .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
 }
 ----