Manually create config for @EnableOAuth2Sso

Author: Dave Syer

pom.xml

@@ -24,6 +24,11 @@
 </properties>
 
 <dependencies>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-configuration-processor</artifactId>
+<optional>true</optional>
+</dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-actuator</artifactId>

src/main/java/com/example/SocialApplication.java

@@ -25,11 +25,25 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
+import org.springframework.boot.context.embedded.FilterRegistrationBean;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
+import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
@@ -40,9 +54,12 @@
 import org.springframework.web.util.WebUtils;
 
 @SpringBootApplication
-@EnableOAuth2Sso
 @RestController
+@EnableOAuth2Client
 public class SocialApplication extends WebSecurityConfigurerAdapter {
+
+@Autowired
+OAuth2ClientContext oauth2ClientContext;
 
 @RequestMapping("/user")
 public Principal user(Principal principal) {
@@ -56,16 +73,47 @@ protected void configure(HttpSecurity http) throws Exception {
 .authorizeRequests()
 .antMatchers("/", "/login**", "/webjars/**").permitAll()
 .anyRequest().authenticated()
+.and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
 .and().logout().logoutSuccessUrl("/").permitAll()
 .and().csrf().csrfTokenRepository(csrfTokenRepository())
-.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
+.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
+.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
 // @formatter:on
 }
 
 public static void main(String[] args) {
 SpringApplication.run(SocialApplication.class, args);
 }
 
+@Bean
+public FilterRegistrationBean oauth2ClientFilterRegistration(
+OAuth2ClientContextFilter filter) {
+FilterRegistrationBean registration = new FilterRegistrationBean();
+registration.setFilter(filter);
+registration.setOrder(-100);
+return registration;
+}
+
+private Filter ssoFilter() {
+OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/facebook");
+OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
+facebookFilter.setRestTemplate(facebookTemplate);
+facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
+return facebookFilter;
+}
+
+@Bean
+@ConfigurationProperties("facebook.client")
+OAuth2ProtectedResourceDetails facebook() {
+return new AuthorizationCodeResourceDetails();
+}
+
+@Bean
+@ConfigurationProperties("facebook.resource")
+ResourceServerProperties facebookResource() {
+return new ResourceServerProperties();
+}
+
 private Filter csrfHeaderFilter() {
 return new OncePerRequestFilter() {
 @Override

src/main/resources/application.yml

@@ -1,15 +1,14 @@
-security:
- oauth2:
- client:
- clientId: 233668646673605
- clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
- accessTokenUri: https://graph.facebook.com/oauth/access_token
- userAuthorizationUri: https://www.facebook.com/dialog/oauth
- tokenName: oauth_token
- authenticationScheme: query
- clientAuthenticationScheme: form
- resource:
- userInfoUri: https://graph.facebook.com/me
+facebook:
+ client:
+ clientId: 233668646673605
+ clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
+ accessTokenUri: https://graph.facebook.com/oauth/access_token
+ userAuthorizationUri: https://www.facebook.com/dialog/oauth
+ tokenName: oauth_token
+ authenticationScheme: query
+ clientAuthenticationScheme: form
+ resource:
+ userInfoUri: https://graph.facebook.com/me
 
 logging:
  level:

src/main/resources/static/index.html

@@ -16,7 +16,9 @@
 <body ng-app="app" ng-controller="home as home">
 <h1>Login</h1>
 <div class="container" ng-show="!home.authenticated">
-With Facebook: <a href="/login">click here</a>
+<div>
+With Facebook: <a href="/login/facebook">click here</a>
+</div>
 </div>
 <div class="container" ng-show="home.authenticated">
 Logged in as: <span ng-bind="home.user"></span>