Split out indiviual stages into projects

Author: Dave Syer

README.adoc

@@ -0,0 +1,58 @@
+This project is a sample app showing how to do various things with
+https://tools.ietf.org/html/rfc6749[OAuth2] and
+http://projects.spring.io/spring-boot/[Spring Boot], starting with a
+simple, single-provider single-sign on, and working up to a
+self-hosted OAuth2 Authorization Server with a choice of social
+authentication providers (https://developers.facebook.com[Facebook] or
+https://developer.github.com/[Github]). The samples are all
+single-page apps using Spring Boot and Spring OAuth on the back
+end. They also all use https://angularjs.org/[AngularJS] on the front
+end, but the changes needed to convert to a different JavaScript
+framework or to use server side rendering would be minimal.
+
+There are several samples building on each other adding new features:
+
+* **simple**: a very basic static app with just a home page and
+unconditional login through via Spring Boot's `@EnableOAuth2Sso` (if
+you visit the home page you will be automatically redirected to
+Facebook).
+
+* **click**: adds an explicit link that the user has to click to
+login.
+
+* **logout**: adds a logout link as well for authenticated users.
+
+* **manual**: shows how the `@EnableOAuth2Sso` works by unpicking it
+and configuring all its pieces manually.
+
+* **gitub**: adds a second login provider in Github, so the user can
+choose on the home page which one to use.
+
+* **auth-server**: turns the app into a fully-fledged OAuth2
+Authorization Server, able to issue its own tokens, but still using
+the external OAuth2 providers for authentication.
+
+Each of them can be imported into an IDE and there is a main class
+`SocialApplication` that you can run there to start the apps. They all
+come up with a home page on http://localhost:8080 (and all require
+that you have at least a Facebook account if you want to log in and
+see the content). You can also run all the apps on the command line
+using `mvn spring-boot:run` or by building the jar file and running it
+with `mvn package` and `java -jar ...`. There is no need to install
+Maven if you use the https://github.com/takari/maven-wrapper[wrapper]
+at the top level, e.g.
+
+```
+$ cd simple
+$ ../mvnw package
+$ java -jar target/*.jar
+```
+
+NOTE: The apps all work on `localhost:8080` because they use OAuth2
+clients registered with Facebook and Github for that address. To run
+them on a different host or port, you need to register your own apps
+and put the credentials in the config files. There is no danger of
+leaking your Facebook or Github credentials beyond localhost if you
+use the default values, but be careful what you expose on the
+internet, and don't put your own app registrations in public source
+control.

auth-server/pom.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<modelVersion>4.0.0</modelVersion>
+
+<groupId>com.example</groupId>
+<artifactId>social-auth-server</artifactId>
+<version>0.0.1-SNAPSHOT</version>
+<packaging>jar</packaging>
+
+<name>social-auth-server</name>
+<description>Demo project for Spring Boot</description>
+
+<parent>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-parent</artifactId>
+<version>1.3.0.RELEASE</version>
+<relativePath /> <!-- lookup parent from repository -->
+</parent>
+
+<properties>
+<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+<java.version>1.8</java.version>
+</properties>
+
+<dependencies>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-actuator</artifactId>
+</dependency>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-security</artifactId>
+</dependency>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-web</artifactId>
+</dependency>
+<dependency>
+<groupId>org.springframework.security.oauth</groupId>
+<artifactId>spring-security-oauth2</artifactId>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>angularjs</artifactId>
+<version>1.4.3</version>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>jquery</artifactId>
+<version>2.1.1</version>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>bootstrap</artifactId>
+<version>3.2.0</version>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>webjars-locator</artifactId>
+</dependency>
+
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-test</artifactId>
+<scope>test</scope>
+</dependency>
+</dependencies>
+
+<build>
+<plugins>
+<plugin>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-maven-plugin</artifactId>
+</plugin>
+</plugins>
+</build>
+
+</project>

src/main/java/com/example/SocialApplication.java renamed to auth-server/src/main/java/com/example/SocialApplication.java

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<modelVersion>4.0.0</modelVersion>
+
+<groupId>com.example</groupId>
+<artifactId>social-click</artifactId>
+<version>0.0.1-SNAPSHOT</version>
+<packaging>jar</packaging>
+
+<name>social-click</name>
+<description>Demo project for Spring Boot</description>
+
+<parent>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-parent</artifactId>
+<version>1.3.0.RELEASE</version>
+<relativePath /> <!-- lookup parent from repository -->
+</parent>
+
+<properties>
+<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+<java.version>1.8</java.version>
+</properties>
+
+<dependencies>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-actuator</artifactId>
+</dependency>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-security</artifactId>
+</dependency>
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-web</artifactId>
+</dependency>
+<dependency>
+<groupId>org.springframework.security.oauth</groupId>
+<artifactId>spring-security-oauth2</artifactId>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>angularjs</artifactId>
+<version>1.4.3</version>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>jquery</artifactId>
+<version>2.1.1</version>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>bootstrap</artifactId>
+<version>3.2.0</version>
+</dependency>
+<dependency>
+<groupId>org.webjars</groupId>
+<artifactId>webjars-locator</artifactId>
+</dependency>
+
+<dependency>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-starter-test</artifactId>
+<scope>test</scope>
+</dependency>
+</dependencies>
+
+<build>
+<plugins>
+<plugin>
+<groupId>org.springframework.boot</groupId>
+<artifactId>spring-boot-maven-plugin</artifactId>
+</plugin>
+</plugins>
+</build>
+
+</project>

src/main/resources/application.yml renamed to auth-server/src/main/resources/application.yml

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2012-2015 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.example;
+
+import java.security.Principal;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@SpringBootApplication
+@EnableOAuth2Sso
+@RestController
+public class SocialApplication extends WebSecurityConfigurerAdapter {
+
+@RequestMapping("/user")
+public Principal user(Principal principal) {
+return principal;
+}
+
+@Override
+protected void configure(HttpSecurity http) throws Exception {
+http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
+.authenticated();
+}
+
+public static void main(String[] args) {
+SpringApplication.run(SocialApplication.class, args);
+}
+
+}