I am creating one POC spring web application with OAuth2.I need to create an authorization server and a client cum resouce-server.I am done with the authorization server. Now I am trying to build a Thyme-leaf based web(MVC) application which is my client as well as resource-server. So the basic requirement is if i am requesting to uri say http://localhost:8080/createCustomer (Returns a model and view) for the first time, it should redirect to the AS . After the user logged in to the AS successfully it should redirect to the http://localhost:8080/createCustomer with an access token(JWT). In this scenario I am not sure which code flow I need to use and what configurations I need to make. And to make sure again its not a rest end point. My end point returns a model and view which with help of Thymeleaf loads in browser.
These are some of my config files for the client or resource server
ResourceServerConfig class file
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
accessTokenConverter.setSigningKey("developer1");
accessTokenConverter.setVerifierKey("developer1");
return accessTokenConverter;
}
@Autowired
private TokenStore jwtTokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(jwtTokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login").permitAll().and().authorizeRequests().anyRequest()
.authenticated();
}
}
Controller
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class CodeClientController {
@Autowired
HttpServletRequest request;
@Autowired
HttpServletResponse response;
@GetMapping(value = "index")
public ModelAndView index(ModelAndView model) {
model.setViewName("index");
return model;
}
@GetMapping(value = "createCustomer")
public ModelAndView home(ModelAndView model) {
model.setViewName("createCustomer");
return model;
}
}
properties.yml file
server:
port: 8080
security:
oauth2:
client:
client-id: client1
client-secret: client1-secret
user-authorization-uri: http://localhost:7070/oauth/authorize
access-token-uri: http://localhost:7070/oauth/token
resource:
jwt:
key-uri: http://localhost:7070/oauth/token_key
key-value: developer1
authorization:
check-token-access: http://localhost:7070/oauth/check_token
logging:
level:
org:
hibernate:
type: trace
org.springframework: DEBUG
org.springframework.security.oauth2: DEBUG
and pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.3.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>com.oauth2.client</groupId>
<artifactId>oauth2-client</artifactId>
<name>oauth2-client</name>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<spring-cloud.version>Greenwich.SR3</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Now when i hit my uri as said before i get this instead of redirecting to the AS server.
