Use Spring Boot properties

Closes gh-30

Author: jzheaux

servlet/spring-boot/java/oauth2/resource-server/multi-tenancy/src/main/java/example/OAuth2ResourceServerSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020 the original author or authors.
+ * Copyright 2020-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,60 +21,50 @@
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
+import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
-import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
 import org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
-import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * OAuth Resource Security configuration.
  *
  * @author Josh Cummings
  */
-@EnableWebSecurity
-public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
+@Configuration
+public class OAuth2ResourceServerSecurityConfiguration {
 
-	@Value("${tenantOne.jwk-set-uri}")
-	String jwkSetUri;
-
-	@Value("${tenantTwo.introspection-uri}")
-	String introspectionUri;
-
-	@Value("${tenantTwo.introspection-client-id}")
-	String introspectionClientId;
-
-	@Value("${tenantTwo.introspection-client-secret}")
-	String introspectionClientSecret;
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
+	@Bean
+	SecurityFilterChain apiSecurity(HttpSecurity http,
+			AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver) throws Exception {
 		// @formatter:off
 		http
 			.authorizeRequests((requests) -> requests
-					.mvcMatchers("/**/message/**").hasAuthority("SCOPE_message:read")
-					.anyRequest().authenticated()
+				.mvcMatchers("/**/message/**").hasAuthority("SCOPE_message:read")
+				.anyRequest().authenticated()
 			)
 			.oauth2ResourceServer((resourceServer) -> resourceServer
-					.authenticationManagerResolver(multitenantAuthenticationManager())
+				.authenticationManagerResolver(authenticationManagerResolver)
 			);
 		// @formatter:on
+
+		return http.build();
 	}
 
 	@Bean
-	AuthenticationManagerResolver<HttpServletRequest> multitenantAuthenticationManager() {
+	AuthenticationManagerResolver<HttpServletRequest> multitenantAuthenticationManager(JwtDecoder jwtDecoder,
+			OpaqueTokenIntrospector opaqueTokenIntrospector) {
 		Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();
-		authenticationManagers.put("tenantOne", jwt());
-		authenticationManagers.put("tenantTwo", opaque());
+		authenticationManagers.put("tenantOne", jwt(jwtDecoder));
+		authenticationManagers.put("tenantTwo", opaque(opaqueTokenIntrospector));
 		return (request) -> {
 			String[] pathParts = request.getRequestURI().split("/");
 			String tenantId = (pathParts.length > 0) ? pathParts[1] : null;
@@ -86,17 +76,14 @@ AuthenticationManagerResolver<HttpServletRequest> multitenantAuthenticationManag
 		};
 	}
 
-	AuthenticationManager jwt() {
-		JwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(this.jwkSetUri).build();
+	AuthenticationManager jwt(JwtDecoder jwtDecoder) {
 		JwtAuthenticationProvider authenticationProvider = new JwtAuthenticationProvider(jwtDecoder);
 		authenticationProvider.setJwtAuthenticationConverter(new JwtBearerTokenAuthenticationConverter());
-		return authenticationProvider::authenticate;
+		return new ProviderManager(authenticationProvider);
 	}
 
-	AuthenticationManager opaque() {
-		OpaqueTokenIntrospector introspectionClient = new NimbusOpaqueTokenIntrospector(this.introspectionUri,
-				this.introspectionClientId, this.introspectionClientSecret);
-		return new OpaqueTokenAuthenticationProvider(introspectionClient)::authenticate;
+	AuthenticationManager opaque(OpaqueTokenIntrospector introspectionClient) {
+		return new ProviderManager(new OpaqueTokenAuthenticationProvider(introspectionClient));
 	}
 
 }

servlet/spring-boot/java/oauth2/resource-server/multi-tenancy/src/main/resources/application.yml

@@ -1,4 +1,10 @@
-tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
-tenantTwo.introspection-client-id: client
-tenantTwo.introspection-client-secret: secret
+spring:
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+        opaquetoken:
+          introspection-uri: ${mockwebserver.url}/introspect
+          client-id: client
+          client-secret: secret