cleanup and add spring profiles for solution

andifalk · andifalk · commit d4d574d8f6fc · 2023-05-08T21:46:33.000+02:00
diff --git a/README.md b/README.md
@@ -30,9 +30,13 @@ Please follow the provided step-by-step [Tutorial](https://andifalk.gitbook.io/o
 * [Lab 1: The server side (resource server)](labs/initial/product/README.md)
 * [Lab 2: The client side](labs/initial/ui/README.md)
 
+## Feedback
+
+Any feedback on this hands-on workshop is highly appreciated.
+Just email _andreas.falk(at)novatec-gmbh.de_ or contact me via Twitter (_@andifalk_).
+
 ## License
 
 Apache 2.0 licensed
-Copyright (c) by 2023 Andreas Falk
 
 [1]:http://www.apache.org/licenses/LICENSE-2.0.txt
diff --git a/introduction/architecture/README.md b/introduction/architecture/README.md
@@ -16,11 +16,11 @@ These microservices are configured to be reachable via the following URL address
 
 Service URLs:
 
-| Service                        | URL                          |
-|--------------------------------|------------------------------|
-| OIDC Identity Provider         | https://localhost:9000       |
-| Client (UI)                    | http://localhost:9095/client |
-| Resource Server (Products API) | http://localhost:9090/server |
+| Service                        | URL                                                          |
+|--------------------------------|--------------------------------------------------------------|
+| OIDC Identity Provider         | [http://localhost:9000](http://localhost:9000)               |
+| Client (UI)                    | [http://localhost:9095/client](http://localhost:9095/client) |
+| Resource Server (Products API) | [http://localhost:9090/server](http://localhost:9090/server) |
 
 ## Project contents
 
diff --git a/labs/initial/README.md b/labs/initial/README.md
@@ -1,9 +1,6 @@
-# cloud-security-workshop
-Workshop on building secure cloud-native applications using spring security.
-
-## Initial OAuth2 Security Workshop
+# Initial Sample Applications for the Workshop
 
 You can find the initial applications for the workshop here:
 
-* product: Spring boot application providing a rest api for products: http://localhost:8080/products
-* ui: A Spring boot application providing thymeleaf based html frontend to display products
+* __product__: Spring boot application providing a REST API for products
+* __ui__: A Spring boot application providing thymeleaf based html frontend to display products
diff --git a/labs/initial/product/README.md b/labs/initial/product/README.md
@@ -1,4 +1,4 @@
-# Product Server (Resource server)
+# Lab 1: The server side (resource server)
 
 > __Tip__:  
 > You may look into the [Spring Boot Reference Documentation](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-security-oauth2-server)
@@ -215,10 +215,10 @@ instead by default the class `org.springframework.security.oauth2.jwt.Jwt` will
 ```java  
 @RestController
 public class ProductRestController {
-  ...
+  //...
   @GetMapping(path = "/products")
   public List<Product> getAllProducts(@AuthenticationPrincipal(errorOnInvalidType = true) ProductUser productUser) {
-    ...
+    //...
   }
 }
 ``` 
diff --git a/labs/initial/product/src/main/java/com/example/security/MethodSecurityConfiguration.java b/labs/initial/product/src/main/java/com/example/security/MethodSecurityConfiguration.java
@@ -5,4 +5,5 @@
 
 @EnableMethodSecurity
 @Configuration
-public class MethodSecurityConfiguration {}
+public class MethodSecurityConfiguration {
+}
diff --git a/labs/initial/ui/README.md b/labs/initial/ui/README.md
@@ -1,4 +1,4 @@
-# Product Client Frontend UI
+# Lab 2: The client side
 
 Now we will implement the corresponding client for the product server to show the product list in a web UI.
 
diff --git a/labs/initial/ui/src/main/java/com/example/ProductService.java b/labs/initial/ui/src/main/java/com/example/ProductService.java
@@ -3,14 +3,16 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.*;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatusCode;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Service;
-import org.springframework.web.client.DefaultResponseErrorHandler;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
diff --git a/labs/initial/ui/src/main/java/com/example/WebSecurityConfiguration.java b/labs/initial/ui/src/main/java/com/example/WebSecurityConfiguration.java
@@ -31,24 +31,24 @@ public SecurityFilterChain api(HttpSecurity http) throws Exception {
     @Bean
     public UserDetailsService productUserDetailsService() {
         return new InMemoryUserDetailsManager(
-            builder()
-                .username("bruce.wayne@example.com")
-                .password("wayne")
-                .passwordEncoder(passwordEncoder()::encode)
-                .roles("USER")
-                .build(),
-            builder()
-                    .username("clark.kent@example.com")
-                    .password("kent")
-                    .passwordEncoder(passwordEncoder()::encode)
-                    .roles("USER")
-                    .build(),
-            builder()
-                .username("peter.parker@example.com")
-                .password("parker")
-                .passwordEncoder(passwordEncoder()::encode)
-                .roles("USER", "ADMIN")
-                .build()
+                builder()
+                        .username("bruce.wayne@example.com")
+                        .password("wayne")
+                        .passwordEncoder(passwordEncoder()::encode)
+                        .roles("USER")
+                        .build(),
+                builder()
+                        .username("clark.kent@example.com")
+                        .password("kent")
+                        .passwordEncoder(passwordEncoder()::encode)
+                        .roles("USER")
+                        .build(),
+                builder()
+                        .username("peter.parker@example.com")
+                        .password("parker")
+                        .passwordEncoder(passwordEncoder()::encode)
+                        .roles("USER", "ADMIN")
+                        .build()
         );
     }
 
diff --git a/labs/solution/README.md b/labs/solution/README.md
@@ -1,16 +1,6 @@
-# cloud-security-workshop
-Workshop on building secure cloud-native applications using spring cloud security (OAuth2).
+# Reference Solution of Sample Applications for the Workshop
 
-## OAuth2 Security Workshop Reference (Step 1)
-
-You can find the completed applications for step 1 of the workshop here:
-
-* product: Spring boot application providing a rest api for products: http://localhost:8080/products
-* ui: A Spring boot application providing thymeleaf based html frontend to display products
-
-In this step user credentials are configured using the _application.properties_ file.
-Here the authorization server uses basic authentication as login type. 
-
-Username: _user_  
-Password: _secret_
+You can find the reference solution for the applications of the workshop here:
 
+* __product__: Spring boot application providing a REST API for products, extended to serve as OAuth/OIDC resource server
+* __ui__: A Spring boot application providing thymeleaf based html frontend to display products, extended as OAuth/OIDC client
diff --git a/labs/solution/product/src/main/java/com/example/security/MethodSecurityConfiguration.java b/labs/solution/product/src/main/java/com/example/security/MethodSecurityConfiguration.java
@@ -5,4 +5,5 @@
 
 @EnableMethodSecurity
 @Configuration
-public class MethodSecurityConfiguration {}
+public class MethodSecurityConfiguration {
+}
diff --git a/labs/solution/ui/src/main/java/com/example/ProductService.java b/labs/solution/ui/src/main/java/com/example/ProductService.java
@@ -3,7 +3,10 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.*;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatusCode;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.stereotype.Service;
@@ -34,11 +37,11 @@ public Collection<Product> getAllProducts(OAuth2AccessToken oAuth2AccessToken) {
 
         try {
             response =
-                template.exchange(
-                        productUrl + "/v1/products",
-                        GET,
-                        new HttpEntity<Product[]>(createAuthorizationHeader(oAuth2AccessToken)),
-                        Product[].class);
+                    template.exchange(
+                            productUrl + "/v1/products",
+                            GET,
+                            new HttpEntity<Product[]>(createAuthorizationHeader(oAuth2AccessToken)),
+                            Product[].class);
 
             LOG.info("Successfully called product server products rest API");
 
diff --git a/labs/solution/ui/src/main/resources/application-auth0.yml b/labs/solution/ui/src/main/resources/application-auth0.yml
@@ -0,0 +1,18 @@
+spring:
+  security:
+    oauth2:
+      client:
+        provider:
+          auth0:
+            issuer-uri: https://access-me.eu.auth0.com/
+            user-name-attribute: name
+        registration:
+          auth0:
+            client-id: 'v13BSQLEZnw4N96V36dDdsGRd022isKe'
+            authorization-grant-type: authorization_code
+            client-authentication-method: none
+            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
+            scope:
+              - openid
+              - profile
+              - email
diff --git a/labs/solution/ui/src/main/resources/application-keycloak.yml b/labs/solution/ui/src/main/resources/application-keycloak.yml
@@ -0,0 +1,18 @@
+spring:
+  security:
+    oauth2:
+      client:
+        provider:
+          keycloak:
+            issuer-uri: http://localhost:8080/realms/workshop
+            user-name-attribute: name
+        registration:
+          keycloak:
+            client-id: 'product-client'
+            authorization-grant-type: authorization_code
+            client-authentication-method: none
+            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
+            scope:
+              - openid
+              - profile
+              - email
diff --git a/labs/solution/ui/src/main/resources/application-spring.yml b/labs/solution/ui/src/main/resources/application-spring.yml
@@ -0,0 +1,18 @@
+spring:
+  security:
+    oauth2:
+      client:
+        provider:
+          spring:
+            issuer-uri: http://localhost:9000
+            user-name-attribute: name
+        registration:
+          spring:
+            client-id: 'demo-client-pkce'
+            authorization-grant-type: authorization_code
+            client-authentication-method: none
+            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
+            scope:
+              - openid
+              - profile
+              - email
diff --git a/labs/solution/ui/src/main/resources/application.yml b/labs/solution/ui/src/main/resources/application.yml
@@ -2,48 +2,6 @@ server:
   servlet:
     context-path: /client
   port: 9095
-spring:
-  security:
-    oauth2:
-      client:
-        provider:
-          auth0:
-            issuer-uri: https://access-me.eu.auth0.com/
-            user-name-attribute: name
-          keycloak:
-            issuer-uri: http://localhost:8080/realms/workshop
-            user-name-attribute: name
-          spring:
-            issuer-uri: http://localhost:9000
-            user-name-attribute: name
-        registration:
-          auth0:
-            client-id: 'v13BSQLEZnw4N96V36dDdsGRd022isKe'
-            authorization-grant-type: authorization_code
-            client-authentication-method: none
-            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
-            scope:
-              - openid
-              - profile
-              - email
-          keycloak:
-            client-id: 'product-client'
-            authorization-grant-type: authorization_code
-            client-authentication-method: none
-            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
-            scope:
-              - openid
-              - profile
-              - email
-          spring:
-            client-id: 'demo-client-pkce'
-            authorization-grant-type: authorization_code
-            client-authentication-method: none
-            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
-            scope:
-              - openid
-              - profile
-              - email
 
 logging:
   level:

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Product Client Frontend UI`
	`1`	`+# Lab 2: The client side`
`2`	`2`
`3`	`3`	`Now we will implement the corresponding client for the product server to show the product list in a web UI.`
`4`	`4`