Add Spring example with authentication (#1255)

Author: acoburn

examples/pom.xml

@@ -43,6 +43,7 @@
       <modules>
         <module>cli</module>
         <module>springboot</module>
+        <module>spring-web</module>
         <module>webapp</module>
       </modules>
     </profile>

examples/spring-web/pom.xml

@@ -0,0 +1,116 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>com.inrupt.client</groupId>
+    <artifactId>inrupt-client-examples-parent</artifactId>
+    <version>1.2.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>inrupt-client-examples-spring-web</artifactId>
+  <version>1.2.0-SNAPSHOT</version>
+  <name>Inrupt Java Client Libraries - SpringBoot WebApp Example</name>
+  <description>
+    Sample SpringBoot Web Application.
+  </description>
+
+  <properties>
+    <maven.compiler.target>17</maven.compiler.target>
+    <maven.compiler.source>17</maven.compiler.source>
+    <springboot.version>3.2.5</springboot.version>
+  </properties>
+
+  <dependencyManagement>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-dependencies</artifactId>
+            <version>${springboot.version}</version>
+            <type>pom</type>
+            <scope>import</scope>
+        </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.inrupt.client</groupId>
+      <artifactId>inrupt-client-runtime</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.inrupt.client</groupId>
+      <artifactId>inrupt-client-spring</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-thymeleaf</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-oauth2-client</artifactId>
+    </dependency>
+
+    <!-- transitive dependencies -->
+    <!-- addresses CVE-2023-52428 via Spring Boot 3.2.x -->
+    <dependency>
+        <groupId>com.nimbusds</groupId>
+        <artifactId>nimbus-jose-jwt</artifactId>
+        <version>9.37.3</version>
+    </dependency>
+
+    <!-- testing -->
+    <dependency>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-test</artifactId>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-test</artifactId>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>io.smallrye</groupId>
+        <artifactId>smallrye-jwt-build</artifactId>
+        <version>${smallrye.jwt.version}</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>io.smallrye.config</groupId>
+        <artifactId>smallrye-config</artifactId>
+        <version>${smallrye.config.version}</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.wiremock</groupId>
+        <artifactId>wiremock-standalone</artifactId>
+        <version>${wiremock.version}</version>
+        <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <!-- for building a jar -->
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <version>${springboot.version}</version>
+        <executions>
+            <execution>
+                <goals>
+                    <goal>repackage</goal>
+                </goals>
+            </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>

examples/spring-web/src/main/java/com/inrupt/client/examples/spring/web/SecurityConfiguration.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright Inrupt Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
+ * Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.inrupt.client.examples.spring.web;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory;
+import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
+import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+
+    @Autowired
+    ClientRegistrationRepository clientRegistrationRepository;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
+        http
+            .logout(logout -> logout
+                .logoutSuccessHandler(oidcLogoutSuccessHandler())
+            )
+            .oauth2Login(Customizer.withDefaults());
+        return http.build();
+    }
+
+    @Bean
+    public JwtDecoderFactory<ClientRegistration> idTokenDecoderFactory() {
+        final var decoder = new OidcIdTokenDecoderFactory();
+        decoder.setJwsAlgorithmResolver(clientRegistration -> SignatureAlgorithm.ES256);
+        return decoder;
+    }
+
+    OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler() {
+        final var successHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
+        // This URL should be one of the `post_logout_redirect_urls`
+        successHandler.setPostLogoutRedirectUri("http://localhost:8080/");
+        return successHandler;
+    }
+}

examples/spring-web/src/main/java/com/inrupt/client/examples/spring/web/WebApplication.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright Inrupt Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
+ * Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.inrupt.client.examples.spring.web;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+// Spring Boot's class requirements conflict with the checkstyle rules in this case
+@SuppressWarnings("checkstyle:HideUtilityClassConstructor")
+@SpringBootApplication
+public class WebApplication {
+    public static void main(final String[] args) {
+        SpringApplication.run(WebApplication.class, args);
+    }
+}

examples/spring-web/src/main/java/com/inrupt/client/examples/spring/web/controller/SolidController.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright Inrupt Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
+ * Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.inrupt.client.examples.spring.web.controller;
+
+import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
+import static org.springframework.security.oauth2.core.OAuth2ErrorCodes.INVALID_TOKEN;
+
+import com.inrupt.client.auth.Session;
+import com.inrupt.client.examples.spring.web.model.*;
+import com.inrupt.client.openid.OpenIdException;
+import com.inrupt.client.solid.SolidClientException;
+import com.inrupt.client.solid.SolidRDFSource;
+import com.inrupt.client.solid.SolidSyncClient;
+import com.inrupt.client.spring.SessionUtils;
+import com.inrupt.client.webid.WebIdProfile;
+
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.*;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.web.bind.annotation.*;
+
+@SpringBootApplication
+@RestController
+@RequestMapping("/api")
+public class SolidController {
+
+    private static final SolidSyncClient client = SolidSyncClient.getClient();
+
+    @Autowired
+    HttpSession httpSession;
+
+    @GetMapping(value = "/resource", produces = "text/turtle")
+    public Resource getResource(final @AuthenticationPrincipal OAuth2User user, final @RequestParam URI uri) {
+        final var session = SessionUtils.asSession(user)
+            .orElseThrow(() -> new OAuth2AuthenticationException(INVALID_TOKEN));
+        try (final var resource = client.session(session).read(uri, SolidRDFSource.class)) {
+            return new Resource(resource);
+        }
+    }
+
+    @GetMapping(value = "/webid", produces = APPLICATION_JSON_VALUE)
+    public WebId getUser(final @AuthenticationPrincipal OAuth2User user) {
+        final var webid = SessionUtils.asSession(user).flatMap(Session::getPrincipal)
+            .orElseThrow(() -> new OAuth2AuthenticationException(INVALID_TOKEN));
+        return new WebId(webid);
+    }
+
+    @GetMapping(value = "/profile", produces = APPLICATION_JSON_VALUE)
+    public Profile getProfile(final @AuthenticationPrincipal OAuth2User user) {
+        final var session = SessionUtils.asSession(user)
+            .orElseThrow(() -> new OAuth2AuthenticationException(INVALID_TOKEN));
+        final var webid = session.getPrincipal().orElseThrow(() -> new OAuth2AuthenticationException(INVALID_TOKEN));
+        try (final var profile = client.session(session).read(webid, WebIdProfile.class)) {
+            return Profile.of(profile);
+        }
+    }
+
+    @ExceptionHandler(SolidClientException.class)
+    public void clientException(final HttpServletResponse response) throws IOException {
+        httpSession.invalidate();
+        response.sendError(400);
+    }
+
+    @ExceptionHandler({OAuth2AuthenticationException.class, OpenIdException.class})
+    public void sessionException(final HttpServletResponse response) throws IOException {
+        httpSession.invalidate();
+        response.sendError(401);
+    }
+}

examples/spring-web/src/main/java/com/inrupt/client/examples/spring/web/model/Profile.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright Inrupt Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
+ * Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.inrupt.client.examples.spring.web.model;
+
+import com.inrupt.client.webid.WebIdProfile;
+
+import java.net.URI;
+import java.util.Set;
+
+public record Profile(URI id, Set<URI> storages, Set<URI> issuers) {
+    public static Profile of(final WebIdProfile profile) {
+        return new Profile(profile.getIdentifier(), profile.getStorages(), profile.getOidcIssuers());
+    }
+}