From 2d8d56840ccade58cc3eea380d54c47bed11e18e Mon Sep 17 00:00:00 2001
From: Joe Grandja <jgrandja@vmware.com>
Date: Mon, 5 Apr 2021 15:29:37 -0400
Subject: [PATCH] Polish oauth2-integration sample

Issue gh-267
---
 samples/boot/oauth2-integration/README.adoc    |  2 +-
 .../config/AuthorizationServerConfig.java      | 18 ++++++++++++++----
 .../client/src/main/resources/application.yml  |  6 +++---
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/samples/boot/oauth2-integration/README.adoc b/samples/boot/oauth2-integration/README.adoc
index 86e5d2fd..07d32964 100644
--- a/samples/boot/oauth2-integration/README.adoc
+++ b/samples/boot/oauth2-integration/README.adoc
@@ -8,4 +8,4 @@ This sample integrates `spring-security-oauth2-client` and `spring-security-oaut
 ** *IMPORTANT:* Make sure to modify your `/etc/hosts` file to avoid problems with session cookie overwrites between `client` and `authorizationserver`. Simply add the entry `127.0.0.1	auth-server`
 * Run Resource Server -> `./gradlew -b samples/boot/oauth2-integration/resourceserver/spring-security-samples-boot-oauth2-integrated-resourceserver.gradle bootRun`
 * Run Client -> `./gradlew -b samples/boot/oauth2-integration/client/spring-security-samples-boot-oauth2-integrated-client.gradle bootRun`
-* Go to `http://localhost:8080`
+* Go to `http://127.0.0.1:8080`
diff --git a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
index 6a95cebf..0c7df4a4 100644
--- a/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
+++ b/samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
@@ -25,7 +25,10 @@ import sample.jose.Jwks;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@@ -34,15 +37,22 @@ import org.springframework.security.oauth2.server.authorization.client.InMemoryR
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * @author Joe Grandja
  * @since 0.0.1
  */
 @Configuration(proxyBeanMethods = false)
-@Import(OAuth2AuthorizationServerConfiguration.class)
 public class AuthorizationServerConfig {
 
+	@Bean
+	@Order(Ordered.HIGHEST_PRECEDENCE)
+	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+		return http.formLogin(Customizer.withDefaults()).build();
+	}
+
 	// @formatter:off
 	@Bean
 	public RegisteredClientRepository registeredClientRepository() {
@@ -53,8 +63,8 @@ public class AuthorizationServerConfig {
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
 				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.redirectUri("http://localhost:8080/login/oauth2/code/messaging-client-oidc")
-				.redirectUri("http://localhost:8080/authorized")
+				.redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
+				.redirectUri("http://127.0.0.1:8080/authorized")
 				.scope(OidcScopes.OPENID)
 				.scope("message.read")
 				.scope("message.write")
diff --git a/samples/boot/oauth2-integration/client/src/main/resources/application.yml b/samples/boot/oauth2-integration/client/src/main/resources/application.yml
index c6922f08..fb78d63b 100644
--- a/samples/boot/oauth2-integration/client/src/main/resources/application.yml
+++ b/samples/boot/oauth2-integration/client/src/main/resources/application.yml
@@ -21,7 +21,7 @@ spring:
             client-id: messaging-client
             client-secret: secret
             authorization-grant-type: authorization_code
-            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+            redirect-uri: "http://127.0.0.1:8080/login/oauth2/code/{registrationId}"
             scope: openid
             client-name: messaging-client-oidc
           messaging-client-authorization-code:
@@ -29,7 +29,7 @@ spring:
             client-id: messaging-client
             client-secret: secret
             authorization-grant-type: authorization_code
-            redirect-uri: "{baseUrl}/authorized"
+            redirect-uri: "http://127.0.0.1:8080/authorized"
             scope: message.read,message.write
             client-name: messaging-client-authorization-code
           messaging-client-client-credentials:
@@ -44,4 +44,4 @@ spring:
             issuer-uri: http://auth-server:9000
 
 messages:
-  base-uri: http://localhost:8090/messages
+  base-uri: http://127.0.0.1:8090/messages