Allow form authentication for OAuth clients

Earlier, only Basic Authentication was allowed but since the oauth lib
used by the client (passport-oauth2) only supports form authentication,
we enable this, too.

build.gradle

@@ -110,7 +110,7 @@ apply plugin: 'propdeps'
 apply plugin: 'idea'
 
 group = 'faforever'
-version = '1.2.1'
+version = '1.2.2'
 
 sourceCompatibility = 1.8
 targetCompatibility = 1.8

src/main/java/com/faforever/api/config/security/WebSecurityConfig.java

@@ -60,31 +60,30 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
   protected void configure(HttpSecurity http) throws Exception {
     // @formatter:off
       http
-      .csrf()
-        .requireCsrfProtectionMatcher(new RequestMatcher() {
-          private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
-          private RequestMatcher matcher = new OrRequestMatcher(
-            new AntPathRequestMatcher("/oauth/authorize"),
-            new AntPathRequestMatcher("/login"));
+        .csrf()
+          .requireCsrfProtectionMatcher(new RequestMatcher() {
+            private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
+            private RequestMatcher matcher = new OrRequestMatcher(
+              new AntPathRequestMatcher("/oauth/authorize"),
+              new AntPathRequestMatcher("/login"));
 
-          @Override
-          public boolean matches(HttpServletRequest request) {
-              return matcher.matches(request) && !allowedMethods.matcher(request.getMethod()).matches();
-          }
-      })
-      .and().headers()
-      .cacheControl().disable()
-      .and().formLogin()
-        .loginPage("/login").permitAll()
-        .failureHandler(authenticationFailureHandler())
-      .and().authorizeRequests()
-        .antMatchers(HttpMethod.OPTIONS).permitAll()
-        .antMatchers("/oauth/**").permitAll()
-        // Swagger UI
-        .antMatchers("/swagger-ui.html").permitAll()
-        .antMatchers("/swagger-resources/**").permitAll()
-        .antMatchers("/v2/api-docs/**").permitAll()
-        .antMatchers("/").permitAll();
+            @Override
+            public boolean matches(HttpServletRequest request) {
+                return matcher.matches(request) && !allowedMethods.matcher(request.getMethod()).matches();
+            }
+        })
+        .and().headers()
+        .cacheControl().disable()
+        .and().formLogin()
+          .loginPage("/login").permitAll()
+          .failureHandler(authenticationFailureHandler())
+        .and().authorizeRequests()
+          .antMatchers(HttpMethod.OPTIONS).permitAll()
+          // Swagger UI
+          .antMatchers("/swagger-ui.html").permitAll()
+          .antMatchers("/swagger-resources/**").permitAll()
+          .antMatchers("/v2/api-docs/**").permitAll()
+          .antMatchers("/").permitAll();
     // @formatter:on
   }
 

src/main/java/com/faforever/api/config/security/oauth2/OAuthAuthorizationServerConfig.java

@@ -1,7 +1,5 @@
 package com.faforever.api.config.security.oauth2;
 
-import com.faforever.api.client.OAuthClientRepository;
-import com.faforever.api.config.FafApiProperties;
 import com.faforever.api.security.FafUserDetailsService;
 import com.faforever.api.security.OAuthClientDetailsService;
 import org.springframework.context.annotation.Configuration;
@@ -28,19 +26,17 @@ public class OAuthAuthorizationServerConfig extends AuthorizationServerConfigure
   private final TokenStore tokenStore;
   private final TokenEnhancer tokenEnhancer;
   private final FafUserDetailsService userDetailsService;
-  private final OAuthClientRepository oAuthClientRepository;
-  private FafApiProperties properties;
+  private final OAuthClientDetailsService oAuthClientDetailsService;
 
   @Inject
   public OAuthAuthorizationServerConfig(AuthenticationManager authenticationManager, TokenStore tokenStore,
                                         TokenEnhancer tokenEnhancer, FafUserDetailsService userDetailsService,
-                                        OAuthClientRepository oAuthClientRepository, FafApiProperties properties) {
+                                        OAuthClientDetailsService oAuthClientDetailsService) {
     this.authenticationManager = authenticationManager;
     this.tokenStore = tokenStore;
     this.tokenEnhancer = tokenEnhancer;
     this.userDetailsService = userDetailsService;
-    this.oAuthClientRepository = oAuthClientRepository;
-    this.properties = properties;
+    this.oAuthClientDetailsService = oAuthClientDetailsService;
   }
 
   @Override
@@ -50,12 +46,13 @@ public void configure(AuthorizationServerSecurityConfigurer oAuthServer) throws
     oAuthServer
       .tokenKeyAccess("isAnonymous() || hasAuthority('ROLE_TRUSTED_CLIENT')")
       .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')")
-      .authenticationEntryPoint(oAuth2AuthenticationEntryPoint);
+      .authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
+      .allowFormAuthenticationForClients();
   }
 
   @Override
   public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-    clients.withClientDetails(new OAuthClientDetailsService(oAuthClientRepository, properties));
+    clients.withClientDetails(oAuthClientDetailsService);
   }
 
   @Override

src/main/java/com/faforever/api/security/OAuthClientDetailsService.java

@@ -8,9 +8,11 @@
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.ClientRegistrationException;
+import org.springframework.stereotype.Service;
 
 import java.util.Optional;
 
+@Service
 public class OAuthClientDetailsService implements ClientDetailsService {
 
   public static final String CLIENTS_CACHE_NAME = "OAuthClientDetailsService.oAuthClients";