codecentric · elijah-pl · Sep 17, 2019 · Sep 20, 2019 · Sep 20, 2019 · Sep 20, 2019
@@ -34,6 +34,7 @@
         <module>spring-boot-admin-sample-war</module>
         <module>spring-boot-admin-sample-hazelcast</module>
         <module>spring-boot-admin-sample-custom-ui</module>
+        <module>spring-boot-admin-sample-oauth2</module>
     </modules>
     <dependencyManagement>
         <dependencies>

@@ -0,0 +1,43 @@
+version: '3'
+
+services:
+  authorization-server:
+    build:
+      context: ./spring-boot-admin-sample-oauth2-authorization
+    environment:
+      REDIRECT_URI: http://localhost:8080,http://localhost:8080/login/oauth2/code/admin
+    container_name: sba-oauth2-auth
+    ports:
+      - 8081:8081
+
+  admin-server:
+    build:
+      context: ./spring-boot-admin-sample-oauth2-admin
+    container_name: sba-oauth2-admin
+    environment:
+      cloudfoundry.uaa.host: authorization-server
+      cloudfoundry.uaa.port: 8081
+      spring.security.oauth2.client.provider.cloudfoundry-uaa.authorization-uri: >-
+        http://localhost:8081/uaa/oauth/authorize
+      security.logout.redirect-url: >-
+        http://localhost:8081/uaa/logout.do?client_id=admin&redirect=http://localhost:8080/login
+    depends_on:
+      - authorization-server
+    command: ["./wait-for-command.sh -t 120 -c 'curl authorization-server:8081/uaa' && java -jar app.jar"]
+    ports:
+      - 8080:8080
+
+  resource-server:
+    build:
+      context: ./spring-boot-admin-sample-oauth2-resource
+    container_name: sba-oauth2-resource
+    environment:
+      cloudfoundry.uaa.host: authorization-server
+      cloudfoundry.uaa.port: 8081
+      spring.boot.admin.client.url: http://admin-server:8080
+    depends_on:
+      - authorization-server
+      - admin-server
+    command: ["./wait-for-command.sh -t 120 -c 'curl admin-server:8080' && java -jar app.jar"]
+    ports:
+      - 8082:8082
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2014-2019 the original author or authors.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-boot-admin-sample-oauth2</artifactId>
+    <packaging>pom</packaging>
+    <name>Spring Boot Admin Sample OAuth2</name>
+    <description>Spring Boot Admin Sample OAuth2</description>
+    <parent>
+        <groupId>de.codecentric</groupId>
+        <artifactId>spring-boot-admin-samples</artifactId>
+        <version>${revision}</version>
+        <relativePath>..</relativePath>
+    </parent>
+    <modules>
+        <module>spring-boot-admin-sample-oauth2-admin</module>
+        <module>spring-boot-admin-sample-oauth2-authorization</module>
+        <module>spring-boot-admin-sample-oauth2-resource</module>
+    </modules>
+</project>
@@ -0,0 +1,12 @@
+FROM openjdk:8-jre-alpine
+
+RUN apk --no-cache add curl
+
+COPY /target/spring-boot-admin-sample-oauth2-admin.jar app.jar
+
+RUN wget -O wait-for-command.sh "https://raw.githubusercontent.com/ettore26/wait-for-command/master/wait-for-command.sh"
+RUN chmod +x wait-for-command.sh
+
+ENTRYPOINT ["/bin/sh", "-c"]
+
+EXPOSE 8080
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2014-2019 the original author or authors.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-boot-admin-sample-oauth2-admin</artifactId>
+    <name>Spring Boot Admin Sample OAuth2 - Spring Boot Admin</name>
+    <description>Spring Boot Admin Sample OAuth2 - Spring Boot Admin</description>
+    <parent>
+        <groupId>de.codecentric</groupId>
+        <artifactId>spring-boot-admin-sample-oauth2</artifactId>
+        <version>${revision}</version>
+        <relativePath>..</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>de.codecentric</groupId>
+            <artifactId>spring-boot-admin-starter-server</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.github.tomakehurst</groupId>
+            <artifactId>wiremock-jre8-standalone</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <mainClass>
+                        de.codecentric.boot.admin.sample.oauth2.SpringBootAdminOAuth2AdminServerApplication
+                    </mainClass>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.codecentric.boot.admin.sample.oauth2;
+
+import de.codecentric.boot.admin.server.config.EnableAdminServer;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@EnableAdminServer
+@SpringBootApplication
+public class SpringBootAdminOAuth2AdminServerApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootAdminOAuth2AdminServerApplication.class, args);
+    }
+
+}
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.codecentric.boot.admin.sample.oauth2.config;
+
+import com.nimbusds.jose.util.Base64;
+import de.codecentric.boot.admin.server.domain.entities.Instance;
+import de.codecentric.boot.admin.server.web.client.HttpHeadersProvider;
+import org.springframework.core.env.Environment;
+import org.springframework.http.HttpHeaders;
+import org.springframework.lang.NonNull;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.stereotype.Component;
+
+import java.util.Optional;
+
+@Component
+public class AuthenticationHeaderProvider implements HttpHeadersProvider {
+
+    private static final String AUTHORIZATION_HEADER = "Authorization";
+
+    private final OAuth2AuthorizedClientServiceImpl clientService;
+    private final Environment environment;
+
+    public AuthenticationHeaderProvider(OAuth2AuthorizedClientServiceImpl clientService, Environment environment) {
+        this.clientService = clientService;
+        this.environment = environment;
+    }
+
+    @NonNull
+    @Override
+    public HttpHeaders getHeaders(@NonNull Instance instance) {
+        HttpHeaders headers = new HttpHeaders();
+
+        Optional<OAuth2AuthorizedClient> clientOptional = clientService.loadAuthorizedClientByScope("openid");
+
+        if (clientOptional.isPresent()) {
+            OAuth2AccessToken accessToken = clientOptional.get().getAccessToken();
+            headers.set(AUTHORIZATION_HEADER,
+                    String.join(" ", accessToken.getTokenType().getValue(), accessToken.getTokenValue()));
+        } else {
+            String username = environment.getRequiredProperty("security.client.healthcheck.username");
+            String password = environment.getRequiredProperty("security.client.healthcheck.password");
+            headers.set(AUTHORIZATION_HEADER, "Basic " + Base64.encode(username + ":" + password));
+        }
+
+        return headers;
+    }
+
+}
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014-2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.codecentric.boot.admin.sample.oauth2.config;
+
+import de.codecentric.boot.admin.server.domain.entities.Instance;
+import de.codecentric.boot.admin.server.domain.entities.InstanceRepository;
+import de.codecentric.boot.admin.server.services.EndpointDetector;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class OAuth2AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
+
+    private final InstanceRepository instanceRepository;
+    private final EndpointDetector endpointDetector;
+
+    public OAuth2AuthenticationSuccessHandler(InstanceRepository instanceRepository,
+                                              EndpointDetector endpointDetector) {
+        this.instanceRepository = instanceRepository;
+        this.endpointDetector = endpointDetector;
+    }
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request,
+                                        HttpServletResponse response,
+                                        Authentication authentication) throws ServletException, IOException {
+        super.onAuthenticationSuccess(request, response, authentication);
+        detectEndpoints();
+    }
+
+    private void detectEndpoints() {
+        instanceRepository.findAll()
+                .map(Instance::getId)
+                .flatMap(endpointDetector::detectEndpoints)
+                .subscribe();
+    }
+
+}