[GEOS-8824] Refactor up common bits of security configuration

src/community/security/oauth2-geonode/src/main/java/org/geoserver/security/oauth2/GeoNodeOAuth2SecurityConfiguration.java

@@ -4,22 +4,12 @@
  */
 package org.geoserver.security.oauth2;
 
-import java.util.Arrays;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
-import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
-import org.springframework.security.oauth2.client.token.AccessTokenProvider;
-import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
-import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
-import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
-import org.springframework.security.oauth2.common.AuthenticationScheme;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
 
 /**
@@ -63,40 +53,18 @@ class GeoNodeOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfigur
 
     @Bean(name = "geoNodeOAuth2Resource")
     public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
-        AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
-        details.setId("geonode-oauth2-client");
-
-        details.setGrantType("authorization_code");
-        details.setAuthenticationScheme(AuthenticationScheme.header);
-        details.setClientAuthenticationScheme(AuthenticationScheme.form);
+        return super.geoServerOAuth2Resource();
+    }
 
-        return details;
+    @Override
+    protected String getDetailsId() {
+        return "geonode-oauth2-client";
     }
 
     /** Must have "session" scope */
     @Bean(name = "geoNodeOauth2RestTemplate")
     @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
     public OAuth2RestTemplate geoServerOauth2RestTemplate() {
-
-        OAuth2RestTemplate oAuth2RestTemplate =
-                new OAuth2RestTemplate(
-                        geoServerOAuth2Resource(),
-                        new DefaultOAuth2ClientContext(getAccessTokenRequest()));
-
-        AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
-                new AuthorizationCodeAccessTokenProvider();
-        authorizationCodeAccessTokenProvider.setStateMandatory(false);
-
-        AccessTokenProvider accessTokenProviderChain =
-                new AccessTokenProviderChain(
-                        Arrays.<AccessTokenProvider>asList(
-                                authorizationCodeAccessTokenProvider,
-                                new ImplicitAccessTokenProvider(),
-                                new ResourceOwnerPasswordAccessTokenProvider(),
-                                new ClientCredentialsAccessTokenProvider()));
-
-        oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
-
-        return oAuth2RestTemplate;
+        return super.geoServerOauth2RestTemplate();
     }
 }

src/community/security/oauth2-github/src/main/java/org/geoserver/security/oauth2/GitHubOAuth2SecurityConfiguration.java

@@ -4,25 +4,15 @@
  */
 package org.geoserver.security.oauth2;
 
-import java.util.Arrays;
 import java.util.List;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
-import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
-import org.springframework.security.oauth2.client.token.AccessTokenProvider;
-import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
-import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
-import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
-import org.springframework.security.oauth2.common.AuthenticationScheme;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
 
 /**
@@ -73,42 +63,22 @@ class GitHubOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfigura
 
     @Bean(name = "githubOAuth2Resource")
     public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
-        AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
-        details.setId("github-oauth2-client");
-
-        details.setGrantType("authorization_code");
-        details.setAuthenticationScheme(AuthenticationScheme.header);
-        details.setClientAuthenticationScheme(AuthenticationScheme.form);
+        return super.geoServerOAuth2Resource();
+    }
 
-        return details;
+    @Override
+    protected String getDetailsId() {
+        return "github-oauth2-client";
     }
 
     /** Must have "session" scope */
     @Bean(name = "githubOauth2RestTemplate")
     @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
     public OAuth2RestTemplate geoServerOauth2RestTemplate() {
-
-        OAuth2RestTemplate oAuth2RestTemplate =
-                new OAuth2RestTemplate(
-                        geoServerOAuth2Resource(),
-                        new DefaultOAuth2ClientContext(getAccessTokenRequest()));
-
-        AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
-                new AuthorizationCodeAccessTokenProvider();
-        authorizationCodeAccessTokenProvider.setStateMandatory(false);
-
-        AccessTokenProvider accessTokenProviderChain =
-                new AccessTokenProviderChain(
-                        Arrays.<AccessTokenProvider>asList(
-                                authorizationCodeAccessTokenProvider,
-                                new ImplicitAccessTokenProvider(),
-                                new ResourceOwnerPasswordAccessTokenProvider(),
-                                new ClientCredentialsAccessTokenProvider()));
-
-        oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
-        List<HttpMessageConverter<?>> messageConverters = oAuth2RestTemplate.getMessageConverters();
+        OAuth2RestTemplate template = super.geoServerOauth2RestTemplate();
+        List<HttpMessageConverter<?>> messageConverters = template.getMessageConverters();
         messageConverters.add(new MappingJackson2HttpMessageConverter());
 
-        return oAuth2RestTemplate;
+        return template;
     }
 }

src/community/security/oauth2-google/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2SecurityConfiguration.java

@@ -4,22 +4,13 @@
  */
 package org.geoserver.security.oauth2;
 
-import java.util.Arrays;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
-import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
-import org.springframework.security.oauth2.client.token.AccessTokenProvider;
-import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
-import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
-import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
-import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
-import org.springframework.security.oauth2.common.AuthenticationScheme;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
 
 /**
@@ -68,14 +59,9 @@ class GoogleOAuth2SecurityConfiguration extends GeoServerOAuth2SecurityConfigura
 
     @Bean(name = "googleOAuth2Resource")
     public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
-        AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
-        details.setId("oauth2-client");
-
-        details.setGrantType("authorization_code");
+        AuthorizationCodeResourceDetails details =
+                (AuthorizationCodeResourceDetails) super.geoServerOAuth2Resource();
         details.setTokenName("authorization_code");
-        details.setUseCurrentUri(false);
-        details.setAuthenticationScheme(AuthenticationScheme.query);
-        details.setClientAuthenticationScheme(AuthenticationScheme.form);
 
         return details;
     }
@@ -84,26 +70,6 @@ public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
     @Bean(name = "googleOauth2RestTemplate")
     @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
     public OAuth2RestTemplate geoServerOauth2RestTemplate() {
-
-        OAuth2RestTemplate oAuth2RestTemplate =
-                new OAuth2RestTemplate(
-                        geoServerOAuth2Resource(),
-                        new DefaultOAuth2ClientContext(getAccessTokenRequest()));
-
-        AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
-                new AuthorizationCodeAccessTokenProvider();
-        authorizationCodeAccessTokenProvider.setStateMandatory(false);
-
-        AccessTokenProvider accessTokenProviderChain =
-                new AccessTokenProviderChain(
-                        Arrays.<AccessTokenProvider>asList(
-                                authorizationCodeAccessTokenProvider,
-                                new ImplicitAccessTokenProvider(),
-                                new ResourceOwnerPasswordAccessTokenProvider(),
-                                new ClientCredentialsAccessTokenProvider()));
-
-        oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
-
-        return oAuth2RestTemplate;
+        return super.geoServerOauth2RestTemplate();
     }
 }

src/community/security/oauth2/src/main/java/org/geoserver/security/oauth2/GeoServerOAuth2SecurityConfiguration.java

@@ -4,13 +4,23 @@
  */
 package org.geoserver.security.oauth2;
 
+import java.util.Arrays;
 import javax.annotation.Resource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.core.env.Environment;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.token.AccessTokenProvider;
+import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
 import org.springframework.security.oauth2.client.token.AccessTokenRequest;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
+import org.springframework.security.oauth2.common.AuthenticationScheme;
 
 /**
  * Base OAuth2 Configuration Class. Each OAuth2 specific Extension must implement its own {@link
@@ -45,11 +55,51 @@ public void setAccessTokenRequest(AccessTokenRequest accessTokenRequest) {
     }
 
     /** Details for an OAuth2-protected resource. */
-    public abstract OAuth2ProtectedResourceDetails geoServerOAuth2Resource();
+    public OAuth2ProtectedResourceDetails geoServerOAuth2Resource() {
+        AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
+        details.setId(getDetailsId());
+
+        details.setGrantType("authorization_code");
+        details.setAuthenticationScheme(AuthenticationScheme.header);
+        details.setClientAuthenticationScheme(AuthenticationScheme.form);
+
+        return details;
+    }
+
+    /**
+     * Returns the details id for the AuthorizationCodeResourceDetails.
+     *
+     * @return
+     */
+    protected String getDetailsId() {
+        return "oauth2-client";
+    }
 
     /**
      * Rest template that is able to make OAuth2-authenticated REST requests with the credentials of
      * the provided resource.
      */
-    public abstract OAuth2RestTemplate geoServerOauth2RestTemplate();
+    public OAuth2RestTemplate geoServerOauth2RestTemplate() {
+
+        OAuth2RestTemplate oAuth2RestTemplate =
+                new OAuth2RestTemplate(
+                        geoServerOAuth2Resource(),
+                        new DefaultOAuth2ClientContext(getAccessTokenRequest()));
+
+        AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider =
+                new AuthorizationCodeAccessTokenProvider();
+        authorizationCodeAccessTokenProvider.setStateMandatory(false);
+
+        AccessTokenProvider accessTokenProviderChain =
+                new AccessTokenProviderChain(
+                        Arrays.<AccessTokenProvider>asList(
+                                authorizationCodeAccessTokenProvider,
+                                new ImplicitAccessTokenProvider(),
+                                new ResourceOwnerPasswordAccessTokenProvider(),
+                                new ClientCredentialsAccessTokenProvider()));
+
+        oAuth2RestTemplate.setAccessTokenProvider(accessTokenProviderChain);
+
+        return oAuth2RestTemplate;
+    }
 }