Initial import of code

Previously was staged in bdemers/okta-spring-security (but that was based on a blog post example)
This commit starts with fresh history

.gitignore

@@ -0,0 +1,6 @@
+.classpath
+.project
+target/
+.settings/
+.idea/
+*.iml

.travis.yml

@@ -0,0 +1,9 @@
+language: java
+jdk:
+- oraclejdk8
+before_install:
+- source ./src/ci/before_install.sh
+script:
+- "./src/ci/build.sh"
+after_success:
+  - bash <(curl -s https://codecov.io/bash) -f okta-spring-security-starter/target/jacoco.exec

README.md

@@ -1,2 +1,46 @@
-# okta-spring-security-oauth2
-okta-spring-security-oauth2
+okta-spring-security
+====================
+
+This repo is still a little raw, and will be cleaned up before merging to master.
+Of interest:
+
+- okta-spring-security-oauth is a Spring Boot starter use to configure an implicit flow access token validation.
+
+- Example (is an example...)
+  -  example is a Spring-Boot example backend (based off a previous examples)
+  -  example/client is Angular front end
+
+- Requires a custom Authorization Server
+
+Build it:
+
+From the root: `mvn install`
+
+Run the backend:
+``` bash
+cd example/
+mvn spring-boot:run \
+-Dokta.oauth.issuer=https://dev-123456.oktapreview.com/oauth2/ausar5cbq5TRooicu812 \
+-Dokta.oauth.audience=your-authorization-server-audience \
+-Dokta.oauth.rolesClaim=custom-group-claim
+```
+
+**Note:** `okta.oauth.rolesClaim` defaults to `groups`, so in your custom Authorization Server define a custom claim:
+- Name: 'groups'
+- Value Type: 'Groups'
+- Filter: Regex - `.*`
+
+Run the example client:
+``` bash
+cd example/client
+npm install
+npm start
+```
+
+Browse to: http://localhost:4200
+
+Up for review:
+code in: okta-spring-security-starter
+
+
+TODO: Needs tests (obviously)

examples/pom.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2017 Okta
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.okta.spring</groupId>
+        <artifactId>okta-spring-security-parent</artifactId>
+        <version>0.1.0-SNAPSHOT</version>
+    </parent>
+
+    <groupId>com.okta.spring.examples</groupId>
+    <artifactId>okta-spring-security-examples</artifactId>
+    <name>Okta Spring Security :: Examples</name>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>siw-jquery</module>
+    </modules>
+
+    <build>
+        <plugins>
+            <plugin>
+                <!-- Skip deployment of the examples -->
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>${spring-boot.version}</version>
+                <configuration>
+                    <fork>false</fork>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

examples/siw-jquery/pom.xml

@@ -0,0 +1,111 @@
+<!--
+  ~ Copyright 2017 Okta, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project
+        xmlns="http://maven.apache.org/POM/4.0.0"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.okta.spring.examples</groupId>
+        <artifactId>okta-spring-security-examples</artifactId>
+        <version>0.1.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>okta-spring-boot-siw-jquery-example</artifactId>
+    <name>Okta Spring Security :: Examples :: Sign-in-Widget</name>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <spring-boot.version>1.5.4.RELEASE</spring-boot.version>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <!-- Import dependency management from Spring Boot -->
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-dependencies</artifactId>
+                <version>${spring-boot.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
+            <!-- User newer oauth2 module -->
+            <dependency>
+                <groupId>org.springframework.security.oauth</groupId>
+                <artifactId>spring-security-oauth2</artifactId>
+                <version>2.2.0.RELEASE</version>
+            </dependency>
+
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+
+        <!-- The Okta Spring-Security Starter -->
+        <dependency>
+            <groupId>com.okta.spring</groupId>
+            <artifactId>okta-spring-security-starter</artifactId>
+            <version>0.1.0-SNAPSHOT</version>
+        </dependency>
+
+        <!-- Other standard Spring starters -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-rest</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+
+        <!-- Logging -->
+        <dependency>
+            <!-- Required for any libraries that expect to call the commons logging APIs -->
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <defaultGoal>spring-boot:run</defaultGoal>
+    </build>
+</project>

examples/siw-jquery/src/main/java/com/okta/spring/example/ExampleApplication.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2017 Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.okta.spring.example;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+
+@SpringBootApplication
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class ExampleApplication {
+
+//    @Bean
+//    protected GlobalMethodSecurityConfiguration methodSecurityConfiguration() {
+//        return new GlobalMethodSecurityConfiguration() {
+//            @Override
+//            protected MethodSecurityExpressionHandler createExpressionHandler() {
+//                return new OAuth2MethodSecurityExpressionHandler();
+//            }
+//        };
+//    }
+
+    @Bean
+    protected WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            public void configure(WebSecurity web) throws Exception {
+                // allow access to the index page and our custom sign-in-widget-config
+                web.ignoring().antMatchers("/", "/index.html", "/sign-in-widget-config");
+            }
+        };
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(ExampleApplication.class, args);
+    }
+}

examples/siw-jquery/src/main/java/com/okta/spring/example/resources/SignInWidgetConfigResource.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2017 Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.okta.spring.example.resources;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.util.Assert;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.xml.bind.annotation.XmlRootElement;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+
+@RestController
+public class SignInWidgetConfigResource {
+
+    private final String issuerUrl;
+
+    private final  String clientId;
+
+    public SignInWidgetConfigResource( @Value("#{ @environment['okta.oauth.issuer'] }")   String issuerUrl,
+                                       @Value("#{ @environment['okta.oauth.clientId'] }") String clientId) {
+
+        Assert.notNull(issuerUrl, "Property 'okta.oauth.issuer' is required.");
+        Assert.notNull(clientId, "Property 'okta.oauth.clientId' is required.");
+        this.issuerUrl = issuerUrl;
+        this.clientId = clientId;
+    }
+
+
+    @GetMapping("/sign-in-widget-config")
+    public WidgetConfig getWidgetConfig() {
+        return new WidgetConfig(issuerUrl, clientId);
+    }
+
+    @XmlRootElement
+    public static class WidgetConfig {
+        public String baseUrl;
+        public String clientId;
+        public Map<String, Object> authParams = new LinkedHashMap<>();
+
+        public WidgetConfig(String issuer, String clientId) {
+
+            this.clientId = clientId;
+            this.authParams.put("issuer", issuer);
+            this.baseUrl = issuer.replaceAll("/oauth2/.*", "");
+        }
+    }
+}

examples/siw-jquery/src/main/java/com/okta/spring/example/resources/WelcomeResource.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2017 Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.okta.spring.example.resources;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+@Controller
+@RestController
+public class WelcomeResource {
+
+    @GetMapping("/welcome")
+    public Welcome getMessageOfTheDay() {
+        return new Welcome("The message of the day is boring.");
+    }
+
+    @XmlRootElement
+    public static class Welcome {
+        public String messageOfTheDay;
+
+        public Welcome(String messageOfTheDay) {
+            this.messageOfTheDay = messageOfTheDay;
+        }
+    }
+}