Merge pull request #16 from cgmarcos-autentia/feature/fixing-samples

Feature/fixing samples

samples/default/README.md

@@ -3,5 +3,7 @@
 
 A Spring Boot Application configured to mimic the default [MITREid OpenID Connect WebApp](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-server-webapp) meant for maven and gradle overlay projects.
 
+After running the app you can simulate a remote client's OIDC authorize redirect flow (username: user, password:password) with the call:
 
+[http://localhost:8080/authorize?response_type=code token id_token&client_id=client&redirect_uri=http://localhost:8080/&scope=openid profile email&state=randomstate&nonce=randomnonce](http://localhost:8080/authorize?response_type=code token id_token&client_id=client&redirect_uri=http://localhost:8080/&scope=openid profile email&state=randomstate&nonce=randomnonce)
 

samples/default/build.gradle

@@ -10,6 +10,7 @@ buildscript {
 		springBootVersion = "1.5.21.RELEASE"
 	}
 	repositories {
+        mavenLocal()
 		mavenCentral()
 	}
 	dependencies {
@@ -21,7 +22,11 @@ repositories {
 	mavenLocal()
 	mavenCentral()
     maven {
-        url "https://maven.pkg.github.com/autentia/openid-connect-server-spring-boot"
+        url =uri("https://maven.pkg.github.com/autentia/openid-connect-server-spring-boot")
+        credentials {
+            username = githubAutentiaUsername
+            password = githubAutentiaToken
+        }
     }
 }
 

samples/simple-ui/build.gradle

@@ -1,8 +1,8 @@
 apply from:"dependencies.gradle"
 
-apply plugin: "java"
-apply plugin: "eclipse"
-apply plugin: "idea"
+apply plugin: 'java'
+apply plugin: 'eclipse'
+apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
 
 
@@ -11,6 +11,7 @@ buildscript {
 		springBootVersion = "1.5.21.RELEASE"
 	}
 	repositories {
+        mavenLocal()
 		mavenCentral()
 	}
 	dependencies {
@@ -22,13 +23,17 @@ repositories {
 	mavenLocal()
 	mavenCentral()
     maven {
-        url "https://maven.pkg.github.com/autentia/openid-connect-server-spring-boot"
+        url =uri("https://maven.pkg.github.com/autentia/openid-connect-server-spring-boot")
+        credentials {
+            username = githubAutentiaUsername
+            password = githubAutentiaToken
+        }
     }
 }
 
 dependencies {
-	implementation "org.springframework.boot:spring-boot-devtools"
-	implementation libs.openIdConnectSpringBootConfig
+	compile libs.openIdConnectSpringBootConfig
+	compile libs.openIdConnectSpringBootUI
 
     runtimeOnly libs.h2Database
 }

samples/simple-ui/src/main/java/org/mitre/springboot/samples/SimpleUIApplication.java

@@ -1,6 +1,5 @@
 package org.mitre.springboot.samples;
 
-import org.mitre.oauth2.web.CorsFilter;
 import org.mitre.openid.connect.web.AuthenticationTimeStamper;
 import org.mitre.springboot.config.annotation.EnableOpenIDConnectServer;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -10,6 +9,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
+import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
@@ -20,10 +20,10 @@ public class SimpleUIApplication {
 	public static void main(String[] args) {
 		SpringApplication.run(SimpleUIApplication.class, args);
 	}
-	
+
 	@Configuration
 	public static class LoginConfiguration extends WebSecurityConfigurerAdapter {
-		
+
 		@Autowired
 		private CorsFilter corsFilter;
 
@@ -40,10 +40,10 @@ protected void configure(HttpSecurity http) throws Exception {
 				.csrf()
 					.and()
 				.formLogin()
-					.loginPage("/")
-					.loginProcessingUrl("/login")
+                    .loginPage("/session")
+                    .loginProcessingUrl("/login")
 					.successHandler(authenticationTimeStamper)
-					.failureUrl("/?error")
+					.failureUrl("/session?error")
 					.permitAll()
 					.and()
 				.authorizeRequests()
@@ -52,10 +52,10 @@ protected void configure(HttpSecurity http) throws Exception {
 					.and()
 				.addFilterBefore(corsFilter, SecurityContextPersistenceFilter.class)
 				.logout()
-					.logoutSuccessUrl("/?logout")
+                    .logoutSuccessUrl("/session?logout")
 					.permitAll()
 					.and()
-				.exceptionHandling().accessDeniedPage("/?denied") //in this simple case usually due to a InvalidCsrfTokenException after session timeout
+				.exceptionHandling().accessDeniedPage("/session?denied") //in this simple case usually due to a InvalidCsrfTokenException after session timeout
 				.and()
 				.anonymous()
 					.and()
@@ -72,10 +72,10 @@ public static class WebMvcConfiguration extends WebMvcConfigurerAdapter {
 
 		@Override
 		public void addViewControllers(ViewControllerRegistry registry) {
-			registry.addViewController("/").setViewName("index");
+			registry.addViewController("/session").setViewName("session");
 			registry.addViewController("/sampleclient").setViewName("sampleclient");
 		}
 
-	}
+    }
 
 }

samples/simple-ui/src/main/resources/db/clients.sql

@@ -17,7 +17,8 @@ INSERT INTO client_scope (owner_id, scope) VALUES
 
 INSERT INTO client_redirect_uri (owner_id, redirect_uri) VALUES
 	(@a, 'http://localhost/'),
-	(@a, 'http://localhost:8080/');
+	(@a, 'http://localhost:8080/'),
+    (@a, 'http://localhost:8080/sampleclient');
 
 INSERT INTO client_grant_type (owner_id, grant_type) VALUES
 	(@a, 'authorization_code'),

samples/simple-ui/src/main/resources/templates/sampleclient.html

@@ -3,8 +3,7 @@
 <head>
 <title data-th-text="${@config.topbarTitle}"></title>
 
-<link rel="stylesheet" media="screen" data-th-href="@{/webjars/bootstrap/css/bootstrap.min.css}" />
-<link rel="stylesheet" type="text/css" media="screen" data-th-href="@{/webjars/font-awesome/css/font-awesome.min.css}" />
+<link rel="stylesheet" media="screen" data-th-href="@{/resources/bootstrap2/css/bootstrap.min.css}" type="text/css"/>
 
 <style type="text/css">
 .container {
@@ -56,9 +55,10 @@ <h4 class="panel-title">
 		</div>
 	</div>
 
-	<script type="text/javascript" data-th-src="@{/webjars/jquery/jquery.min.js}"></script>
-	<script type="text/javascript" data-th-src="@{/webjars/bootstrap/js/bootstrap.min.js}"></script>
-	<script type="text/javascript" src="https://cdn.rawgit.com/allmarkedup/purl/master/purl.js"></script>
+    <script type="text/javascript" data-th-src="@{/resources/js/lib/jquery.js}"></script>
+    <script type="text/javascript" data-th-src="@{/resources/bootstrap2/js/bootstrap.min.js}"></script>
+    <script type="text/javascript" src="https://cdn.rawgit.com/allmarkedup/purl/master/purl.js"></script>
+
 	<script>
 		$(document).ready(function() {
 			$( "#access_token" ).html(JSON.stringify(JSON.parse(atob($.url(window.location.href.replace("#","?")).param('access_token').split(".")[1])),null,4));

samples/simple-ui/src/main/resources/templates/index.html → samples/simple-ui/src/main/resources/templates/session.html

@@ -1,78 +1,77 @@
-<!DOCTYPE html>
-<html xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
-<head>
-<title data-th-text="${@config.topbarTitle}"></title>
-
-<link rel="stylesheet" media="screen" data-th-href="@{/webjars/bootstrap/css/bootstrap.min.css}" />
-<link rel="stylesheet" type="text/css" media="screen" data-th-href="@{/webjars/font-awesome/css/font-awesome.min.css}" />
-
-<style type="text/css">
-.container {
-	margin-top: 10%;
-}
-</style>
-</head>
-<body>
-	<div class="container">
-		<div class="row">
-			<div class="col-md-4 col-md-offset-4">
-				<div class="panel panel-default">
-					<div class="panel-heading">
-						<h3 class="panel-title" data-th-text="${@config.topbarTitle}"></h3>
-					</div>
-
-					<div data-sec-authorize="isAnonymous()" class="panel-body">
-						<form role="form" data-th-action="@{/login}" method="POST">
-							<fieldset>
-								<div class="form-group">
-									<div class="input-group">
-										<span class="input-group-addon"><i class="fa fa-user" aria-hidden="true"></i></span>
-										<input class="form-control" data-th-value="${login_hint}" placeholder="User Name" name="username" type="text" required="true" autofocus="true" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" />
-									</div>
-								</div>
-								<div class="form-group">
-									<div class="input-group">
-										<span class="input-group-addon"><i class="fa fa-lock" aria-hidden="true"></i></span>
-										<input class="form-control" placeholder="Password" name="password" type="password" value="" required="true" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" />
-									</div>
-								</div>
-								<div class="form-group">
-									<input type="hidden" data-th-name="${_csrf.parameterName}" data-th-value="${_csrf.token}" /> <input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Login" />
-								</div>
-								<div data-th-if="${param.error}" class="alert alert-danger">Invalid username and password.</div>
-								<div data-th-if="${param.logout}" class="alert alert-info">You have been logged out.</div>
-								<div data-th-if="${param.denied}" class="alert alert-warning">Your session timed out, please retry.</div>
-							</fieldset>
-						</form>
-					</div>
-
-					<div data-sec-authorize="isFullyAuthenticated()" class="panel-body">
-						<div class="panel-group alert alert-info">
-							You are logged in as '<span data-sec-authentication="name"></span>'
-						</div>
-						<div class="panel-group">
-							<form role="form" data-th-action="@{/logout}" method="POST">
-								<fieldset>
-									<input type="hidden" data-th-name="${_csrf.parameterName}" data-th-value="${_csrf.token}" /> <input type="submit" class="btn btn-success btn-block" name="submit" value="Logout" />
-								</fieldset>
-							</form>
-						</div>
-					</div>
-
-					<div class="panel panel-default">
-						<div class="panel-body">
-							<a data-th-href="@{/authorize(response_type='code token id_token',client_id='client',redirect_uri='http://localhost:8080/sampleclient', scope='openid profile email', state='randomstate', nonce='randomnonce')}">Sample OpenID Connect Authorize Call</a>
-						</div>
-					</div>
-
-				</div>
-
-			</div>
-		</div>
-	</div>
-
-	<script type="text/javascript" data-th-src="@{/webjars/jquery/jquery.min.js}"></script>
-	<script type="text/javascript" data-th-src="@{/webjars/bootstrap/js/bootstrap.min.js}"></script>
-
-</body>
+<!DOCTYPE html>
+<html xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
+<head>
+<title data-th-text="${@config.topbarTitle}"></title>
+
+<link rel="stylesheet" media="screen" data-th-href="@{/resources/bootstrap2/css/bootstrap.min.css}" />
+<!--<link rel="stylesheet" type="text/css" media="screen" data-th-href="@{/webjars/font-awesome/css/font-awesome.min.css}" />-->
+
+<style type="text/css">
+.container {
+	margin-top: 10%;
+}
+</style>
+</head>
+<body>
+	<div class="container">
+		<div class="row">
+			<div class="col-md-4 col-md-offset-4">
+				<div class="panel panel-default">
+					<div class="panel-heading">
+						<h3 class="panel-title" data-th-text="${@config.topbarTitle}"></h3>
+					</div>
+					<div data-sec-authorize="isAnonymous()" class="panel-body">
+						<form role="form" data-th-action="@{/login}" method="POST">
+							<fieldset>
+								<div class="form-group">
+									<div class="input-group">
+										<span class="input-group-addon"><i class="fa fa-user" aria-hidden="true"></i></span>
+										<input class="form-control" data-th-value="${login_hint}" placeholder="User Name" name="username" type="text" required="true" autofocus="true" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" />
+									</div>
+								</div>
+								<div class="form-group">
+									<div class="input-group">
+										<span class="input-group-addon"><i class="fa fa-lock" aria-hidden="true"></i></span>
+										<input class="form-control" placeholder="Password" name="password" type="password" value="" required="true" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" />
+                                    </div>
+								</div>
+								<div class="form-group">
+									<input type="hidden" data-th-name="${_csrf.parameterName}" data-th-value="${_csrf.token}" /> <input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Login" />
+								</div>
+								<div data-th-if="${param.error}" class="alert alert-danger">Invalid username and password.</div>
+								<div data-th-if="${param.logout}" class="alert alert-info">You have been logged out.</div>
+								<div data-th-if="${param.denied}" class="alert alert-warning">Your session timed out, please retry.</div>
+							</fieldset>
+						</form>
+					</div>
+
+					<div data-sec-authorize="isFullyAuthenticated()" class="panel-body">
+						<div class="panel-group alert alert-info">
+							You are logged in as '<span data-sec-authentication="name"></span>'
+						</div>
+						<div class="panel-group">
+							<form role="form" data-th-action="@{/logout}" method="POST">
+								<fieldset>
+									<input type="hidden" data-th-name="${_csrf.parameterName}" data-th-value="${_csrf.token}" /> <input type="submit" class="btn btn-success btn-block" name="submit" value="Logout" />
+								</fieldset>
+							</form>
+						</div>
+					</div>
+
+					<div class="panel panel-default">
+						<div class="panel-body">
+							<a data-th-href="@{/authorize(response_type='code token id_token',client_id='client',redirect_uri='http://localhost:8080/sampleclient', scope='openid profile email', state='randomstate', nonce='randomnonce')}">Sample OpenID Connect Authorize Call</a>
+						</div>
+					</div>
+
+				</div>
+
+			</div>
+		</div>
+	</div>
+
+	<script type="text/javascript" data-th-src="@{/resources/js/lib/jquery/jquery.min.js}"></script>
+	<script type="text/javascript" data-th-src="@{/resources/bootstrap2/js/bootstrap.min.js}"></script>
+
+</body>
 </html>