Merge pull request #6 from oktadeveloper/spring-boot-2.1m1

Upgrade to Spring Boot 2.1 M1

Author: mraible

pom.xml

@@ -14,15 +14,14 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.1.0.BUILD-SNAPSHOT</version>
+        <version>2.1.0.M1</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>1.8</java.version>
-        <spring-security.version>5.1.0.BUILD-SNAPSHOT</spring-security.version>
         <frontend-maven-plugin.version>1.6</frontend-maven-plugin.version>
         <node.version>v10.6.0</node.version>
         <yarn.version>v1.8.0</yarn.version>
@@ -184,7 +183,7 @@
         <pluginRepository>
             <id>spring-snapshots</id>
             <name>Spring Snapshots</name>
-            <url>https://repo.spring.io/snapshot</url>
+            <url>https://repo.spring.io/libs-snapshot</url>
             <snapshots>
                 <enabled>true</enabled>
             </snapshots>
@@ -194,7 +193,7 @@
         <repository>
             <id>spring-snapshots</id>
             <name>Spring Snapshots</name>
-            <url>http://repo.spring.io/snapshot</url>
+            <url>http://repo.spring.io/libs-snapshot</url>
         </repository>
     </repositories>
 </project>

src/main/java/com/okta/developer/jugtours/config/SecurityConfiguration.java

@@ -1,137 +1,45 @@
 package com.okta.developer.jugtours.config;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
-import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.security.web.savedrequest.SimpleSavedRequest;
 
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.util.Collection;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
 
 @Configuration
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
-    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        RequestCache requestCache = refererRequestCache();
-        SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
-        handler.setRequestCache(requestCache);
         http
-            .exceptionHandling()
-                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/oauth2/authorization/okta"))
-                .and()
-            .oauth2Login()
-                .successHandler(handler)
-                .and()
+            .oauth2Login().and()
             .csrf()
                 .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                 .and()
-            .requestCache()
-                .requestCache(requestCache)
-                .and()
             .authorizeRequests()
                 .antMatchers("/**/*.{js,html,css}").permitAll()
                 .antMatchers("/", "/api/user").permitAll()
                 .anyRequest().authenticated();
     }
 
     @Bean
+    @Profile("dev")
     public RequestCache refererRequestCache() {
-        return new RequestCache() {
-            private String savedAttrName = getClass().getName().concat(".SAVED");
-
+        return new HttpSessionRequestCache() {
             @Override
             public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
                 String referrer = request.getHeader("referer");
                 if (referrer != null) {
-                    request.getSession().setAttribute(this.savedAttrName, referrerRequest(referrer));
-                }
-            }
-
-            @Override
-            public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse response) {
-                HttpSession session = request.getSession(false);
-
-                if (session != null) {
-                    return (SavedRequest) session.getAttribute(this.savedAttrName);
-                }
-
-                return null;
-            }
-
-            @Override
-            public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
-                return request;
-            }
-
-            @Override
-            public void removeRequest(HttpServletRequest request, HttpServletResponse response) {
-                HttpSession session = request.getSession(false);
-
-                if (session != null) {
-                    log.debug("Removing SavedRequest from session if present");
-                    session.removeAttribute(this.savedAttrName);
+                    request.getSession().setAttribute("SPRING_SECURITY_SAVED_REQUEST", new SimpleSavedRequest(referrer));
                 }
             }
         };
     }
-
-    private SavedRequest referrerRequest(final String referrer) {
-        return new SavedRequest() {
-            @Override
-            public String getRedirectUrl() {
-                return referrer;
-            }
-
-            @Override
-            public List<Cookie> getCookies() {
-                return null;
-            }
-
-            @Override
-            public String getMethod() {
-                return null;
-            }
-
-            @Override
-            public List<String> getHeaderValues(String name) {
-                return null;
-            }
-
-            @Override
-            public Collection<String> getHeaderNames() {
-                return null;
-            }
-
-            @Override
-            public List<Locale> getLocales() {
-                return null;
-            }
-
-            @Override
-            public String[] getParameterValues(String name) {
-                return new String[0];
-            }
-
-            @Override
-            public Map<String, String[]> getParameterMap() {
-                return null;
-            }
-        };
-    }
 }

src/main/resources/application.yml

@@ -6,8 +6,8 @@ spring:
       client:
         registration:
           okta:
-            client-id: 0oafrf327dXcTWh3j0h7
-            client-secret: gXoRPO1uKff1X12MZpGIppbsyDDvi6QHFrfqooFU
+            client-id: 0oafudk8gcSusspTN0h7
+            client-secret: ZjAdC_75kgU3y1N7E5Kp_BmEY8LhNE3B3DyaFeBx
             scope: openid email profile
         provider:
           okta:

src/test/java/com/okta/developer/jugtours/JugToursApplicationTests.java

@@ -7,7 +7,7 @@
 
 @RunWith(SpringRunner.class)
 @SpringBootTest
-public class JugtoursApplicationTests {
+public class JugToursApplicationTests {
 
     @Test
     public void contextLoads() {