Updates for referer redirect

Author: mraible

app/src/Home.js

@@ -35,7 +35,7 @@ class Home extends Component {
     if (port === ':3000') {
       port = ':8080';
     }
-    window.location.href = '//' + window.location.hostname + port + '/login';
+    window.location.href = '//' + window.location.hostname + port + '/private';
   }
 
   logout() {

src/main/java/com/okta/developer/jugtours/config/SecurityConfiguration.java

@@ -84,17 +84,12 @@ public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse r
 
             @Override
             public HttpServletRequest getMatchingRequest(HttpServletRequest request, HttpServletResponse response) {
-                DefaultSavedRequest saved = (DefaultSavedRequest) getRequest(request, response);
+                SavedRequest saved = getRequest(request, response);
 
                 if (saved == null) {
                     return null;
                 }
 
-                if (!saved.doesRequestMatch(request, portResolver)) {
-                    log.debug("saved request doesn't match");
-                    return null;
-                }
-
                 removeRequest(request, response);
 
                 return new SavedRequestAwareWrapper(saved, request);

src/main/java/com/okta/developer/jugtours/web/UserController.java

@@ -4,9 +4,11 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -27,9 +29,9 @@ public ResponseEntity<?> getUser(Principal principal) {
         if (principal == null) {
             return new ResponseEntity<>("", HttpStatus.OK);
         }
-        if (principal instanceof OAuth2LoginAuthenticationToken) {
-            OidcUser authentication = (OidcUser) principal;
-            Map<String, Object> details = authentication.getUserInfo().getClaims();
+        if (principal instanceof OAuth2AuthenticationToken) {
+            OAuth2User authentication = ((OAuth2AuthenticationToken) principal).getPrincipal();
+            Map<String, Object> details = authentication.getAttributes();
             return ResponseEntity.ok().body(details);
         } else {
             return ResponseEntity.ok().body(principal.getName());
@@ -40,6 +42,7 @@ public ResponseEntity<?> getUser(Principal principal) {
     public ResponseEntity<?> logout(HttpServletRequest request,
                                     @AuthenticationPrincipal(expression = "idToken") OidcIdToken idToken) {
         // send logout URL to client so they can initiate logout - doesn't work from the server side
+        // Make it easier: https://github.com/spring-projects/spring-security/issues/5540
         String logoutUrl = issuerUri + "/v1/logout";
 
         Map<String, String> logoutDetails = new HashMap<>();