[#2] Ready for log in with GitHub

build.gradle

@@ -28,6 +28,7 @@ dependencies {
 	compile('org.springframework.boot:spring-boot-starter-data-jpa')
 	compile('org.springframework.boot:spring-boot-starter-freemarker')
 	compile('org.springframework.boot:spring-boot-starter-security')
+	compile('org.springframework.security.oauth:spring-security-oauth2')
 	compile('org.springframework.boot:spring-boot-starter-web')
 	runtime('org.springframework.boot:spring-boot-devtools')
 	runtime('com.h2database:h2')

src/main/java/com/coduckfoilo/WebApplication.java

@@ -1,12 +1,101 @@
 package com.coduckfoilo;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.client.OAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
+import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
+import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.filter.CompositeFilter;
+
+import javax.servlet.Filter;
+import java.util.ArrayList;
+import java.util.List;
 
 @SpringBootApplication
-public class WebApplication {
+@EnableOAuth2Client
+@Controller
+public class WebApplication extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	OAuth2ClientContext oauth2ClientContext;
 
 	public static void main(String[] args) {
 		SpringApplication.run(WebApplication.class, args);
 	}
+
+	@RequestMapping("/")
+	public String index() {
+		return "index";
+	}
+
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+				.antMatcher("/**")
+				.authorizeRequests()
+				.antMatchers("/", "/login**", "/webjars/**")
+				.permitAll()
+				.anyRequest()
+				.authenticated()
+				.and().logout().logoutSuccessUrl("/").permitAll()
+				.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+				.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
+	}
+
+	@Bean
+	public FilterRegistrationBean oauth2ClientFilterRegistration(
+			OAuth2ClientContextFilter filter) {
+		FilterRegistrationBean registration = new FilterRegistrationBean();
+		registration.setFilter(filter);
+		registration.setOrder(-100);
+		return registration;
+	}
+
+	private Filter ssoFilter() {
+
+		CompositeFilter filter = new CompositeFilter();
+		List<Filter> filters = new ArrayList<>();
+
+		OAuth2ClientAuthenticationProcessingFilter githubFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/github");
+		OAuth2RestTemplate githubTemplate = new OAuth2RestTemplate(github(), oauth2ClientContext);
+		githubFilter.setRestTemplate(githubTemplate);
+		UserInfoTokenServices tokenServices = new UserInfoTokenServices(githubResource().getUserInfoUri(), github().getClientId());
+		tokenServices.setRestTemplate(githubTemplate);
+		githubFilter.setTokenServices(tokenServices);
+
+		filters.add(githubFilter);
+
+		filter.setFilters(filters);
+		return filter;
+	}
+
+	@Bean
+	@ConfigurationProperties("github.client")
+	public AuthorizationCodeResourceDetails github() {
+		return new AuthorizationCodeResourceDetails();
+	}
+
+	@Bean
+	@ConfigurationProperties("github.resource")
+	public ResourceServerProperties githubResource() {
+		return new ResourceServerProperties();
+	}
+
+
 }

src/main/resources/application.yml

@@ -0,0 +1,9 @@
+github:
+  client:
+    clientId: ${GITHUB_OAUTH_APP_ID}
+    clientSecret: ${GITHUB_OAUTH_APP_PW}
+    accessTokenUri: https://github.com/login/oauth/access_token
+    userAuthorizationUri: https://github.com/login/oauth/authorize
+    clientAuthenticationScheme: form
+  resource:
+    userInfoUri: https://api.github.com/user

src/main/resources/templates/index.ftl

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>GitHub Login</title>
+</head>
+    <body>
+    <div class="container unauthenticated">
+        With Github: <a href="/login/github">click here</a>
+    </div>
+    </body>
+</html>