Merge pull request #8 from hammadirshad/spring-3.5

Spring 3.5

Author: hammadirshad

authorization-code/pom.xml

@@ -1,77 +1,93 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-  <parent>
-    <groupId>com.example</groupId>
-    <artifactId>helseid-client-parent</artifactId>
-    <version>${revision}</version>
-    <relativePath>../pom.xml</relativePath>
-  </parent>
-  <artifactId>authorization-code</artifactId>
-  <name>HelseID authorization code</name>
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>com.example</groupId>
+        <artifactId>helseid-client-parent</artifactId>
+        <version>${revision}</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <artifactId>authorization-code</artifactId>
+    <name>HelseID authorization code</name>
 
-  <dependencies>
-    <dependency>
-      <groupId>com.example</groupId>
-      <artifactId>common</artifactId>
-    </dependency>
+    <dependencies>
+        <dependency>
+            <groupId>com.example</groupId>
+            <artifactId>common</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-web</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-thymeleaf</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-security</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-oauth2-client</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-oauth2-jose</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.json</groupId>
-      <artifactId>json</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20211205</version>
+        </dependency>
 
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-configuration-processor</artifactId>
-      <optional>true</optional>
-    </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
 
-    <dependency>
-      <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk18on</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>com.sun.activation</groupId>
+            <artifactId>jakarta.activation</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.apache.httpcomponents.client5</groupId>
-      <artifactId>httpclient5</artifactId>
-    </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-impl</artifactId>
+        </dependency>
 
-    <dependency>
-      <groupId>org.projectlombok</groupId>
-      <artifactId>lombok</artifactId>
-    </dependency>
-  </dependencies>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-core</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk18on</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents.client5</groupId>
+            <artifactId>httpclient5</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+        </dependency>
+    </dependencies>
 </project>

client-credentials/pom.xml

@@ -69,4 +69,16 @@
             <artifactId>lombok</artifactId>
         </dependency>
     </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>16</source>
+                    <target>16</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>

client-credentials/src/main/java/com/example/ClientCredentialsExample.java

@@ -29,12 +29,22 @@ public class ClientCredentialsExample implements ApplicationRunner {
   public void run(ApplicationArguments args) {
     String requestUrl = "http://localhost:9090/api/client-name";
 
-    OAuth2AccessToken accessToken = helseIDClientCredentialTokenService.getAccessToken();
-    request(accessToken, requestUrl);
+    try {
+      OAuth2AccessToken accessToken = helseIDClientCredentialTokenService.getAccessToken();
+      request(accessToken, requestUrl);
+    } catch (Exception e) {
+      log.error(e.getMessage(), e);
+    }
+
+    log.info("----------------");
 
-    DPoPToken dPoPToken =
-        helseIDDPoPClientCredentialTokenService.getAccessToken(requestUrl, HttpMethod.GET.name());
-    request(dPoPToken, requestUrl);
+    try {
+      DPoPToken dPoPToken =
+          helseIDDPoPClientCredentialTokenService.getAccessToken(requestUrl, HttpMethod.GET.name());
+      request(dPoPToken, requestUrl);
+    } catch (Exception e) {
+      log.error(e.getMessage(), e);
+    }
   }
 
   private void request(OAuth2AccessToken accessToken, String requestUrl) {

client-credentials/src/main/java/com/example/config/HelseIDClientCredentialConfiguration.java

@@ -1,114 +1,127 @@
 package com.example.config;
 
+import com.example.security.dpop.DPoPHttpHeadersConverter;
 import com.example.security.dpop.DPoPProofBuilder;
-import com.example.security.dpop.client.DPoPAccessTokenResponseClient;
-import com.example.security.dpop.client.DefaultDPoPAccessTokenResponseClient;
-import com.example.security.dpop.request.DPoPClientCredentialsGrantRequest;
-import com.example.security.dpop.request.DPoPOClientCredentialsGrantRequestEntityConverter;
 import com.example.service.AuthorizationDetailsJwtClientParametersConverter;
 import com.example.service.HelseIDClientCredentialTokenService;
 import com.example.service.HelseIDDPoPClientCredentialTokenService;
 import java.time.Duration;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.security.oauth2.client.ConditionalOnOAuth2ClientRegistrationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.HttpHeaders;
 import org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
-import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter;
+import org.springframework.security.oauth2.client.endpoint.RestClientClientCredentialsTokenResponseClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.util.MultiValueMap;
 
 @Slf4j
 @Configuration
 @EnableConfigurationProperties({
-    OAuth2ClientHelseIDProperties.class,
+  OAuth2ClientHelseIDProperties.class,
 })
-@Conditional(ClientsConfiguredCondition.class)
+@ConditionalOnOAuth2ClientRegistrationProperties
 public class HelseIDClientCredentialConfiguration {
 
   private static final String HELSEID_CREDENTIALS = "helseid-credentials";
 
   @Bean
-  public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>
-  authorizationCredentialsGrantResponseClient(
+  public DPoPProofBuilder dPoPProofBuilder(
       OAuth2ClientDetailProperties oauth2ClientKeypairProperties) {
-    DefaultClientCredentialsTokenResponseClient tokenResponseClient =
-        new DefaultClientCredentialsTokenResponseClient();
+    return new DPoPProofBuilder(oauth2ClientKeypairProperties.getRegistration());
+  }
 
-    OAuth2ClientCredentialsGrantRequestEntityConverter requestEntityConverter =
-        new OAuth2ClientCredentialsGrantRequestEntityConverter();
+  @Bean
+  @Primary
+  public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>
+      authorizationCredentialsGrantResponseClient(
+          OAuth2ClientDetailProperties oauth2ClientKeypairProperties) {
+
+    RestClientClientCredentialsTokenResponseClient tokenResponseClient =
+        new RestClientClientCredentialsTokenResponseClient();
 
-    requestEntityConverter.addParametersConverter(
+    tokenResponseClient.addParametersConverter(
         new AuthorizationDetailsJwtClientParametersConverter<>(
             oauth2ClientKeypairProperties.getRegistration()));
 
-    tokenResponseClient.setRequestEntityConverter(requestEntityConverter);
+    return tokenResponseClient;
+  }
+
+  @Bean
+  public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>
+      authorizationCredentialsGrantResponseDpopClient(
+          DPoPProofBuilder dPoPProofBuilder,
+          OAuth2ClientDetailProperties oauth2ClientKeypairProperties) {
+
+    Converter<OAuth2ClientCredentialsGrantRequest, MultiValueMap<String, String>>
+        jwtClientParametersConverter =
+            new AuthorizationDetailsJwtClientParametersConverter<>(
+                oauth2ClientKeypairProperties.getRegistration());
+
+    Converter<OAuth2ClientCredentialsGrantRequest, HttpHeaders> dpopClientParametersConverter =
+        new DPoPHttpHeadersConverter<>(jwtClientParametersConverter, dPoPProofBuilder);
+
+    RestClientClientCredentialsTokenResponseClient tokenResponseClient =
+        new RestClientClientCredentialsTokenResponseClient();
+    tokenResponseClient.addParametersConverter(jwtClientParametersConverter);
+
+    tokenResponseClient.addHeadersConverter(dpopClientParametersConverter);
+
     return tokenResponseClient;
   }
 
   @Bean
   public HelseIDClientCredentialTokenService helseIDClientCredentialTokenService(
       ClientRegistrationRepository clientRegistrationRepository,
       OAuth2AuthorizedClientService oAuth2AuthorizedClientService,
-      OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>
-          credentialsGrantResponseClient) {
+      @Qualifier("authorizationCredentialsGrantResponseClient")
+          OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>
+          authorizationCredentialsGrantResponseClient) {
 
     ClientRegistration clientRegistration =
         clientRegistrationRepository.findByRegistrationId(HELSEID_CREDENTIALS);
 
-    ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsAuthorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
+    ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsAuthorizedClientProvider =
+        new ClientCredentialsOAuth2AuthorizedClientProvider();
     clientCredentialsAuthorizedClientProvider.setAccessTokenResponseClient(
-        credentialsGrantResponseClient);
+        authorizationCredentialsGrantResponseClient);
 
     return new HelseIDClientCredentialTokenService(
         clientRegistration,
         oAuth2AuthorizedClientService,
         clientCredentialsAuthorizedClientProvider);
   }
 
-  @Bean
-  public DPoPProofBuilder dPoPProofBuilder(
-      OAuth2ClientDetailProperties oauth2ClientKeypairProperties) {
-    return new DPoPProofBuilder(oauth2ClientKeypairProperties.getRegistration());
-  }
-
-  @Bean
-  public DPoPAccessTokenResponseClient<DPoPClientCredentialsGrantRequest>
-  authorizationCredentialsGrantResponseDpopClient(DPoPProofBuilder dPoPProofBuilder,
-      OAuth2ClientDetailProperties oauth2ClientKeypairProperties) {
-
-    AuthorizationDetailsJwtClientParametersConverter<AbstractOAuth2AuthorizationGrantRequest>
-        parametersConverter =
-        new AuthorizationDetailsJwtClientParametersConverter<>(
-            oauth2ClientKeypairProperties.getRegistration());
-
-    DPoPOClientCredentialsGrantRequestEntityConverter requestEntityConverter =
-        new DPoPOClientCredentialsGrantRequestEntityConverter(
-            parametersConverter, dPoPProofBuilder);
-
-    return new DefaultDPoPAccessTokenResponseClient(requestEntityConverter);
-  }
-
   @Bean
   public HelseIDDPoPClientCredentialTokenService helseIdApiDPOPClientCredentialTokenService(
       ClientRegistrationRepository clientRegistrationRepository,
       OAuth2AuthorizedClientService oAuth2AuthorizedClientService,
       DPoPProofBuilder dPoPProofBuilder,
-      DPoPAccessTokenResponseClient<DPoPClientCredentialsGrantRequest> credentialsGrantClient) {
+      @Qualifier("authorizationCredentialsGrantResponseDpopClient")
+          OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>
+          authorizationCredentialsGrantResponseDpopClient) {
     ClientRegistration clientRegistration =
         clientRegistrationRepository.findByRegistrationId(HELSEID_CREDENTIALS);
+
+    ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsAuthorizedClientProvider =
+        new ClientCredentialsOAuth2AuthorizedClientProvider();
+    clientCredentialsAuthorizedClientProvider.setAccessTokenResponseClient(
+        authorizationCredentialsGrantResponseDpopClient);
+
     return new HelseIDDPoPClientCredentialTokenService(
         clientRegistration,
         dPoPProofBuilder,
         oAuth2AuthorizedClientService,
-        credentialsGrantClient,
+        clientCredentialsAuthorizedClientProvider,
         Duration.ofMinutes(2));
   }
 }