Spring Reactive OAuth Login starts working

Author: naturalprogrammer

spring-lemon-commons-reactive/src/main/java/com/naturalprogrammer/spring/lemon/commonsreactive/util/LecrUtils.java

@@ -8,7 +8,9 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.springframework.http.HttpCookie;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
+import org.springframework.web.server.ServerWebExchange;
 
 import com.github.fge.jsonpatch.JsonPatchException;
 import com.naturalprogrammer.spring.lemon.commons.security.UserDto;
@@ -33,6 +35,10 @@ public void postConstruct() {
 		NOT_FOUND_MONO = Mono.error(LexUtils.NOT_FOUND_EXCEPTION);
 	}
 
+	public static Optional<HttpCookie> fetchCookie(ServerWebExchange exchange, String cookieName) {		
+		return Optional.ofNullable(exchange.getRequest().getCookies().getFirst(cookieName));
+	}
+
 	/**
 	 * Gets the current-user
 	 */

spring-lemon-commons/src/main/java/com/naturalprogrammer/spring/lemon/commons/AbstractLemonService.java

@@ -10,6 +10,7 @@
 import org.springframework.boot.context.event.ApplicationReadyEvent;
 import org.springframework.context.event.EventListener;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties.Admin;
 import com.naturalprogrammer.spring.lemon.commons.domain.LemonUser;
@@ -176,5 +177,40 @@ public void mailForgotPasswordLink(U user, String forgotPasswordLink) {
 				LexUtils.getMessage("com.naturalprogrammer.spring.forgotPasswordEmail",
 					forgotPasswordLink)));
 	}
+	
+	/**
+	 * Extracts the email id from user attributes received from OAuth2 provider, e.g. Google
+	 * 
+	 */
+	public String getOAuth2Email(String registrationId, Map<String, Object> attributes) {
+
+		return (String) attributes.get(StandardClaimNames.EMAIL);
+	}
+
+	
+	/**
+	 * Extracts additional fields, e.g. name from user attributes received from OAuth2 provider, e.g. Google
+	 * Override this if you introduce more user fields, e.g. name
+	 */
+	public void fillAdditionalFields(String clientId, U user, Map<String, Object> attributes) {
+		
+	}
+
+	
+	/**
+	 * Checks if the account at the OAuth2 provider is verified 
+	 */
+	public boolean getOAuth2AccountVerified(String registrationId, Map<String, Object> attributes) {
+
+		Object verified = attributes.get(StandardClaimNames.EMAIL_VERIFIED);
+		if (verified == null)
+			verified = attributes.get("verified");
+		
+		try {
+			return (boolean) verified;
+		} catch (Throwable t) {
+			return false;
+		}
+	}
 
 }

spring-lemon-commons/src/main/java/com/naturalprogrammer/spring/lemon/commons/util/LecUtils.java

@@ -40,6 +40,9 @@ public class LecUtils {
 
 	private static final Log log = LogFactory.getLog(LecUtils.class);
 
+	public static final String AUTHORIZATION_REQUEST_COOKIE_NAME = "lemon_oauth2_authorization_request";
+	public static final String LEMON_REDIRECT_URI_COOKIE_PARAM_NAME = "lemon_redirect_uri";
+
 	// Computed authorities
 	public static final String GOOD_ADMIN = "GOOD_ADMIN";
 	public static final String GOOD_USER = "GOOD_USER";

spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/LemonService.java

@@ -556,42 +556,6 @@ public void changeEmail(ID userId, @Valid @NotBlank String changeEmailCode) {
 	}
 
 
-	/**
-	 * Extracts the email id from user attributes received from OAuth2 provider, e.g. Google
-	 * 
-	 */
-	public String getOAuth2Email(String registrationId, Map<String, Object> attributes) {
-
-		return (String) attributes.get(StandardClaimNames.EMAIL);
-	}
-
-	
-	/**
-	 * Extracts additional fields, e.g. name from user attributes received from OAuth2 provider, e.g. Google
-	 * Override this if you introduce more user fields, e.g. name
-	 */
-	public void fillAdditionalFields(String clientId, U user, Map<String, Object> attributes) {
-		
-	}
-
-	
-	/**
-	 * Checks if the account at the OAuth2 provider is verified 
-	 */
-	public boolean getOAuth2AccountVerified(String registrationId, Map<String, Object> attributes) {
-
-		Object verified = attributes.get(StandardClaimNames.EMAIL_VERIFIED);
-		if (verified == null)
-			verified = attributes.get("verified");
-		
-		try {
-			return (boolean) verified;
-		} catch (Throwable t) {
-			return false;
-		}
-	}
-
-
 	/**
 	 * Fetches a new token - for session scrolling etc.
 	 * @return 

spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/security/HttpCookieOAuth2AuthorizationRequestRepository.java

@@ -19,9 +19,6 @@
  */
 public class HttpCookieOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
 
-	public static final String AUTHORIZATION_REQUEST_COOKIE_NAME = "lemon_oauth2_authorization_request";
-	public static final String LEMON_REDIRECT_URI_COOKIE_PARAM_NAME = "lemon_redirect_uri";
-	
 	private int cookieExpirySecs;
 
 	public HttpCookieOAuth2AuthorizationRequestRepository(LemonProperties properties) {
@@ -37,7 +34,7 @@ public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest re
 
 		Assert.notNull(request, "request cannot be null");
 
-		return LecwUtils.fetchCookie(request, AUTHORIZATION_REQUEST_COOKIE_NAME)
+		return LecwUtils.fetchCookie(request, LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME)
 					.map(this::deserialize)
 					.orElse(null);
 	}
@@ -54,20 +51,20 @@ public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationReq
 
 		if (authorizationRequest == null) {
 
-			deleteCookies(request, response, AUTHORIZATION_REQUEST_COOKIE_NAME, LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+			deleteCookies(request, response, LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME, LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
 			return;
 		}
 
-		Cookie cookie = new Cookie(AUTHORIZATION_REQUEST_COOKIE_NAME, LecUtils.serialize(authorizationRequest));
+		Cookie cookie = new Cookie(LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME, LecUtils.serialize(authorizationRequest));
 		cookie.setPath("/");
 		cookie.setHttpOnly(true);
 		cookie.setMaxAge(cookieExpirySecs);
 		response.addCookie(cookie);
 
-		String lemonRedirectUri = request.getParameter(LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+		String lemonRedirectUri = request.getParameter(LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
 		if (StringUtils.isNotBlank(lemonRedirectUri)) {
 
-			cookie = new Cookie(LEMON_REDIRECT_URI_COOKIE_PARAM_NAME, lemonRedirectUri);
+			cookie = new Cookie(LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME, lemonRedirectUri);
 			cookie.setPath("/");
 			cookie.setHttpOnly(true);
 			cookie.setMaxAge(cookieExpirySecs);
@@ -79,7 +76,7 @@ public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationReq
 	public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
 
 		OAuth2AuthorizationRequest originalRequest = loadAuthorizationRequest(request);
-		deleteCookies(request, response, AUTHORIZATION_REQUEST_COOKIE_NAME);
+		deleteCookies(request, response, LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME);
 		return originalRequest;
 	}
 

spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/security/OAuth2AuthenticationFailureHandler.java

@@ -9,6 +9,8 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
+import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
+
 /**
  * OAuth2 Authentication failure handler for removing oauth2 related cookies
  * 
@@ -23,8 +25,8 @@ public void onAuthenticationFailure(HttpServletRequest request,
 			throws IOException, ServletException {
 
 		HttpCookieOAuth2AuthorizationRequestRepository.deleteCookies(request, response,
-			HttpCookieOAuth2AuthorizationRequestRepository.AUTHORIZATION_REQUEST_COOKIE_NAME,
-			HttpCookieOAuth2AuthorizationRequestRepository.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+			LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME,
+			LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
 
 		super.onAuthenticationFailure(request, response, exception);
 	}

spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/security/OAuth2AuthenticationSuccessHandler.java

@@ -1,7 +1,5 @@
 package com.naturalprogrammer.spring.lemon.security;
 
-import java.io.Serializable;
-
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -13,6 +11,7 @@
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
 import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
 import com.naturalprogrammer.spring.lemon.commons.security.UserDto;
+import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
 import com.naturalprogrammer.spring.lemon.commonsweb.util.LecwUtils;
 
 import lombok.AllArgsConstructor;
@@ -44,13 +43,13 @@ protected String determineTargetUrl(HttpServletRequest request,
 				(long) properties.getJwt().getShortLivedMillis());
 
 		String targetUrl = LecwUtils.fetchCookie(request,
-				HttpCookieOAuth2AuthorizationRequestRepository.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME)
+				LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME)
 				.map(Cookie::getValue)
 				.orElse(properties.getOauth2AuthenticationSuccessUrl());
 
 		HttpCookieOAuth2AuthorizationRequestRepository.deleteCookies(request, response,
-				HttpCookieOAuth2AuthorizationRequestRepository.AUTHORIZATION_REQUEST_COOKIE_NAME,
-				HttpCookieOAuth2AuthorizationRequestRepository.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+				LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME,
+				LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
 
 		return targetUrl + shortLivedAuthToken;
 	}

spring-lemon-reactive/src/main/java/com/naturalprogrammer/spring/lemonreactive/LemonReactiveAutoConfiguration.java

@@ -10,6 +10,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
 import com.naturalprogrammer.spring.lemon.commons.domain.IdConverter;
@@ -45,14 +46,23 @@ IdConverter<ID> idConverter(LemonReactiveService<?,ID> lemonService) {
 	@Bean
 	@ConditionalOnMissingBean(ReactiveOAuth2AuthenticationSuccessHandler.class)
 	public <U extends AbstractMongoUser<ID>, ID extends Serializable>
-		ReactiveOAuth2AuthenticationSuccessHandler reactiveOAuth2AuthenticationSuccessHandler(
+		ReactiveOAuth2AuthenticationSuccessHandler<U, ID> reactiveOAuth2AuthenticationSuccessHandler(
 				BlueTokenService blueTokenService,
-				LemonProperties properties) {
+				AbstractMongoUserRepository<U, ID> userRepository,
+				LemonReactiveUserDetailsService<U, ID> userDetailsService,
+				LemonReactiveService<U, ID> lemonService,
+				PasswordEncoder passwordEncoder,
+				LemonProperties properties
+) {
 
 		log.info("Configuring ReactiveOAuth2AuthenticationSuccessHandler ...");
 
-		return new ReactiveOAuth2AuthenticationSuccessHandler(
+		return new ReactiveOAuth2AuthenticationSuccessHandler<U,ID>(
 				blueTokenService,
+				userRepository,
+				userDetailsService,
+				lemonService,
+				passwordEncoder,
 				properties);
 	}
 
@@ -62,7 +72,7 @@ ReactiveOAuth2AuthenticationSuccessHandler reactiveOAuth2AuthenticationSuccessHa
 		LemonReactiveSecurityConfig<U,ID> lemonReactiveSecurityConfig(
 				BlueTokenService blueTokenService,
 				LemonReactiveUserDetailsService<U, ID> userDetailsService,
-				ReactiveOAuth2AuthenticationSuccessHandler reactiveOAuth2AuthenticationSuccessHandler,
+				ReactiveOAuth2AuthenticationSuccessHandler<U,ID> reactiveOAuth2AuthenticationSuccessHandler,
 				LemonProperties properties) {
 
 		log.info("Configuring LemonReactiveSecurityConfig ...");

spring-lemon-reactive/src/main/java/com/naturalprogrammer/spring/lemonreactive/security/LemonReactiveSecurityConfig.java

@@ -5,12 +5,15 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler;
 
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
 import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
 import com.naturalprogrammer.spring.lemon.commons.security.UserDto;
+import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
 import com.naturalprogrammer.spring.lemon.commonsreactive.security.LemonCommonsReactiveSecurityConfig;
 import com.naturalprogrammer.spring.lemonreactive.domain.AbstractMongoUser;
 import com.naturalprogrammer.spring.lemonreactive.util.LerUtils;
@@ -24,11 +27,11 @@ public class LemonReactiveSecurityConfig<U extends AbstractMongoUser<ID>, ID ext
 
 	protected LemonReactiveUserDetailsService<U, ID> userDetailsService;
 	private LemonProperties properties;
-	private ReactiveOAuth2AuthenticationSuccessHandler reactiveOAuth2AuthenticationSuccessHandler;
+	private ReactiveOAuth2AuthenticationSuccessHandler<U,ID> reactiveOAuth2AuthenticationSuccessHandler;
 
 	public LemonReactiveSecurityConfig(BlueTokenService blueTokenService,
 			LemonReactiveUserDetailsService<U, ID> userDetailsService,
-			ReactiveOAuth2AuthenticationSuccessHandler reactiveOAuth2AuthenticationSuccessHandler,
+			ReactiveOAuth2AuthenticationSuccessHandler<U,ID> reactiveOAuth2AuthenticationSuccessHandler,
 			LemonProperties properties) {
 
 		super(blueTokenService);
@@ -68,7 +71,7 @@ protected void oauth2Login(ServerHttpSecurity http) {
 		http.oauth2Login()
 			.authorizedClientRepository(new ReactiveCookieServerOAuth2AuthorizedClientRepository(properties))
 			.authenticationSuccessHandler(reactiveOAuth2AuthenticationSuccessHandler)
-			.authenticationManager(authenticationManager);
+			.authenticationFailureHandler(this::onAuthenticationFailure);
 	}
 
 	@Override
@@ -84,4 +87,13 @@ protected Mono<UserDto> fetchUserDto(JWTClaimsSet claims) {
 			})
 			.map(AbstractMongoUser::toUserDto);
 	}
+	
+	protected Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
+		
+		ReactiveCookieServerOAuth2AuthorizedClientRepository.deleteCookies(webFilterExchange.getExchange(),
+				LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME,
+				LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+		
+		return Mono.error(exception);
+	}
 }

spring-lemon-reactive/src/main/java/com/naturalprogrammer/spring/lemonreactive/security/ReactiveCookieServerOAuth2AuthorizedClientRepository.java

@@ -15,15 +15,12 @@
 
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
 import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
-import com.naturalprogrammer.spring.lemonreactive.util.LerUtils;
+import com.naturalprogrammer.spring.lemon.commonsreactive.util.LecrUtils;
 
 import reactor.core.publisher.Mono;
 
 public class ReactiveCookieServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository {
 
-	public static final String AUTHORIZATION_REQUEST_COOKIE_NAME = "lemon_oauth2_authorization_request";
-	public static final String LEMON_REDIRECT_URI_COOKIE_PARAM_NAME = "lemon_redirect_uri";
-
 	private int cookieExpirySecs;
 
 	public ReactiveCookieServerOAuth2AuthorizedClientRepository(LemonProperties properties) {
@@ -35,7 +32,7 @@ public ReactiveCookieServerOAuth2AuthorizedClientRepository(LemonProperties prop
 	public Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String clientRegistrationId,
 			Authentication principal, ServerWebExchange exchange) {
 
-		return LerUtils.fetchCookie(exchange, AUTHORIZATION_REQUEST_COOKIE_NAME)
+		return LecrUtils.fetchCookie(exchange, LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME)
 				.map(this::deserialize)
 				.orElse(Mono.empty());
 	}
@@ -49,12 +46,12 @@ public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
 		Assert.notNull(exchange, "exchange cannot be null");
 		if (authorizedClient == null) {
 
-			deleteCookies(exchange, AUTHORIZATION_REQUEST_COOKIE_NAME, LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+			deleteCookies(exchange, LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME, LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
 			return Mono.empty();
 		}
 
 		ResponseCookie cookie = ResponseCookie
-				.from(AUTHORIZATION_REQUEST_COOKIE_NAME, LecUtils.serialize(authorizedClient))
+				.from(LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME, LecUtils.serialize(authorizedClient))
 				.path("/")
 				.httpOnly(true)
 				.maxAge(cookieExpirySecs)
@@ -63,12 +60,12 @@ public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
 		response.addCookie(cookie);
 
 		String lemonRedirectUri = exchange.getRequest()
-				.getQueryParams().getFirst(LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
+				.getQueryParams().getFirst(LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME);
 
 		if (StringUtils.isNotBlank(lemonRedirectUri)) {
 
 			cookie = ResponseCookie
-					.from(LEMON_REDIRECT_URI_COOKIE_PARAM_NAME, lemonRedirectUri)
+					.from(LecUtils.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME, lemonRedirectUri)
 					.path("/")
 					.httpOnly(true)
 					.maxAge(cookieExpirySecs)
@@ -84,11 +81,11 @@ public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
 	public Mono<Void> removeAuthorizedClient(String clientRegistrationId, Authentication principal,
 			ServerWebExchange exchange) {
 
-		deleteCookies(exchange, AUTHORIZATION_REQUEST_COOKIE_NAME);
+		deleteCookies(exchange, LecUtils.AUTHORIZATION_REQUEST_COOKIE_NAME);
 		return Mono.empty();
 	}
 
-	private void deleteCookies(ServerWebExchange exchange, String ...cookiesToDelete) {
+	public static void deleteCookies(ServerWebExchange exchange, String ...cookiesToDelete) {
 
 		MultiValueMap<String, HttpCookie> cookies = exchange.getRequest().getCookies();
 		MultiValueMap<String, ResponseCookie> responseCookies = exchange.getResponse().getCookies();