From 12726e33931d292d7df28023acd0b9c623e5ec2b Mon Sep 17 00:00:00 2001
From: Matt Raible <matt.raible@okta.com>
Date: Mon, 20 Aug 2018 14:39:19 -0600
Subject: [PATCH] Use Spring Security 5.1.0.RC1 Resource Server instead of Okta

---
 server/pom.xml                                | 21 +++++++++++--
 .../okta/developer/demo/DemoApplication.java  |  4 +--
 .../developer/demo/SecurityConfiguration.java | 21 +++++++++++++
 server/src/main/resources/application.yml     | 30 +++++++++----------
 4 files changed, 57 insertions(+), 19 deletions(-)
 create mode 100644 server/src/main/java/com/okta/developer/demo/SecurityConfiguration.java

diff --git a/server/pom.xml b/server/pom.xml
index 4facb7a..8d36e4d 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -22,6 +22,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>1.8</java.version>
+        <spring-security.version>5.1.0.RC1</spring-security.version>
     </properties>
 
     <dependencies>
@@ -41,7 +42,7 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-		<dependency>
+		<!--<dependency>
 			<groupId>com.okta.spring</groupId>
 			<artifactId>okta-spring-boot-starter</artifactId>
 			<version>0.6.0</version>
@@ -50,7 +51,23 @@
 			<groupId>org.springframework.security.oauth.boot</groupId>
 			<artifactId>spring-security-oauth2-autoconfigure</artifactId>
 			<version>2.0.3.RELEASE</version>
-		</dependency>
+		</dependency>-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
diff --git a/server/src/main/java/com/okta/developer/demo/DemoApplication.java b/server/src/main/java/com/okta/developer/demo/DemoApplication.java
index 97fae3e..f503582 100644
--- a/server/src/main/java/com/okta/developer/demo/DemoApplication.java
+++ b/server/src/main/java/com/okta/developer/demo/DemoApplication.java
@@ -6,7 +6,7 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.core.Ordered;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
@@ -15,7 +15,7 @@
 import java.util.stream.Stream;
 
 @SpringBootApplication
-@EnableResourceServer
+//@EnableResourceServer
 public class DemoApplication {
 
 	public static void main(String[] args) {
diff --git a/server/src/main/java/com/okta/developer/demo/SecurityConfiguration.java b/server/src/main/java/com/okta/developer/demo/SecurityConfiguration.java
new file mode 100644
index 0000000..ed39637
--- /dev/null
+++ b/server/src/main/java/com/okta/developer/demo/SecurityConfiguration.java
@@ -0,0 +1,21 @@
+package com.okta.developer.demo;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+   @Override
+   protected void configure(HttpSecurity http) throws Exception {
+      // @formatter:off
+      http
+         .authorizeRequests()
+            .anyRequest().authenticated()
+            .and()
+         .oauth2()
+            .resourceServer();
+      // @formatter:on
+   }
+}
\ No newline at end of file
diff --git a/server/src/main/resources/application.yml b/server/src/main/resources/application.yml
index 3d0c749..fc62768 100644
--- a/server/src/main/resources/application.yml
+++ b/server/src/main/resources/application.yml
@@ -1,16 +1,16 @@
-okta:
-  oauth2:
-    client-id: 0oafzcx9d0qPKb0Ni0h7
-    issuer: https://dev-737523.oktapreview.com/oauth2/default
+#okta:
+#  oauth2:
+#    client-id: 0oafzcx9d0qPKb0Ni0h7
+#    issuer: https://dev-737523.oktapreview.com/oauth2/default
 
-#spring:
-#  security:
-#    oauth2:
-#      client:
-#        registration:
-#          okta:
-#            client-id: 0oafzcx9d0qPKb0Ni0h7
-#            scope: openid email profile
-#        provider:
-#          okta:
-#            issuer-uri: https://dev-737523.oktapreview.com/oauth2/default
\ No newline at end of file
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          okta:
+            client-id: 0oafzcx9d0qPKb0Ni0h7
+            scope: openid email profile
+        provider:
+          okta:
+            issuer-uri: https://dev-737523.oktapreview.com/oauth2/default
\ No newline at end of file