Configure Okta and try to configure CORS

Author: Matt Raible

spring-cloud-gateway/api-gateway/pom.xml

@@ -15,7 +15,7 @@
 	<description>Demo project for Spring Boot</description>
 
 	<properties>
-		<java.version>1.8</java.version>
+		<java.version>11</java.version>
 		<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
 	</properties>
 
@@ -44,7 +44,15 @@
 			<groupId>org.springframework.cloud</groupId>
 			<artifactId>spring-cloud-starter-openfeign</artifactId>
 		</dependency>
-
+		<dependency>
+			<groupId>com.okta.spring</groupId>
+			<artifactId>okta-spring-boot-starter</artifactId>
+			<version>1.2.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-security</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
@@ -75,6 +83,7 @@
 	</dependencyManagement>
 
 	<build>
+        <defaultGoal>spring-boot:run</defaultGoal>
 		<plugins>
 			<plugin>
 				<groupId>org.springframework.boot</groupId>

spring-cloud-gateway/api-gateway/src/main/java/com/example/apigateway/ApiGatewayApplication.java

@@ -2,12 +2,24 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.gateway.route.RouteLocator;
+import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
+import org.springframework.cloud.security.oauth2.gateway.TokenRelayGatewayFilterFactory;
+import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class ApiGatewayApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(ApiGatewayApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(ApiGatewayApplication.class, args);
+    }
 
+    @Bean
+    public RouteLocator customRouteLocator(RouteLocatorBuilder builder, TokenRelayGatewayFilterFactory filterFactory) {
+        return builder.routes()
+                .route("car-service", r -> r.path("/cars")
+                        .filters(f -> f.filter(filterFactory.apply()))
+                        .uri("lb://car-service/cars"))
+                .build();
+    }
 }

spring-cloud-gateway/api-gateway/src/main/java/com/example/apigateway/CorsConfiguration.java

@@ -0,0 +1,20 @@
+package com.example.apigateway;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.reactive.config.CorsRegistry;
+import org.springframework.web.reactive.config.EnableWebFlux;
+import org.springframework.web.reactive.config.WebFluxConfigurer;
+
+@Configuration
+@EnableWebFlux
+public class CorsConfiguration implements WebFluxConfigurer {
+
+    @Override
+    public void addCorsMappings(CorsRegistry corsRegistry) {
+        corsRegistry.addMapping("/**")
+                .allowCredentials(true)
+                .allowedOrigins("*")
+                .allowedMethods("*")
+                .maxAge(3600);
+    }
+}

spring-cloud-gateway/api-gateway/src/main/java/com/example/apigateway/SecurityConfiguration.java

@@ -0,0 +1,27 @@
+package com.example.apigateway;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+@EnableWebFluxSecurity
+@EnableReactiveMethodSecurity
+public class SecurityConfiguration {
+
+    @Bean
+    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
+        // @formatter:off
+        http
+            .authorizeExchange()
+                .anyExchange().authenticated()
+                .and()
+            .oauth2Login()
+                .and()
+            .oauth2ResourceServer()
+                .jwt();
+        return http.build();
+        // @formatter:on
+    }
+}

spring-cloud-gateway/api-gateway/src/main/resources/application.properties

@@ -1 +1,7 @@
+spring.application.name=gateway
+okta.oauth2.issuer=https://dev-133320.okta.com/oauth2/default
+okta.oauth2.client-id=0oazig0adjD1PgAjO356
+okta.oauth2.client-secret=iNxF-y6iJACN2eeY8MO-bJ7IdhcSEjt1YXrrNfc0
 
+logging.level.root=WARN
+logging.level.org.springframework=INFO

spring-cloud-gateway/api-gateway/src/test/java/com/example/apigateway/ApiGatewayApplicationTests.java

@@ -2,15 +2,25 @@
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.reactive.server.WebTestClient;
 
 @RunWith(SpringRunner.class)
-@SpringBootTest
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 public class ApiGatewayApplicationTests {
 
+	@Autowired
+	WebTestClient webTestClient;
+
 	@Test
-	public void contextLoads() {
-	}
+	public void testCorsConfiguration() {
+		WebTestClient.ResponseSpec response = webTestClient.put()
+				.uri("/")
+				.header("Origin", "http://example.com")
+				.exchange();
 
+		response.expectHeader().valueEquals("Access-Control-Allow-Origin", "*");
+	}
 }

spring-cloud-gateway/api-gateway/src/test/resources/logback.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <include resource="org/springframework/boot/logging/logback/base.xml" />
+    <logger name="org.springframework" level="INFO"/>
+</configuration>