Merge pull request #135 from SAP/2.0

Version 2.0

api/pom.xml

@@ -4,12 +4,12 @@
 
 	<groupId>com.sap.cloud.security.xsuaa</groupId>
 	<artifactId>api</artifactId>
-	<version>1.7.0</version>
+	<version>2.0.0</version>
 
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>1.7.0</version>
+		<version>2.0.0</version>
 	</parent>
 
 	<packaging>jar</packaging>

pom.xml

@@ -5,7 +5,7 @@
 
 	<groupId>com.sap.cloud.security.xsuaa</groupId>
 	<artifactId>parent</artifactId>
-	<version>1.7.0</version>
+	<version>2.0.0</version>
 	<packaging>pom</packaging>
 
 	<name>parent</name>

samples/sap-java-buildpack-api-usage/manifest.yml

@@ -12,13 +12,15 @@ applications:
 
   host: 
   path: target/sap-java-buildpack-api-usage.war
-  buildpack: sap_java_buildpack
+  buildpacks:
+    - sap_java_buildpack
   services:
     - xsuaa-buildpack
 # Application Router as web server
 - name: approuter-sap-java-buildpack-api-usage
   path: approuter
-  buildpack: nodejs_buildpack
+  buildpacks:
+    - nodejs_buildpack
   memory: 128M
   routes:
     - route: approuter-sap-java-buildpack-api-usage-((ID)).((LANDSCAPE_APPS_DOMAIN))

samples/sap-java-buildpack-api-usage/pom.xml

@@ -21,7 +21,7 @@
 		<dependency>
 			<groupId>com.sap.cloud.security.xsuaa</groupId>
 			<artifactId>api</artifactId>
-			<version>1.7.0</version>
+			<version>2.0.0</version>
 			<scope>provided</scope>
 		</dependency>
 		<!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->

samples/spring-security-basic-auth/pom.xml

@@ -11,7 +11,7 @@
 	</parent>
 
 	<artifactId>spring-security-basic-auth</artifactId>
-	<version>1.7.0</version>
+	<version>2.0.0</version>
 	<name>spring-security-basic-auth</name>
 
 	<properties>

samples/spring-security-basic-auth/src/main/java/sample/spring/xsuaa/TestController.java

@@ -29,7 +29,7 @@ public class TestController {
 
 	@GetMapping("/hello-token")
 	public Map<String, String> message(@AuthenticationPrincipal Token token) {
-		Map<String, String> result = new HashMap<>();
+		Map<String, String> result = new HashMap();
 		result.put("grant type", token.getGrantType());
 		result.put("client id", token.getClientId());
 		result.put("subaccount id", token.getSubaccountId());

samples/spring-security-xsuaa-usage/manifest.yml

@@ -16,7 +16,8 @@ applications:
 # Application Router as web server
 - name: approuter-spring-security-xsuaa-usage
   path: approuter
-  buildpack: nodejs_buildpack
+  buildpacks:
+    - nodejs_buildpack
   memory: 128M
   routes:
     - route: spring-security-xsuaa-usage-web-((ID)).((LANDSCAPE_APPS_DOMAIN))

samples/spring-security-xsuaa-usage/pom.xml

@@ -14,7 +14,7 @@
 
 	<groupId>com.sap.cloud.security.samples</groupId>
 	<artifactId>spring-security-xsuaa-usage</artifactId>
-	<version>1.3.0</version>
+	<version>2.0.0</version>
 	<name>spring-security-xsuaa-usage</name>
 
 	<properties>
@@ -37,7 +37,7 @@
         <dependency>
             <groupId>com.sap.cloud.security.xsuaa</groupId>
             <artifactId>xsuaa-spring-boot-starter</artifactId>
-            <version>1.7.0</version>
+            <version>2.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

samples/spring-security-xsuaa-usage/src/main/java/sample/spring/xsuaa/TestController.java

@@ -126,7 +126,7 @@ public String requestClientCredentialsToken() throws TokenFlowException {
         OAuth2TokenResponse clientCredentialsTokenResponse = tokenFlows.clientCredentialsTokenFlow().execute();
         logger.info("Got the Client Credentials Token: {}", clientCredentialsTokenResponse.getAccessToken());
 
-        return "The client-credentials token (encoded) can be found in the logs 'cf logs spring-security-xsuaa-usage --recent'";
+        return clientCredentialsTokenResponse.getDecodedAccessToken().getPayload();
     }
 
     /**
@@ -156,7 +156,9 @@ public String requestUserToken(@AuthenticationPrincipal Jwt jwt) throws TokenFlo
         logger.info("Got the exchanged token for 3rd party service: {}", userTokenResponse);
         logger.info("You can now call the 3rd party service passing the exchanged token value: {}. ", userTokenResponse);
 
-        return "The refresh-token: " + userTokenResponse.getRefreshToken() + ". The access-token (encoded) can be found in the logs 'cf logs spring-security-xsuaa-usage --recent'";
+        return "<p>The access-token (decoded):</p><p>" + userTokenResponse.getDecodedAccessToken().getPayload()
+                + "</p><p>The refresh-token: </p><p>" + userTokenResponse.getRefreshToken()
+                + "</p><p>The access-token (encoded) can be found in the logs 'cf logs spring-security-xsuaa-usage --recent'</p>";
     }
 
     /**
@@ -176,7 +178,7 @@ public String requestRefreshToken(@AuthenticationPrincipal Jwt jwt, @PathVariabl
         logger.info("Got the access token for the refresh token: {}", refreshTokenResponse.getAccessToken());
         logger.info("You could now inject this into Spring's SecurityContext, using: SpringSecurityContext.init(...).");
 
-        return "The exchanged access token (encoded) can be found in the logs 'cf logs spring-security-xsuaa-usage --recent'";
+        return refreshTokenResponse.getDecodedAccessToken().getPayload();
     }
 
 }

samples/spring-webflux-security-xsuaa-usage/manifest.yml

@@ -10,6 +10,8 @@ applications:
     routes:
       - route: spring-webflux-security-xsuaa-usage-((ID)).((LANDSCAPE_APPS_DOMAIN))
     path: target/spring-webflux-security-xsuaa-usage.jar
+    env:
+      JBP_CONFIG_DEBUG: '{enabled: true}'
     services:
       - xsuaa-webflux
 

samples/spring-webflux-security-xsuaa-usage/pom.xml

@@ -12,7 +12,7 @@
 
     <groupId>com.sap.cloud.security.samples</groupId>
     <artifactId>spring-webflux-security-xsuaa-usage</artifactId>
-    <version>1.7.0</version>
+    <version>2.0.0</version>
     <name>spring-webflux-security-xsuaa-usage</name>
 
     <properties>

samples/spring-webflux-security-xsuaa-usage/src/main/java/sample/spring/webflux/xsuaa/TestController.java

@@ -1,5 +1,6 @@
 package sample.spring.webflux.xsuaa;
 
+import com.sap.cloud.security.xsuaa.jwt.Base64JwtDecoder;
 import com.sap.cloud.security.xsuaa.token.ReactiveSecurityContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -18,6 +19,6 @@ public Mono<ResponseEntity<String>> sayHello() {
 		return ReactiveSecurityContext.getToken()
 				.doOnError(throwable -> Mono.just(unAuthenticated))
 				.map(token -> ResponseEntity.ok().contentType(MediaType.TEXT_PLAIN)
-						.body("Authorities: " + token.getAuthorities()));
+						.body(new Base64JwtDecoder().decode(token.getAppToken()).getPayload()));
 	}
 }

samples/spring-webflux-security-xsuaa-usage/src/test/java/sample/spring/webflux/xsuaa/TestControllerTest.java

@@ -14,6 +14,7 @@
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.util.Assert;
 
+import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.startsWith;
 
 @RunWith(SpringRunner.class)
@@ -42,7 +43,7 @@ public void authorizedRequest() {
 
 		webClient.method(HttpMethod.GET).uri("/v1/sayHello").contentType(MediaType.APPLICATION_JSON_UTF8)
 				.header(HttpHeaders.AUTHORIZATION, jwtGenerator.getTokenForAuthorizationHeader()).exchange()
-				.expectStatus().is2xxSuccessful().expectBody(String.class).value(startsWith("Authorities:"));
+				.expectStatus().is2xxSuccessful().expectBody(String.class).value(containsString(",\"scope\":[\"xsapplication!t895.Read\"],"));
 	}
 
 	private String getGlobalScope(String localScope) {

spring-xsuaa-it/pom.xml

@@ -11,7 +11,7 @@
 	</parent>
 
 	<artifactId>spring-xsuaa-it</artifactId>
-	<version>1.7.0</version>
+	<version>2.0.0</version>
 	<name>spring-xsuaa-it</name>
 
 	<properties>

spring-xsuaa-it/src/main/java/com/sap/cloud/security/xsuaa/mock/MockPostProcessor.java

@@ -38,25 +38,21 @@ public MockResponse dispatch(RecordedRequest request) {
 			if ("/otherdomain/token_keys".equals(request.getPath())) {
 				return getResponseFromFile("/mock/otherdomain_token_keys.json", HttpStatus.OK);
 			}
-			if (request.getPath().equals("/oauth/token")) {
+			if (request.getPath().equals("/oauth/token") && "POST".equals(request.getMethod())) {
 				String body = request.getBody().readString(StandardCharsets.UTF_8);
-				if ("basic c2ItamF2YS1oZWxsby13b3JsZDpteXNlY3JldC1iYXNpYw=="
-						.equalsIgnoreCase(request.getHeader("authorization")) && "POST".equals(request.getMethod())
-						&& body.contains("username=basic.user") && body.contains("password=basic.password")) {
-
+				if (body.contains("grant_type=password") && body.contains("username=basic.user")
+						&& body.contains("password=basic.password")) {
 					try {
 						return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 								.setResponseCode(HttpStatus.OK.value())
-								.setBody(String.format("{\"access_token\": \"%s\"}",
+								.setBody(String.format("{\"expires_in\": 43199, \"access_token\": \"%s\"}",
 										JWTUtil.createJWT("/password.txt", "testdomain")));
 					} catch (Exception e) {
 						e.printStackTrace();
 						getResponse(RESPONSE_500, HttpStatus.INTERNAL_SERVER_ERROR);
 					}
 				}
-				if ("POST".equals(request.getMethod())
-						&& body.contains("grant_type=client_credentials")) {
-
+				if (body.contains("grant_type=client_credentials")) {
 					try {
 						return new MockResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
 								.setResponseCode(HttpStatus.OK.value()).setBody(String.format(

spring-xsuaa-it/src/main/java/testservice/api/basic/TestController.java

@@ -20,7 +20,6 @@
 import static org.hamcrest.core.IsCollectionContaining.hasItem;
 import static org.junit.Assert.assertThat;
 
-import java.net.URISyntaxException;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -33,11 +32,17 @@
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.RestTemplate;
 
 import com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration;
+import com.sap.cloud.security.xsuaa.client.ClientCredentials;
+import com.sap.cloud.security.xsuaa.client.OAuth2TokenResponse;
+import com.sap.cloud.security.xsuaa.client.XsuaaDefaultEndpoints;
+import com.sap.cloud.security.xsuaa.client.XsuaaOAuth2TokenService;
 import com.sap.cloud.security.xsuaa.token.Token;
-import com.sap.xs2.security.container.XSTokenRequestImpl;
-import com.sap.xsa.security.container.XSTokenRequest;
+import com.sap.cloud.security.xsuaa.tokenflows.ClientCredentialsTokenFlow;
+import com.sap.cloud.security.xsuaa.tokenflows.TokenFlowException;
+import com.sap.cloud.security.xsuaa.tokenflows.XsuaaTokenFlows;
 
 @RestController
 @Profile({ "test.api.basic" })
@@ -66,14 +71,17 @@ public void checkScope(@AuthenticationPrincipal Token token) {
 	}
 
 	@GetMapping("/requesttoken")
-	public String requestToken(@AuthenticationPrincipal Token token) throws URISyntaxException {
-		XSTokenRequestImpl tokenRequest = new XSTokenRequestImpl(serviceConfiguration.getUaaUrl());
-		tokenRequest.setClientId("c1").setClientSecret("s1").setType(XSTokenRequest.TYPE_CLIENT_CREDENTIALS_TOKEN);
+	public String requestToken(@AuthenticationPrincipal Token token) throws TokenFlowException {
 		Map<String, String> azMape = new HashMap();
 		azMape.put("a", "b");
 		azMape.put("c", "d");
-		tokenRequest.setAdditionalAuthorizationAttributes(azMape);
-		String newToken = token.requestToken(tokenRequest);
-		return newToken;
+
+		XsuaaTokenFlows tokenFlows = new XsuaaTokenFlows(new XsuaaOAuth2TokenService(new RestTemplate()),
+				new XsuaaDefaultEndpoints(serviceConfiguration.getUaaUrl()), new ClientCredentials("c1", "s1"));
+		ClientCredentialsTokenFlow ccTokenFlow = tokenFlows.clientCredentialsTokenFlow().attributes(azMape)
+				.subdomain(token.getSubdomain());
+
+		OAuth2TokenResponse newToken = ccTokenFlow.execute();
+		return newToken.getAccessToken();
 	}
 }

spring-xsuaa-it/src/main/java/testservice/api/nohttp/MyEventHandler.java

@@ -10,13 +10,11 @@
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.stereotype.Service;
 
 import com.sap.cloud.security.xsuaa.extractor.LocalAuthoritiesExtractor;
 import com.sap.cloud.security.xsuaa.token.SpringSecurityContext;
-import com.sap.xs2.security.container.SecurityContext;
 
 @Service
 @Profile({ "test.api.nohttp" })
@@ -29,19 +27,6 @@ public class MyEventHandler {
 	@Autowired
 	JwtDecoder jwtDecoder;
 
-	@Deprecated
-	public void onEvent_deprecated(String myEncodedJwtToken) {
-		if (myEncodedJwtToken != null) {
-			Jwt jwtToken = jwtDecoder.decode(myEncodedJwtToken);
-			SecurityContext.init(appId, jwtToken, true);
-		}
-		try {
-			handleEvent();
-		} finally {
-			SpringSecurityContext.clear();
-		}
-	}
-
 	public void onEvent(String myEncodedJwtToken) {
 		if (myEncodedJwtToken != null) {
 			SpringSecurityContext.init(myEncodedJwtToken, jwtDecoder, new LocalAuthoritiesExtractor(appId));

spring-xsuaa-it/src/main/java/testservice/api/v1/TestController.java

@@ -1,9 +1,10 @@
 package testservice.api.v1;
 
-import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.CoreMatchers.hasItem;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
 import static org.junit.Assert.assertThat;
 
-import java.net.URISyntaxException;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
@@ -28,8 +29,6 @@
 import com.sap.cloud.security.xsuaa.tokenflows.ClientCredentialsTokenFlow;
 import com.sap.cloud.security.xsuaa.tokenflows.TokenFlowException;
 import com.sap.cloud.security.xsuaa.tokenflows.XsuaaTokenFlows;
-import com.sap.xs2.security.container.XSTokenRequestImpl;
-import com.sap.xsa.security.container.XSTokenRequest;
 
 @RestController
 @Profile({ "test.api.v1" })
@@ -81,19 +80,6 @@ public void checkScope(@AuthenticationPrincipal Token token) {
 		assertThat(authorities, not(hasItem(new SimpleGrantedAuthority("Other"))));
 	}
 
-	@GetMapping("/requesttoken")
-	@Deprecated
-	public String requestToken(@AuthenticationPrincipal Token token) throws URISyntaxException {
-		XSTokenRequestImpl tokenRequest = new XSTokenRequestImpl(serviceConfiguration.getUaaUrl());
-		tokenRequest.setClientId("c1").setClientSecret("s1").setType(XSTokenRequest.TYPE_CLIENT_CREDENTIALS_TOKEN);
-		Map<String, String> azMape = new HashMap();
-		azMape.put("a", "b");
-		azMape.put("c", "d");
-		tokenRequest.setAdditionalAuthorizationAttributes(azMape);
-		String newToken = token.requestToken(tokenRequest);
-		return newToken;
-	}
-
 	@GetMapping("/clientCredentialsToken")
 	public String requestClientCredentialsToken(@AuthenticationPrincipal Token token) throws TokenFlowException {
 		Map<String, String> azMape = new HashMap();

spring-xsuaa-it/src/test/java/com/sap/cloud/security/xsuaa/extractor/BasicCredentialExtractorTest.java

@@ -21,6 +21,8 @@
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.support.AnnotationConfigContextLoader;
 
+import com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration;
+
 @RunWith(SpringRunner.class)
 @ContextConfiguration(loader = AnnotationConfigContextLoader.class, classes = { XsuaaServiceConfigurationDummy.class,
 		TokenBrokerTestConfiguration.class })
@@ -72,7 +74,7 @@ public void testClientCredentials() {
 				authenticationMethods(AuthenticationMethod.CLIENT_CREDENTIALS));
 		request.addHeader("Authorization",
 				"basic " + Base64.getEncoder().encodeToString("client1234:secret1234".getBytes()));
-		request.addHeader("X-Identity-Zone-Subdomain", "true");
+		request.addHeader("X-Identity-Zone-Subdomain", "x-idz-subdomain");
 		request.setScheme("http");
 		request.setServerName("t1.cloudfoundry");
 		String token = extractor.resolve(request);
@@ -134,7 +136,7 @@ public void testCombinedCredentials_shouldTakeBasicAsFallback() {
 		assertThat(token).isEqualTo("token_pwd");
 	}
 
-	private XsuaaServiceConfigurationDummy getXsuaaServiceConfiguration() {
+	private XsuaaServiceConfiguration getXsuaaServiceConfiguration() {
 		XsuaaServiceConfigurationDummy cfg = new XsuaaServiceConfigurationDummy();
 		cfg.appId = "a1!123";
 		cfg.clientId = "myclient!t1";

spring-xsuaa-it/src/test/java/com/sap/cloud/security/xsuaa/extractor/XsuaaServiceConfigurationDummy.java

@@ -25,11 +25,6 @@ public String getUaaUrl() {
 		return uaaUrl;
 	}
 
-	@Override
-	public String getTokenKeyUrl(String identityZoneId, String subdomain) {
-		return null;
-	}
-
 	@Override
 	public String getAppId() {
 		return appId;

spring-xsuaa-it/src/test/java/com/sap/cloud/security/xsuaa/token/authentication/XsuaaServiceConfigurationTest.java

@@ -30,11 +30,6 @@ public void testInjectedPropertyValue() {
 		Assert.assertEquals("https://auth.com", exampleBean.serviceConfiguration.getUaaUrl());
 		Assert.assertEquals("xs2.usertoken", exampleBean.serviceConfiguration.getClientId());
 		Assert.assertEquals("secret", exampleBean.serviceConfiguration.getClientSecret());
-		Assert.assertEquals("https://auth.com/token_keys",
-				exampleBean.serviceConfiguration.getTokenKeyUrl("uaa", null));
-		Assert.assertEquals("https://myhost.auth.com/token_keys",
-				exampleBean.serviceConfiguration.getTokenKeyUrl("zone", "myhost"));
-		Assert.assertEquals("java-hello-world", exampleBean.serviceConfiguration.getAppId());
 		Assert.assertEquals("auth.com", exampleBean.serviceConfiguration.getUaaDomain());
 	}