Add Resource Server Sample

[ketola]

Add Resource Server Sample
Fixes #4

• I configured the resource server based on the instructions at https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2resourceserver
• The token validation obviously fails until the auth server is able to provide the token. And as an example, I left the issuer uri to point at https://accounts.google.com.
• I noticed there was a separate issue about configuring the gradle build, that's why I left the module as a standalone.

[pivotal-issuemaster]

@ketola Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-issuemaster]

@ketola Thank you for signing the Contributor License Agreement!

[anzap]

I see you added this under samples folder. Project does not seem to have gone the multimodule way as there is now a top-level src folder with a sample package. Not sure this should be cleaned up now or will be part of issue #10 .

[anzap]

Files in /bin should not be committed. PR #31 adds this folder to .gitignore.

[ketola]

That slipped in accidentally, it's now removed

[anzap]

Should we use JUnit4 or JUnit5 for testing?

[ketola]

I changed it to use junit 5 api, as that was also used in the parent

[ketola]

I see you added this under samples folder. Project does not seem to have gone the multimodule way as there is now a top-level src folder with a sample package. Not sure this should be cleaned up now or will be part of issue #10 .

I left the module as standalone on purpose as I saw that there was another issue for creating the gradle build.

[jgrandja]

Thanks for the PR @ketola. Please see my comments.

[jgrandja]

Please modify the build to follow the minimal sample, which uses the spring-build-conventions plugin (same as Spring Security).

The build file should be renamed to spring-authorization-server-samples-boot-oauth2resourceserver.gradle under the boot/oauth2resourceserver dir.

[ketola]

Done.

[jgrandja]

Can we rename this to something more meaningful? Maybe ResourceController and resource()?

[ketola]

Done.

[jgrandja]

Let's use the jwk-set-uri property configured with https://localhost:8090/oauth2/keys.

For the tests, you could either mock the jwkSet endpoint using MockWebServer or mock() the JwtDecoder @Bean. Take a look at OAuth2ResourceServerConfigurerTests for examples.

[ketola]

With this one, I will need some more time as I have not used the MockWebServer before, I'll do some research, check the example and try to finish this later today.

[ketola]

Ok, I checked out the sample from OAuth2ResourceServerConfigurerTests with the MockWebServer, but It started to feel like a lot's work to get the token validation mocked that way. Instead, I decided to mock the JwtDecoder. Let me know what you think.

[ketola]

@jgrandja, I noticed you labeled this as 'duplicate', where has this work been duplicated?

[jgrandja]

@ketola We mark PR's as duplicate if there is an associated issue, which there is in this case. However, we typically mark it when we merge. I'll remove the label until we merge to avoid confusion.

[jgrandja]

Thanks for the updates @ketola. This is now in master.