Multi-tenancy Sample AuthenticationManagers

Fixes gh-7272

Author: jzheaux

samples/boot/oauth2resourceserver-multitenancy/README.adoc

@@ -128,33 +128,20 @@ _In order to use this sample, your Authorization Server must support JWTs that e
 To change the sample to point at your Authorization Server, simply find these properties in the `application.yml`:
 
 ```yaml
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-        opaque:
-          introspection-uri: ${mockwebserver.url}/introspect
-          introspection-client-id: client
-          introspection-client-secret: secret
-
+tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret
 ```
 
 And change the properties to your Authorization Server's JWK set endpoint and
 introspection endpoint, including its client id and secret
 
 ```yaml
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
-        opaque:
-          introspection-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/introspect
-          introspection-client-id: client
-          introspection-client-secret: secret
+tenantOne.jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
+tenantTwo.introspection-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret
 ```
 
 And then you can run the app the same as before:

samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -40,12 +40,18 @@
 @EnableWebSecurity
 public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
-	@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
+	@Value("${tenantOne.jwk-set-uri}")
 	String jwkSetUri;
 
-	@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
+	@Value("${tenantTwo.introspection-uri}")
 	String introspectionUri;
 
+	@Value("${tenantTwo.introspection-client-id}")
+	String introspectionClientId;
+
+	@Value("${tenantTwo.introspection-client-secret}")
+	String introspectionClientSecret;
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
@@ -83,7 +89,8 @@ AuthenticationManager jwt() {
 
 	AuthenticationManager opaque() {
 		OpaqueTokenIntrospector introspectionClient =
-				new NimbusOpaqueTokenIntrospector(this.introspectionUri, "client", "secret");
+				new NimbusOpaqueTokenIntrospector(this.introspectionUri,
+						this.introspectionClientId, this.introspectionClientSecret);
 		return new OAuth2IntrospectionAuthenticationProvider(introspectionClient)::authenticate;
 	}
 }

samples/boot/oauth2resourceserver-multitenancy/src/main/resources/application.yml

@@ -1,8 +1,4 @@
-spring:
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
-        opaque:
-          introspection-uri: ${mockwebserver.url}/introspect
+tenantOne.jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
+tenantTwo.introspection-uri: ${mockwebserver.url}/introspect
+tenantTwo.introspection-client-id: client
+tenantTwo.introspection-client-secret: secret