Merge pull request okta#49 from okta/fix-default-401

bdemers · web-flow · commit 7a4ad4235af3 · 2019-06-12T17:45:27.000-04:00
Cleanup Resource Server example
diff --git a/custom-login/pom.xml b/custom-login/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.1.3.RELEASE</version>
+        <version>2.1.5.RELEASE</version>
     </parent>
 
     <groupId>com.example.okta</groupId>
@@ -41,7 +41,7 @@
         <dependency>
             <groupId>com.okta.spring</groupId>
             <artifactId>okta-spring-boot-starter</artifactId>
-            <version>1.2.0</version>
+            <version>1.2.1</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
diff --git a/okta-hosted-login/pom.xml b/okta-hosted-login/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.1.3.RELEASE</version>
+        <version>2.1.5.RELEASE</version>
     </parent>
 
     <groupId>com.example.okta</groupId>
@@ -27,7 +27,7 @@
         <dependency>
             <groupId>com.okta.spring</groupId>
             <artifactId>okta-spring-boot-starter</artifactId>
-            <version>1.2.0</version>
+            <version>1.2.1</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
diff --git a/resource-server/pom.xml b/resource-server/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.1.3.RELEASE</version>
+        <version>2.1.5.RELEASE</version>
     </parent>
 
     <groupId>com.example.okta</groupId>
@@ -27,7 +27,7 @@
         <dependency>
             <groupId>com.okta.spring</groupId>
             <artifactId>okta-spring-boot-starter</artifactId>
-            <version>1.2.0</version>
+            <version>1.2.1</version>
         </dependency>
 
         <!-- Other standard Spring starters -->
diff --git a/resource-server/src/main/java/com/okta/spring/example/ResourceServerExampleApplication.java b/resource-server/src/main/java/com/okta/spring/example/ResourceServerExampleApplication.java
@@ -1,24 +1,19 @@
 package com.okta.spring.example;
 
+import com.okta.spring.boot.oauth.Okta;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.Ordered;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
 
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -40,10 +35,17 @@ protected void configure(HttpSecurity http) throws Exception {
                 .anyRequest().authenticated()
             .and()
                 .oauth2ResourceServer().jwt();
+
+            // process CORS annotations
+            http.cors();
+
+            // force a non-empty response body for 401's to make the response more browser friendly
+            Okta.configureResourceServer401ResponseBody(http);
         }
     }
 
     @RestController
+    @CrossOrigin(origins = "http://localhost:8080")
     public class MessageOfTheDayController {
 
         @GetMapping("/api/userProfile")
@@ -66,24 +68,6 @@ public Map<String, Object> messages() {
         }
     }
 
-    /*
-     * Configuring CORS is only needed when making browser based requests (see the "front-end") example.
-     * The actual CORS configuration would be specific to your application.
-     */
-    @Bean
-    public FilterRegistrationBean<CorsFilter> simpleCorsFilter() {
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        CorsConfiguration config = new CorsConfiguration();
-        config.setAllowCredentials(true);
-        config.setAllowedOrigins(Arrays.asList("http://localhost:8080"));
-        config.setAllowedMethods(Collections.singletonList("*"));
-        config.setAllowedHeaders(Collections.singletonList("*"));
-        source.registerCorsConfiguration("/**", config);
-        FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
-        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
-        return bean;
-    }
-
     class Message {
         public Date date = new Date();
         public String text;
