Made the mainController with OPenIDAUth

pom.xml

@@ -43,6 +43,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-webflux</artifactId>
@@ -98,6 +102,17 @@
             <artifactId>mockwebserver</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>2.3.5.RELEASE</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+            <scope>test</scope>
+        </dependency>
 
         <!-- Amazon S3 -->
         <dependency>

src/main/java/uk/ac/ebi/ega/data/edge/configuration/OAuth2ResourceConfig.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016 ELIXIR EGA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package uk.ac.ebi.ega.data.edge.configuration;
+
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
+
+@Configuration
+public class OAuth2ResourceConfig {
+
+    @Bean
+    public OpaqueTokenIntrospector tokenIntrospector(final @Value("${auth.server.url}") String checkTokenUrl,
+                                                     final @Value("${auth.server.clientId}") String clientId,
+                                                     final @Value("${auth.server.clientsecret}") String clientSecret) {
+        return new NimbusOpaqueTokenIntrospector(checkTokenUrl, clientId, clientSecret);
+    }
+}
+

src/main/java/uk/ac/ebi/ega/data/edge/configuration/SecurityConfiguration.java

@@ -0,0 +1,19 @@
+package uk.ac.ebi.ega.data.edge.configuration;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/version");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests().anyRequest().authenticated().and().oauth2ResourceServer().opaqueToken();
+    }
+}

src/main/java/uk/ac/ebi/ega/data/edge/rest/MainController.java

@@ -0,0 +1,23 @@
+package uk.ac.ebi.ega.data.edge.rest;
+
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+import reactor.core.publisher.Mono;
+
+@RestController
+@RequestMapping("/")
+public class MainController {
+    @RequestMapping("version")
+    @ResponseBody
+    public Mono<String> getVersion() {
+        return Mono.just("1.0.0");
+    }
+
+    @RequestMapping("secret")
+    @ResponseBody
+    public Mono<String> getSecret(BearerTokenAuthentication principal) {
+        return Mono.just("omgsosecret " + principal.getTokenAttributes().get("user_id"));
+    }
+}

src/main/resources/application.properties

@@ -16,4 +16,10 @@ [email protected]@
 # DATA API Stuff
 #####################################################################################
 [email protected]@
-[email protected]@
+[email protected]@
+#####################################################################################
+# OpenID connection details
+#####################################################################################
+auth.server.url=https://ega.ebi.ac.uk:8443/ega-openid-connect-server/introspect
+auth.server.clientId=
+auth.server.clientsecret=

src/test/java/uk/ac/ebi/ega/data/edge/rest/MainControllerTests.java

@@ -0,0 +1,73 @@
+package uk.ac.ebi.ega.data.edge.rest;
+
+import org.apache.http.HttpHeaders;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.List;
+
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWebTestClient(timeout = "10000")
+public class MainControllerTests {
+
+    @LocalServerPort
+    private int port;
+
+    @Autowired
+    private WebTestClient client;
+
+    @Test
+    public void canGetVersionWithoutAuthentication() throws URISyntaxException {
+        client.get().uri(new URI("http://localhost:" + port + "/version"))
+                .exchange()
+                .expectStatus().is2xxSuccessful()
+                .expectBody(String.class)
+                .isEqualTo("1.0.0");
+    }
+
+    @Test
+    public void cannotGetSecretWithoutAuthentication() throws URISyntaxException {
+        client.get().uri(new URI("http://localhost:" + port + "/secret"))
+                .exchange()
+                .expectStatus().isEqualTo(HttpStatus.UNAUTHORIZED);
+    }
+
+    @Test
+    public void canGetSecretWithTokenFromAuthServer() throws URISyntaxException {
+
+        ResourceOwnerPasswordResourceDetails details = new ResourceOwnerPasswordResourceDetails();
+        details.setUsername("[email protected]");
+        details.setPassword("egarocks");
+
+        // Totally stolen from pyega3
+        details.setClientId("");
+        details.setClientSecret("");
+
+        details.setGrantType("password");
+        details.setScope(List.of("openid"));
+        details.setAccessTokenUri("https://ega.ebi.ac.uk:8443/ega-openid-connect-server/token");
+
+        DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+        ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();
+        OAuth2AccessToken accessToken = provider.obtainAccessToken(details, clientContext.getAccessTokenRequest());
+
+        client.get().uri(new URI("http://localhost:" + port + "/secret"))
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken.getValue())
+                .exchange()
+                .expectStatus().is2xxSuccessful()
+                .expectBody(String.class)
+                .isEqualTo("omgsosecret [email protected]");
+    }
+}