JWT OAuth tokens

- update dependencies and configuration
- JWT token converter from catalog

pom.xml

@@ -74,6 +74,7 @@
 		<spring-data-jpa.version>1.11.13.RELEASE</spring-data-jpa.version>
 		<spring.security.version>4.1.5.RELEASE</spring.security.version>
 		<spring.security.oauth2.version>2.3.3.RELEASE</spring.security.oauth2.version>
+		<spring-security-jwt>1.0.8.RELEASE</spring-security-jwt>
 		<org.springframework.social-version>1.1.4.RELEASE</org.springframework.social-version>
 		<org.springframework.social-google-version>1.0.0.RELEASE</org.springframework.social-google-version>
 		<querydsl.version>4.1.4</querydsl.version>
@@ -294,6 +295,12 @@
 			<version>${spring-data-jpa.version}</version>
 		</dependency>
 
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-jwt</artifactId>
+			<version>${spring-security-jwt}</version>
+		</dependency>
+
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-test</artifactId>

src/main/java/org/genesys2/spring/config/OAuth2ServerConfig.java

@@ -41,13 +41,23 @@ import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.approval.ApprovalStore;
 import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
-import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.*;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+
+import java.util.Arrays;
 
 @Configuration
 public class OAuth2ServerConfig {
 	private static final String APPLICATION_RESOURCE_ID = "genesys";
 
+	@Value("${default.jwt.signingKey}")
+	private String jwtSigningKey;
+
+	@Autowired
+	@Qualifier("userService")
+	private UserDetailsService userDetailsService;
+
 	@Bean
 	public OAuthServiceImpl oauthService() {
 		return new OAuthServiceImpl();
@@ -59,13 +69,49 @@ public class OAuth2ServerConfig {
 		return new AppBlocksInitializer();
 	}
 
+	/**
+	 * Token store.
+	 *
+	 * @return the token store
+	 */
+	@Bean
+	public TokenStore tokenStore() {
+		return new JwtTokenStore(accessTokenConverter());
+	}
+
+	/**
+	 * Access token converter.
+	 *
+	 * @return the jwt access token converter
+	 */
+	@Bean
+	public JwtAccessTokenConverter accessTokenConverter() {
+		final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+		converter.setSigningKey(jwtSigningKey);
+
+		// This blob is required to convert from JWT token to proper Principal
+		final DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
+		userTokenConverter.setUserDetailsService(userDetailsService);
+
+		final DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
+		accessTokenConverter.setUserTokenConverter(userTokenConverter);
+
+		converter.setAccessTokenConverter(accessTokenConverter);
+		// Done blob
+
+		return converter;
+	}
+
 	@Configuration
 	@EnableResourceServer
-	protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
+	protected class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
 
 		@Override
 		public void configure(final ResourceServerSecurityConfigurer resources) {
-			resources.resourceId(APPLICATION_RESOURCE_ID).stateless(true);
+			final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
+			defaultTokenServices.setTokenStore(tokenStore());
+
+			resources.tokenServices(defaultTokenServices).resourceId(APPLICATION_RESOURCE_ID).stateless(true);
 		}
 
 		@Override
@@ -97,14 +143,7 @@ public class OAuth2ServerConfig {
 
 	@Configuration
 	@EnableAuthorizationServer
-	protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
-
-		@Autowired
-		private TokenStore tokenStore;
-
-		@Autowired
-		@Qualifier("userService")
-		private UserDetailsService userDetailsService;
+	protected class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
 
 		@Autowired
 		@Qualifier("authenticationManagerBean")
@@ -126,7 +165,7 @@ public class OAuth2ServerConfig {
 		@Bean
 		public ApprovalStore approvalStore() throws Exception {
 			final TokenApprovalStore store = new TokenApprovalStore();
-			store.setTokenStore(tokenStore);
+			store.setTokenStore(tokenStore());
 			return store;
 		}
 
@@ -139,7 +178,7 @@ public class OAuth2ServerConfig {
 		@Primary
 		public DefaultTokenServices tokenServices() {
 			final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
-			defaultTokenServices.setTokenStore(tokenStore);
+			defaultTokenServices.setTokenStore(tokenStore());
 			defaultTokenServices.setSupportRefreshToken(true);
 			defaultTokenServices.setAuthenticationManager(authenticationManager);
 			defaultTokenServices.setClientDetailsService(clientDetailsService);
@@ -156,7 +195,14 @@ public class OAuth2ServerConfig {
 
 		@Override
 		public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-			endpoints.userDetailsService(userDetailsService).tokenStore(tokenStore).authenticationManager(authenticationManager);
+			final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
+			tokenEnhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter()));
+
+			endpoints
+					.tokenStore(tokenStore())
+					.tokenEnhancer(tokenEnhancerChain)
+					.userDetailsService(userDetailsService)
+					.authenticationManager(authenticationManager);
 		}
 
 		@Override