feat: @ResourcesNonStateless, import a ResourceServerConfigurerAdapter test configuration, which set oauth2 resources to non stateless(token-based)

Author: nigel.zheng

README.md

@@ -23,6 +23,8 @@ _Note: Most code came from the open network. I refactor and enhanced the code, t
     - add `bearer` token to request header to extract a `PreAuthenticatedAuthenticationToken`,
     load existing OAuth2Authentication from SecurityContext
     - require `@MockTokenServices` on test class
+- `@ResourcesNonStateless`
+    - allow non token-based authentication to access oauth2 resources
 
 ## How to use
 
@@ -89,10 +91,8 @@ or
 - [Spring MVC Test Integration](https://docs.spring.io/spring-security/site/docs/current/reference/html/test-mockmvc.html)
 - [OAuth2 Autoconfig](https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/htmlsingle/)
 - [Retrieve User Information in Spring Security](https://www.baeldung.com/get-user-in-spring-security)
+- [Spring Security OAuth](https://projects.spring.io/spring-security-oauth/docs/Home.html)
 
 ## TODOs
 
-- For oauth2 request, add ability to set ResourceServerSecurityConfigurer.stateless to false, maybe add an 
-annotation like `@ResourceStateless(false)`
-
 - Add support for `RestTemplate`

build.gradle

@@ -17,7 +17,7 @@ apply plugin: 'java'
 apply plugin: "jacoco"
 
 group 'com.github.ahunigel'
-version '1.3-SNAPSHOT'
+version '1.4-SNAPSHOT'
 
 sourceCompatibility = 1.8
 

src/main/java/com/github/ahunigel/test/security/oauth2/ResourcesNonStateless.java

@@ -0,0 +1,34 @@
+package com.github.ahunigel.test.security.oauth2;
+
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Created by Nigel Zheng on 8/8/2018.
+ * <p>
+ * With this annotation, non-token-based authentication is allowed on these resources.
+ * Then an incoming cookie can populate the security context and
+ * allow access to a caller that isn't an OAuth2 client.
+ *
+ * @author nigel
+ */
+@Import({ResourcesNonStateless.NonStatelessResourceServerConfig.class})
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ResourcesNonStateless {
+  @TestConfiguration
+  class NonStatelessResourceServerConfig extends ResourceServerConfigurerAdapter {
+
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+      resources.stateless(false);
+    }
+  }
+}

src/main/java/com/github/ahunigel/test/security/oauth2/WithToken.java

@@ -7,7 +7,7 @@
 import java.lang.annotation.RetentionPolicy;
 
 /**
- * Created by Nigel Zheng on 2018/8/7.
+ * Created by Nigel Zheng on 8/7/2018.
  * <p>
  * Emulate an OAuth2 token request, would extract an {@link PreAuthenticatedAuthenticationToken}
  * <p>

src/main/java/com/github/ahunigel/test/security/oauth2/WithTokenTestExecutionListener.java

@@ -29,7 +29,7 @@
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.testSecurityContext;
 
 /**
- * Created by Nigel Zheng on 2018/8/6.
+ * Created by Nigel Zheng on 8/7/2018.
  * <p>
  * Add <code>Authorization</code> header to token request, extract an {@link PreAuthenticatedAuthenticationToken},
  * and then load an existing {@link OAuth2Authentication} from {@link SecurityContext}