Spring Boot and Ubisecure SSO integration with OpenID Connect

Introduction

This is a sample Spring Boot application to illustrate integration with OpenID Connect Auhthorization Code flow.

Configuration

An OpenID Connect Client needs to be configured with information about the OpenID Connect Provider and client credentials. This sample app puts these configuration items into application.yml file.

application.yml

This configuration supports default profile for local testing.

spring:
  config.activate.on-profile: default
  security.oauth2.client.provider.ubisecure:
    issuer-uri: https://login.example.ubidemo.com/uas
  security.oauth2.client.registration.ubisecure:
    clientId: 41081527-13dd-49c3-b8ae-9b1ff5db656b
    clientSecret: cCmm0k1soIRIv1K3kYxEisvMi1nrYO95
    scope: openid
server:
  port: 8080

Replace values for issuer-uri, clientId and clientSecret when integrating with an other OpenID Connect provider. Value of redirect_uri is defined by Spring Boot middleware

http://localhost/login/oauth2/code/ubisecure

Code review

This application is loosely based on the Spring Boot starter application. The files modified or created for this integration are

• Application.java
• HomeController.java
• home.html
• pom.xml

Application.java

The main Application class of a Spring Boot application. The base class SpringBootServletInitializer and override of configure are needed for deployment into Tomcat.

@SpringBootApplication
public class Application extends SpringBootServletInitializer {
	public static void main(String[] args) {
		SpringApplication.run(Application.class, args);
	}
	@Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
        return builder.sources(Application.class);
    }
}

HomeController.java

This app has a single controller bound to /. The purpose of @RolesAllowed is to make sure only authenticated users are allowed. OAuth2User represents the authenticated user and is passed as model attribute to home.html view.

@RolesAllowed("ROLE_USER")
@Controller
public class HomeController {
	@GetMapping("/")
	public String index(@AuthenticationPrincipal OAuth2User principal, Model model) {
		model.addAttribute("principal", principal);
		return "home";
	}
}

home.html

The home.html view creates a list with user claims.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
</head>
<body>
	<h1>Welcome</h1>
	<dl>
		<th:block th:each="i : ${principal.attributes}">
			<dt>
				<b th:text="${i.key}"></b>
			</dt>
			<dd>
				<i th:text="${i.value}"></i>
			</dd>
		</th:block>
	</dl>
</body>
</html>

pom.xml

This app is based on spring-boot-starter-parent and adds dependencies to spring-boot-starter-web, spring-boot-starter-thymeleaf and spring-boot-starter-oauth2-client.

The profile azure is used to override defaults and produces a war file for deployment into Tomcat when running as Azure Web App.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>3.4.1</version>
		<relativePath />
	</parent>
	<groupId>com.example</groupId>
	<artifactId>spring-boot-sample</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>${package}</packaging>

	<properties>
		<java.version>21</java.version>
		<exec.mainClass>com.example.springboot.Application</exec.mainClass>
		<package>jar</package>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-oauth2-client</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<scope>runtime</scope>
			<optional>true</optional>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>21</source>
					<target>21</target>
				</configuration>
			</plugin>
		</plugins>
	</build>

	<profiles>
		<profile>
			<id>azure</id>
			<properties>
				<package>war</package>
				<spring-boot.repackage.skip>true</spring-boot.repackage.skip>
			</properties>
			<build>
				<finalName>${project.artifactId}</finalName>
			</build>
			<dependencies>
				<dependency>
					<groupId>org.springframework.boot</groupId>
					<artifactId>spring-boot-starter-tomcat</artifactId>
					<scope>provided</scope>
				</dependency>
			</dependencies>
		</profile>
	</profiles>

</project>

Launching

Use your favorite IDE to launch this application on http://localhost:8080

This application is also deployed live as an Azure Web App at https://ubi-spring-boot-sample.azurewebsites.net

Command line

You first need to install Git tools, Java JDK and Apache Maven

The following will launch the application on http://localhost:8080

git clone https://github.com/psteniusubi/spring-boot-sample.git
cd spring-boot-sample
mvn exec:java