Skip to content

Commit

Permalink
Update for Spring Boot 3.x
Browse files Browse the repository at this point in the history
This pulls in the newly released spring-security-lti13.
  • Loading branch information
buckett committed Aug 23, 2024
1 parent a98e5df commit 63862de
Show file tree
Hide file tree
Showing 12 changed files with 101 additions and 32 deletions.
16 changes: 5 additions & 11 deletions .github/workflows/maven.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: Java CI with Maven
name: Build with Maven

on:
push:
Expand All @@ -11,16 +8,13 @@ on:

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: '11'
java-version-file: .java-version
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
run: mvn -B package
1 change: 1 addition & 0 deletions .java-version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
17
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ Go to you account and add a LTI Developer Key, fill in the following:

## Local Canvas Setup

Open the file `config/application.properties` and add these properties:
Open the file `config/application.properties` and add these properties or copy `config/application-example.properties`:

spring.security.oauth2.client.registration.canvas.client-id=1234
spring.security.oauth2.client.registration.canvas.client-secret=secret
Expand All @@ -55,7 +55,6 @@ Open the file `config/application.properties` and add these properties:
spring.security.oauth2.client.provider.canvas.user-name-attribute=sub

* replace the client-id value (1234) with the ID of the LTI Developer Key you have created.
* replace the client-secret value (secret) with the LTI Developer Key secret.
* you can update the URIs to point to the canvas instance you are using, but it works fine using the canvas.instructure.com

## LTI Reference Implementation Setup
Expand Down
18 changes: 18 additions & 0 deletions config/application-example.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Copy this file to `application.properties` and customise

# Set this to the client ID of the key
spring.security.oauth2.client.registration.canvas.client-id=
# This isn't used for the implicit OAuth grant so it's value doesn't matter
spring.security.oauth2.client.registration.canvas.client-secret=secret
# This must be implicit
spring.security.oauth2.client.registration.canvas.authorization-grant-type=implicit
# This must be openid
spring.security.oauth2.client.registration.canvas.scope=openid
# Unless you remap the login path this should be the same
spring.security.oauth2.client.registration.canvas.redirect-uri={baseUrl}/lti/login

# These are example values for a production Canvas instance.
spring.security.oauth2.client.provider.canvas.authorization-uri=https://canvas.instructure.com/api/lti/authorize_redirect
spring.security.oauth2.client.provider.canvas.token-uri=https://canvas.instructure.com/login/oauth2/token
spring.security.oauth2.client.provider.canvas.jwk-set-uri=https://canvas.instructure.com/api/lti/security/jwks
spring.security.oauth2.client.provider.canvas.user-name-attribute=sub
12 changes: 8 additions & 4 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,24 @@

<groupId>uk.ac.ox.ctl</groupId>
<artifactId>spring-security-lti13-demo</artifactId>
<version>1.0-SNAPSHOT</version>
<version>2.0-SNAPSHOT</version>

<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.4</version>
<version>3.2.5</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>

<properties>
<java.version>1.8</java.version>
<java.version>17</java.version>
</properties>

<dependencies>
<dependency>
<groupId>uk.ac.ox.ctl</groupId>
<artifactId>spring-security-lti13</artifactId>
<version>0.0.4</version>
<version>0.2.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand All @@ -41,6 +41,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mustache</artifactId>
</dependency>
</dependencies>

<build>
Expand Down
22 changes: 14 additions & 8 deletions src/main/java/uk/ac/ox/ctl/lti13/demo/WebSecurityConfig.java
Original file line number Diff line number Diff line change
@@ -1,23 +1,29 @@
package uk.ac.ox.ctl.lti13.demo;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import uk.ac.ox.ctl.lti13.Lti13Configurer;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public class WebSecurityConfig {

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/resources/**", "/favicon.ico", "/config.json", "/.well-known/jwks.json")
.permitAll()
;
@Bean
protected SecurityFilterChain configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(authorizeHttpRequestsCustomizer -> {
authorizeHttpRequestsCustomizer.requestMatchers(
"/", "/index.html", "/resources/**", "/favicon.ico",
"/config.json", "/.well-known/jwks.json", "/error").permitAll();
authorizeHttpRequestsCustomizer.anyRequest().authenticated();
});
Lti13Configurer lti13Configurer = new Lti13Configurer();
lti13Configurer.setSecurityContextRepository(new HttpSessionSecurityContextRepository());
http.apply(lti13Configurer);
return http.build();
}

}
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
package uk.ac.ox.ctl.lti13.demo.controller;

import com.nimbusds.jose.jwk.JWKSet;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import uk.ac.ox.ctl.lti13.demo.controller.lti13.*;

import javax.servlet.http.HttpServletRequest;
import java.util.*;

import static uk.ac.ox.ctl.lti13.demo.controller.lti13.Canvas13Extension.INSTRUCTURE;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package uk.ac.ox.ctl.lti13.demo.controller;

import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;

import java.util.HashMap;
import java.util.Map;

/**
* This is a simple controller to demonstrate how you can use data from the LTI launch.
*/
@Controller
public class DemoController {

@GetMapping("/demo")
public ModelAndView index(
@AuthenticationPrincipal(expression = "claims['sub']") String sub,
@AuthenticationPrincipal(expression = "claims['name']") String name
) {
Map<String, Object> model = new HashMap<>();
model.put("sub", sub);
model.put("name", name);
return new ModelAndView("demo", model);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;

import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import java.util.Collection;
import java.util.Map;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
package uk.ac.ox.ctl.lti13.demo.controller.lti13;

import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;

import java.util.Collection;
import java.util.Map;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
package uk.ac.ox.ctl.lti13.demo.utils;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.SessionConfig;
import org.apache.catalina.valves.ValveBase;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import java.io.IOException;
import java.util.Collection;

Expand Down
19 changes: 19 additions & 0 deletions src/main/resources/templates/demo.mustache
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
<!doctype html>
<html lang="en">
<head>
<title>Demo Application</title>
</head>
<body>
<h1>Demo</h1>
<p>
Hello {{name}} (sub:{{sub}})
</p>
<p>
This reloads the current document to check that HTTP sessions are correctly setup and the user remains
authenticated.<br>
<button onclick="location.reload()">
Check HTTP Session
</button>
</p>
</body>
</html>

0 comments on commit 63862de

Please sign in to comment.