[spring-security] Introduces spring-xsuaa compatibility module with X…

…suaaTokenComp (SAP#847)

Introduces a compatibility module that provides with ``XsuaaTokenComp`` class an option to decorate the token issued by xsuaa.
```xml
<dependency>
    <groupId>com.sap.cloud.security.xsuaa</groupId>
    <artifactId>spring-security-compatibility</artifactId>
    <version>2.11.15</version>
</dependency>
```

java-api/src/main/java/com/sap/cloud/security/token/AccessToken.java

@@ -84,6 +84,7 @@ default String getSubaccountId() {
 	 *         attribute does not exist.
 	 **/
 	@Nullable
+	@Override
 	default String getAttributeFromClaimAsString(String claimName, String attributeName) {
 		return Optional.ofNullable(getClaimAsJsonObject(claimName))
 				.map(claim -> claim.getAsString(attributeName))

pom.xml

@@ -95,6 +95,7 @@
 		<module>token-client</module>
 		<module>java-security</module>
 		<module>spring-security</module>
+		<module>spring-security-compatibility</module>
 		<module>spring-security-starter</module>
 		<module>java-security-test</module>
 		<module>spring-xsuaa</module>

samples/spring-security-hybrid-usage/pom.xml

@@ -47,6 +47,11 @@
 			<artifactId>resourceserver-security-spring-boot-starter</artifactId>
 			<version>${sap.cloud.security.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>com.sap.cloud.security.xsuaa</groupId>
+			<artifactId>spring-security-compatibility</artifactId>
+			<version>${sap.cloud.security.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
 			<artifactId>httpclient</artifactId>

samples/spring-security-hybrid-usage/src/main/java/sample/spring/security/SecurityConfiguration.java

@@ -46,6 +46,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .and()
                     .authorizeRequests()
                     .antMatchers("/sayHello").hasAuthority("Read")
+                    .antMatchers("/comp/sayHello").hasAuthority("Read")
                     .antMatchers("/*").authenticated()
                     .anyRequest().denyAll()
                 .and()

samples/spring-security-hybrid-usage/src/main/java/sample/spring/security/TestController.java

@@ -8,16 +8,19 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import com.sap.cloud.security.comp.XsuaaTokenComp;
 import com.sap.cloud.security.token.AccessToken;
 import com.sap.cloud.security.token.Token;
 import com.sap.cloud.security.token.TokenClaims;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ResponseStatusException;
 
 import static com.sap.cloud.security.config.Service.XSUAA;
 
@@ -67,6 +70,29 @@ public Map<String, String> sayHello(@AuthenticationPrincipal Token token) {
         return result;
     }
 
+    @GetMapping("/comp/sayHello")
+    public Map<String, String> sayHello_compatibility(@AuthenticationPrincipal Token token) {
+        logger.debug("Got the token: {}", token);
+        com.sap.cloud.security.xsuaa.token.Token compToken; // to analyze deprecated methods: XsuaaTokenComp compToken;
+        try {
+            compToken = XsuaaTokenComp.createInstance(token);
+        } catch (IllegalArgumentException e) {
+            throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, e.getMessage());
+        }
+        Map<String, String> result = new HashMap<>();
+        result.put("grant type", compToken.getGrantType());
+        result.put("client id", compToken.getClientId());
+        result.put("subaccount id", compToken.getSubaccountId());
+        result.put("zone id", compToken.getZoneId());
+        result.put("logon name", compToken.getLogonName());
+        result.put("family name", compToken.getFamilyName());
+        result.put("given name", compToken.getGivenName());
+        result.put("email", compToken.getEmail());
+        result.put("scopes", String.valueOf(compToken.getScopes()));
+
+        return result;
+    }
+
     /**
      * An endpoint showing how to use Spring method security. Only if the request principal has the given scope will the
      * method be called. Otherwise a 403 error will be returned.

samples/spring-security-hybrid-usage/src/test/java/sample/spring/security/junitjupiter/TestControllerIasTest.java

@@ -51,6 +51,12 @@ void sayHello() throws Exception {
 		assertTrue(response.contains("the-zone-id"));
 	}
 
+	@Test
+	void sayHello_compatibility() throws Exception {
+		mvc.perform(get("/comp/sayHello").with(bearerToken(jwt)))
+				.andExpect(status().is5xxServerError());
+	}
+
 	@Test
 	void readData_OK() throws Exception {
 		String response = mvc

samples/spring-security-hybrid-usage/src/test/java/sample/spring/security/junitjupiter/TestControllerXsuaaTest.java

@@ -50,6 +50,16 @@ void sayHello() throws Exception {
 		assertTrue(response.contains("xsapp!t0815.Read"));
 	}
 
+	@Test
+	void sayHello_compatibility() throws Exception {
+		String response = mvc.perform(get("/comp/sayHello").with(bearerToken(jwt)))
+				.andExpect(status().isOk())
+				.andReturn().getResponse().getContentAsString();
+
+		assertTrue(response.contains("sb-clientId!t0815"));
+		assertTrue(response.contains("xsapp!t0815.Read"));
+	}
+
 	@Test
 	void readData_OK() throws Exception {
 		String response = mvc

spring-security-compatibility/pom.xml

@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- SPDX-FileCopyrightText: 2018-2021 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors -->
+<!-- SPDX-License-Identifier: Apache-2.0 -->
+<project
+        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+        xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.sap.cloud.security.xsuaa</groupId>
+        <artifactId>parent</artifactId>
+        <version>2.11.15</version>
+    </parent>
+
+    <groupId>com.sap.cloud.security.xsuaa</groupId>
+    <artifactId>spring-security-compatibility</artifactId>
+    <name>spring-security-compatibility</name>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.sap.cloud.security.xsuaa</groupId>
+            <artifactId>spring-xsuaa</artifactId>
+            <version>${project.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.sap.cloud.security</groupId>
+                    <artifactId>java-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.sap.cloud.security</groupId>
+            <artifactId>java-api</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- test utilities -->
+        <dependency>
+            <groupId>com.sap.cloud.security</groupId>
+            <artifactId>java-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>${maven.source.plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <reuseForks>false</reuseForks>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>