improve OIDC generated code

Signed-off-by: tvallin <[email protected]>

archetypes/helidon/src/main/archetype/mp/custom/files/application.oidc.yaml

@@ -1,15 +1,16 @@
     - oidc:
-        client-id: "client-id-of-this-service"
-        # See [EncryptionFilter](https://helidon.io/docs/latest/apidocs/io.helidon.config.encryption/io/helidon/config/encryption/EncryptionFilter.html) for details about encrypting passwords in configuration files.
-        client-secret: "client-secret-of-this-service"
-        identity-uri: "http://your-tenant.identity-server.com"
-        frontend-uri: "http://my-service:8080"
-        audience: "http://my-service"
-        cors:
-          allow-origins: ["http://foo.com", "http://there.com"]
-          allow-methods: ["PUT", "DELETE"]
-        outbound:
-          - name: "internal-services"
-            hosts: ["*.example.org"]
-            outbound-token:
-              header: "X-Internal-Auth"
+        # use a custom name, so it does not clash with other examples
+        cookie-name: "OIDC_EXAMPLE_COOKIE"
+        # support for "Authorization" header with bearer token
+        header-use: true
+        # the default redirect-uri, where the webserver listens on redirects from identity server
+        redirect-uri: "/oidc/redirect"
+        issuer: "https://tenant.some-server.com/oauth2/default"
+        audience: "configured audience"
+        client-id: "some client id"
+        client-secret: "some client secret"
+        identity-uri: "https://tenant.some-server.com/oauth2/default"
+        frontend-uri: "http://localhost:7987"
+        server-type: "@default"
+        # We want to redirect to login page (and token can be received either through cookie or header)
+        redirect: true

archetypes/helidon/src/main/archetype/mp/custom/files/src/main/java/__pkg__/OidcResource.java.mustache

@@ -0,0 +1,27 @@
+package {{package}};
+
+import io.helidon.security.SecurityContext;
+import io.helidon.security.annotations.Authenticated;
+
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+
+/**
+ * A simple JAX-RS resource with a single GET method.
+ */
+@Path("/test")
+public class OidcResource {
+
+    /**
+     * Hello world using security context.
+     * @param securityContext context as established during login
+     * @return a string with current username
+     */
+    @Authenticated
+    @GET
+    public String getIt(@Context SecurityContext securityContext) {
+        return "Hello " + securityContext.userName();
+    }
+
+}

archetypes/helidon/src/main/archetype/mp/custom/security-outputs.xml

@@ -22,6 +22,12 @@
     <methods>
         <method name="security-oidc">
             <output if="${security.atn} contains ['oidc']">
+                <templates engine="mustache" transformations="mustache,packaged">
+                    <directory>files</directory>
+                    <includes>
+                        <include>**/OidcResource.java.mustache</include>
+                    </includes>
+                </templates>
                 <model>
                     <list key="dependencies">
                         <map>
@@ -32,6 +38,20 @@
                     <list key="providers-config-entries">
                         <value file="files/application.oidc.yaml"/>
                     </list>
+                    <list key="module-requires">
+                        <value>io.helidon.security</value>
+                        <value>io.helidon.security.annotations</value>
+                    </list>
+                    <list key="readme-sections">
+                        <value><![CDATA[
+## Security integration with OIDC
+
+This example demonstrates integration with OIDC (Open ID Connect) providers.
+
+To configure it, you need to replace the default values from configuration
+to your tenant and application configuration.
+]]></value>
+                    </list>
                 </model>
             </output>
         </method>