gitee
/
spring-oauth-server
mirror of https://gitee.com/shengzhao/spring-oauth-server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

升级spring security oauth2为 spring-security-oauth2-authorization-server

sas-2.1.1
shengzhaoli.shengz 2021-11-21 23:44:00 +08:00
parent 9e766e7250
commit 3ca53ad82b
23 changed files with 828 additions and 713 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -16,6 +16,7 @@ Base on Spring-Boot
<li>JDK (1.8.0_40)</li>
<li>Servlet (3.1.0)</li>
<li>Spring Boot(2.4.2)</li>
<li>spring-security-oauth2-authorization-server(0.2.0)</li>
</ol>
<h4>技术视频</h4>
<a href="http://list.youku.com/albumlist/show/id_51900110.html" target="_blank">http://list.youku.com/albumlist/show/id_51900110.html</a>
@ -172,6 +173,7 @@ Base on Spring-Boot
</p>
<ol>
<li><p>升级spring-boot v2.4.2,改变可直接运行 SpringOauthServerApplication.java</p></li>
<li><p>升级spring security oauth2为 spring-security-oauth2-authorization-server</p></li>
</ol>
<br/>
</li>

174
others/database/oauth.ddl
View File

@ -2,65 +2,123 @@
-- Oauth sql -- MYSQL
--
Drop table if exists oauth_client_details;
create table oauth_client_details (
client_id VARCHAR(255) PRIMARY KEY,
resource_ids VARCHAR(255),
client_secret VARCHAR(255),
scope VARCHAR(255),
authorized_grant_types VARCHAR(255),
web_server_redirect_uri VARCHAR(255),
authorities VARCHAR(255),
access_token_validity INTEGER,
refresh_token_validity INTEGER,
additional_information TEXT,
create_time timestamp default now(),
archived tinyint(1) default '0',
trusted tinyint(1) default '0',
autoapprove VARCHAR (255) default 'false'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- oauth2_registered_client v2.1.1
-- from oauth2-registered-client-schema.sql
CREATE TABLE oauth2_registered_client (
id varchar(100) NOT NULL,
client_id varchar(100) NOT NULL,
client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
client_secret varchar(200) DEFAULT NULL,
client_secret_expires_at timestamp DEFAULT NULL,
client_name varchar(200) NOT NULL,
client_authentication_methods varchar(1000) NOT NULL,
authorization_grant_types varchar(1000) NOT NULL,
redirect_uris varchar(1000) DEFAULT NULL,
scopes varchar(1000) NOT NULL,
client_settings varchar(2000) NOT NULL,
token_settings varchar(2000) NOT NULL,
PRIMARY KEY (id)
);
-- oauth2_authorization v2.1.1
-- from oauth2-authorization-schema.sql
CREATE TABLE oauth2_authorization (
id varchar(100) NOT NULL,
registered_client_id varchar(100) NOT NULL,
principal_name varchar(200) NOT NULL,
authorization_grant_type varchar(100) NOT NULL,
attributes varchar(4000) DEFAULT NULL,
state varchar(500) DEFAULT NULL,
authorization_code_value blob DEFAULT NULL,
authorization_code_issued_at timestamp DEFAULT NULL,
authorization_code_expires_at timestamp DEFAULT NULL,
authorization_code_metadata varchar(2000) DEFAULT NULL,
access_token_value blob DEFAULT NULL,
access_token_issued_at timestamp DEFAULT NULL,
access_token_expires_at timestamp DEFAULT NULL,
access_token_metadata varchar(2000) DEFAULT NULL,
access_token_type varchar(100) DEFAULT NULL,
access_token_scopes varchar(1000) DEFAULT NULL,
oidc_id_token_value blob DEFAULT NULL,
oidc_id_token_issued_at timestamp DEFAULT NULL,
oidc_id_token_expires_at timestamp DEFAULT NULL,
oidc_id_token_metadata varchar(2000) DEFAULT NULL,
refresh_token_value blob DEFAULT NULL,
refresh_token_issued_at timestamp DEFAULT NULL,
refresh_token_expires_at timestamp DEFAULT NULL,
refresh_token_metadata varchar(2000) DEFAULT NULL,
PRIMARY KEY (id)
);
-- oauth2_authorization_consent v2.1.1
-- from oauth2-authorization-consent-schema.sql
CREATE TABLE oauth2_authorization_consent (
registered_client_id varchar(100) NOT NULL,
principal_name varchar(200) NOT NULL,
authorities varchar(1000) NOT NULL,
PRIMARY KEY (registered_client_id, principal_name)
);
Drop table if exists oauth_access_token;
create table oauth_access_token (
create_time timestamp default now(),
token_id VARCHAR(255),
token BLOB,
authentication_id VARCHAR(255) UNIQUE,
user_name VARCHAR(255),
client_id VARCHAR(255),
authentication BLOB,
refresh_token VARCHAR(255)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Drop table if exists oauth_refresh_token;
create table oauth_refresh_token (
create_time timestamp default now(),
token_id VARCHAR(255),
token BLOB,
authentication BLOB
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Drop table if exists oauth_code;
create table oauth_code (
create_time timestamp default now(),
code VARCHAR(255),
authentication BLOB
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- Add indexes
create index token_id_index on oauth_access_token (token_id);
create index authentication_id_index on oauth_access_token (authentication_id);
create index user_name_index on oauth_access_token (user_name);
create index client_id_index on oauth_access_token (client_id);
create index refresh_token_index on oauth_access_token (refresh_token);
create index token_id_index on oauth_refresh_token (token_id);
create index code_index on oauth_code (code);
# Drop table if exists oauth_client_details;
# create table oauth_client_details (
# client_id VARCHAR(255) PRIMARY KEY,
# resource_ids VARCHAR(255),
# client_secret VARCHAR(255),
# scope VARCHAR(255),
# authorized_grant_types VARCHAR(255),
# web_server_redirect_uri VARCHAR(255),
# authorities VARCHAR(255),
# access_token_validity INTEGER,
# refresh_token_validity INTEGER,
# additional_information TEXT,
# create_time timestamp default now(),
# archived tinyint(1) default '0',
# trusted tinyint(1) default '0',
# autoapprove VARCHAR (255) default 'false'
# ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#
#
# Drop table if exists oauth_access_token;
# create table oauth_access_token (
# create_time timestamp default now(),
# token_id VARCHAR(255),
# token BLOB,
# authentication_id VARCHAR(255) UNIQUE,
# user_name VARCHAR(255),
# client_id VARCHAR(255),
# authentication BLOB,
# refresh_token VARCHAR(255)
# ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#
#
# Drop table if exists oauth_refresh_token;
# create table oauth_refresh_token (
# create_time timestamp default now(),
# token_id VARCHAR(255),
# token BLOB,
# authentication BLOB
# ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#
#
# Drop table if exists oauth_code;
# create table oauth_code (
# create_time timestamp default now(),
# code VARCHAR(255),
# authentication BLOB
# ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#
#
#
# -- Add indexes
# create index token_id_index on oauth_access_token (token_id);
# create index authentication_id_index on oauth_access_token (authentication_id);
# create index user_name_index on oauth_access_token (user_name);
# create index client_id_index on oauth_access_token (client_id);
# create index refresh_token_index on oauth_access_token (refresh_token);
#
# create index token_id_index on oauth_refresh_token (token_id);
#
# create index code_index on oauth_code (code);

7
others/reference-v2.1.1.md Normal file
View File

@ -0,0 +1,7 @@
## 参考文章
> 最后更新2021-11-21
- https://blog.csdn.net/qq_16063307/article/details/113972486
- https://mp.weixin.qq.com/s?__biz=MzAxODcyNjEzNQ==&mid=2247545942&idx=2&sn=5061bb4243a87e1aed45fa4850879953&chksm=9bd399ceaca410d8a297a83c3c6606ba9e427069f4d91193828e3bf364c62f45b0248606796f#rd

29
pom.xml
View File

@ -23,8 +23,8 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring.security.oauth.version>2.3.8.RELEASE</spring.security.oauth.version>
<spring.security.jwt.version>1.1.1.RELEASE</spring.security.jwt.version>
<!--<spring.security.oauth.version>2.3.8.RELEASE</spring.security.oauth.version>-->
<!--<spring.security.jwt.version>1.1.1.RELEASE</spring.security.jwt.version>-->
<test.skip>false</test.skip>
</properties>
@ -48,18 +48,25 @@
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<!-- OAuth2-->
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>${spring.security.oauth.version}</version>
</dependency>
<!--&lt;!&ndash; OAuth2&ndash;&gt;-->
<!--<dependency>-->
<!--<groupId>org.springframework.security.oauth</groupId>-->
<!--<artifactId>spring-security-oauth2</artifactId>-->
<!--<version>${spring.security.oauth.version}</version>-->
<!--</dependency>-->
<!-- JWT -->
<!--&lt;!&ndash; JWT &ndash;&gt;-->
<!--<dependency>-->
<!--<groupId>org.springframework.security</groupId>-->
<!--<artifactId>spring-security-jwt</artifactId>-->
<!--<version>${spring.security.jwt.version}</version>-->
<!--</dependency>-->
<!-- spring-authorization-server v2.1.1 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>${spring.security.jwt.version}</version>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.2.0</version>
</dependency>

85
src/main/java/com/monkeyk/sos/config/JWTTokenStoreConfiguration.java
View File

@ -1,18 +1,9 @@
package com.monkeyk.sos.config;
import com.monkeyk.sos.service.UserService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
/**
* 2020/6/9
@ -41,45 +32,45 @@ public class JWTTokenStoreConfiguration {
private String jwtKey;
@Bean
public JwtAccessTokenConverter accessTokenConverter(UserService userService) {
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
// @Bean
// public JwtAccessTokenConverter accessTokenConverter(UserService userService) {
// JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
//
// DefaultAccessTokenConverter tokenConverter = new DefaultAccessTokenConverter();
// DefaultUserAuthenticationConverter userAuthenticationConverter = new DefaultUserAuthenticationConverter();
// userAuthenticationConverter.setUserDetailsService(userService);
//// userAuthenticationConverter.setDefaultAuthorities(new String[]{"USER"});
// tokenConverter.setUserTokenConverter(userAuthenticationConverter);
//
// tokenConverter.setIncludeGrantType(true);
//// tokenConverter.setScopeAttribute("_scope");
// jwtAccessTokenConverter.setAccessTokenConverter(tokenConverter);
//
// jwtAccessTokenConverter.setSigningKey(this.jwtKey);
// return jwtAccessTokenConverter;
// }
DefaultAccessTokenConverter tokenConverter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter userAuthenticationConverter = new DefaultUserAuthenticationConverter();
userAuthenticationConverter.setUserDetailsService(userService);
// userAuthenticationConverter.setDefaultAuthorities(new String[]{"USER"});
tokenConverter.setUserTokenConverter(userAuthenticationConverter);
tokenConverter.setIncludeGrantType(true);
// tokenConverter.setScopeAttribute("_scope");
jwtAccessTokenConverter.setAccessTokenConverter(tokenConverter);
jwtAccessTokenConverter.setSigningKey(this.jwtKey);
return jwtAccessTokenConverter;
}
/**
* JWT TokenStore
*
* @since 2.1.0
*/
@Bean
public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
return new JwtTokenStore(jwtAccessTokenConverter);
}
// /**
// * JWT TokenStore
// *
// * @since 2.1.0
// */
// @Bean
// public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
// return new JwtTokenStore(jwtAccessTokenConverter);
// }
@Bean
@Primary
public DefaultTokenServices tokenServices(TokenStore tokenStore, JwtAccessTokenConverter tokenEnhancer, ClientDetailsService clientDetailsService) {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore);
tokenServices.setClientDetailsService(clientDetailsService);
//support refresh token
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenEnhancer(tokenEnhancer);
return tokenServices;
}
// @Bean
// @Primary
// public DefaultTokenServices tokenServices(TokenStore tokenStore, JwtAccessTokenConverter tokenEnhancer, ClientDetailsService clientDetailsService) {
// DefaultTokenServices tokenServices = new DefaultTokenServices();
// tokenServices.setTokenStore(tokenStore);
// tokenServices.setClientDetailsService(clientDetailsService);
// //support refresh token
// tokenServices.setSupportRefreshToken(true);
// tokenServices.setTokenEnhancer(tokenEnhancer);
// return tokenServices;
// }
}

47
src/main/java/com/monkeyk/sos/config/JdbcTokenStoreConfiguration.java
View File

@ -1,15 +1,8 @@
package com.monkeyk.sos.config;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import javax.sql.DataSource;
/**
* 2020/6/9
@ -26,25 +19,25 @@ import javax.sql.DataSource;
@ConditionalOnProperty(name = "sos.token.store", havingValue = "jdbc", matchIfMissing = true)
public class JdbcTokenStoreConfiguration {
/**
* JDBC TokenStore
*/
@Bean
public TokenStore tokenStore(DataSource dataSource) {
return new JdbcTokenStore(dataSource);
}
@Bean
@Primary
public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore);
tokenServices.setClientDetailsService(clientDetailsService);
//support refresh token
tokenServices.setSupportRefreshToken(true);
return tokenServices;
}
//
// /**
// * JDBC TokenStore
// */
// @Bean
// public TokenStore tokenStore(DataSource dataSource) {
// return new JdbcTokenStore(dataSource);
// }
//
//
// @Bean
// @Primary
// public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
// DefaultTokenServices tokenServices = new DefaultTokenServices();
// tokenServices.setTokenStore(tokenStore);
// tokenServices.setClientDetailsService(clientDetailsService);
// //support refresh token
// tokenServices.setSupportRefreshToken(true);
// return tokenServices;
// }
}

11
src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java
View File

@ -1,10 +1,7 @@
package com.monkeyk.sos.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
/**
* 2018/3/22
@ -12,15 +9,17 @@ import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecur
* #oauth2 #oauth2.hasScope('read')
*
* @author Shengzhao Li
* @deprecated use spring-security-authorization-server replaced from v2.1.1
*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
//@Configuration
//@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class OAuth2MethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
// return new OAuth2MethodSecurityExpressionHandler();
return super.createExpressionHandler();
}
}

418
src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
View File

@ -1,33 +1,25 @@
package com.monkeyk.sos.config;
import com.monkeyk.sos.domain.oauth.CustomJdbcClientDetailsService;
import com.monkeyk.sos.service.OauthService;
import com.monkeyk.sos.service.UserService;
import com.monkeyk.sos.web.oauth.OauthUserApprovalHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.context.annotation.Import;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationConsentService;
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import javax.sql.DataSource;
@ -40,6 +32,8 @@ import javax.sql.DataSource;
* @author Shengzhao Li
*/
@Configuration
// import from v2.1.1
@Import(OAuth2AuthorizationServerConfiguration.class)
public class OAuth2ServerConfiguration {
@ -48,173 +42,253 @@ public class OAuth2ServerConfiguration {
/**
* // unity resource
* UNITY 访
* JdbcTemplate config
*
* @param dataSource DataSource
* @return JdbcTemplate
* @since 2.1.1
*/
@Configuration
@EnableResourceServer
protected static class UnityResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
// Since we want the protected resources to be accessible in the UI as well we need
// session creation to be allowed (it's disabled by default in 2.0.6)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
// 所有以 /unity/ 开头的 URL属于此资源
.requestMatchers().antMatchers("/unity/**")
.and()
.authorizeRequests()
.antMatchers("/unity/**").access("#oauth2.hasScope('read') and hasRole('UNITY')");
}
@Bean
public JdbcTemplate jdbcTemplate(DataSource dataSource) {
return new JdbcTemplate(dataSource);
}
/**
* // mobile resource
* MOBILE 访
* RegisteredClientRepository config
* <p>
* SQL: oauth2-registered-client-schema.sql
*
* @param jdbcTemplate JdbcTemplate
* @return RegisteredClientRepository
* @since 2.1.1
*/
@Configuration
@EnableResourceServer
protected static class MobileResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
// Since we want the protected resources to be accessible in the UI as well we need
// session creation to be allowed (it's disabled by default in 2.0.6)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
// 所有以 /m/ 开头的 URL属于此资源
.requestMatchers().antMatchers("/m/**")
.and()
.authorizeRequests()
.antMatchers("/m/**").access("#oauth2.hasScope('read') and hasRole('MOBILE')");
}
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
return new JdbcRegisteredClientRepository(jdbcTemplate);
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
/**
* OAuth2AuthorizationService config
* <p>
* SQL: oauth2-authorization-schema.sql
*
* @param jdbcTemplate JdbcTemplate
* @param registeredClientRepository RegisteredClientRepository
* @return OAuth2AuthorizationService
* @since 2.1.1
*/
@Bean
public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
}
@Autowired
private TokenStore tokenStore;
@Autowired
private DefaultTokenServices tokenServices;
/**
* OAuth2AuthorizationConsentService config
* <p>
* SQL: oauth2-authorization-consent-schema.sql
*
* @param jdbcTemplate JdbcTemplate
* @param registeredClientRepository RegisteredClientRepository
* @return OAuth2AuthorizationConsentService
* @since 2.1.1
*/
@Bean
public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository);
}
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private OauthService oauthService;
@Autowired
private AuthorizationCodeServices authorizationCodeServices;
@Autowired
private UserService userDetailsService;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
}
/**
* JWT使 JWK
* <p>
* 使EC, P_256
*
* @return JWKSource
* @throws JOSEException e
* @since 2.1.1
*/
@Bean
public JWKSource<SecurityContext> jwkSource() throws JOSEException {
ECKeyGenerator keyGenerator = new ECKeyGenerator(Curve.P_256);
keyGenerator.keyID(RESOURCE_ID);
JWK jwk = keyGenerator.generate();
System.out.println("\n Use auto-generated jwk: " + jwk.toJSONString());
JWKSet jwkSet = new JWKSet(jwk);
return new ImmutableJWKSet<>(jwkSet);
}
// /**
// * // unity resource
// * UNITY 资源的访问权限配置
// */
// @Configuration
// @EnableResourceServer
// protected static class UnityResourceServerConfiguration extends ResourceServerConfigurerAdapter {
//
// @Override
// public void configure(ResourceServerSecurityConfigurer resources) {
// resources.resourceId(RESOURCE_ID).stateless(false);
// }
//
// @Override
// public void configure(HttpSecurity http) throws Exception {
// http
// // Since we want the protected resources to be accessible in the UI as well we need
// // session creation to be allowed (it's disabled by default in 2.0.6)
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
// .and()
// // 所有以 /unity/ 开头的 URL属于此资源
// .requestMatchers().antMatchers("/unity/**")
// .and()
// .authorizeRequests()
// .antMatchers("/unity/**").access("#oauth2.hasScope('read') and hasRole('UNITY')");
//
// }
//
// }
//
//
// /**
// * // mobile resource
// * MOBILE 资源的访问权限配置
// */
// @Configuration
// @EnableResourceServer
// protected static class MobileResourceServerConfiguration extends ResourceServerConfigurerAdapter {
//
// @Override
// public void configure(ResourceServerSecurityConfigurer resources) {
// resources.resourceId(RESOURCE_ID).stateless(false);
// }
//
// @Override
// public void configure(HttpSecurity http) throws Exception {
// http
// // Since we want the protected resources to be accessible in the UI as well we need
// // session creation to be allowed (it's disabled by default in 2.0.6)
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
// .and()
// // 所有以 /m/ 开头的 URL属于此资源
// .requestMatchers().antMatchers("/m/**")
// .and()
// .authorizeRequests()
// .antMatchers("/m/**").access("#oauth2.hasScope('read') and hasRole('MOBILE')");
//
// }
//
// }
//
// @Configuration
// @EnableAuthorizationServer
// protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
//
//
// @Autowired
// private TokenStore tokenStore;
//
// @Autowired
// private DefaultTokenServices tokenServices;
//
//
// @Autowired
// private ClientDetailsService clientDetailsService;
//
//
// @Autowired
// private OauthService oauthService;
//
//
// @Autowired
// private AuthorizationCodeServices authorizationCodeServices;
//
//
// @Autowired
// private UserService userDetailsService;
//
//
// @Autowired
// @Qualifier("authenticationManagerBean")
// private AuthenticationManager authenticationManager;
//
//
// @Override
// public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//
// clients.withClientDetails(clientDetailsService);
// }
//
//
//// /*
//// * JDBC TokenStore
//// */
//// @Bean
//// public TokenStore tokenStore(DataSource dataSource) {
//// return new JdbcTokenStore(dataSource);
//// }
//
// /*
// * JDBC TokenStore
// * Redis TokenStore (有Redis场景时使用)
// */
//// @Bean
//// public TokenStore tokenStore(RedisConnectionFactory connectionFactory) {
//// final RedisTokenStore redisTokenStore = new RedisTokenStore(connectionFactory);
//// //prefix
//// redisTokenStore.setPrefix(RESOURCE_ID);
//// return redisTokenStore;
//// }
//
//
// @Bean
// public TokenStore tokenStore(DataSource dataSource) {
// return new JdbcTokenStore(dataSource);
// public ClientDetailsService clientDetailsService(DataSource dataSource) {
// return new CustomJdbcClientDetailsService(dataSource);
// }
/*
* Redis TokenStore (Redis使)
*/
//
//
// @Bean
// public TokenStore tokenStore(RedisConnectionFactory connectionFactory) {
// final RedisTokenStore redisTokenStore = new RedisTokenStore(connectionFactory);
// //prefix
// redisTokenStore.setPrefix(RESOURCE_ID);
// return redisTokenStore;
// public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
// return new JdbcAuthorizationCodeServices(dataSource);
// }
@Bean
public ClientDetailsService clientDetailsService(DataSource dataSource) {
return new CustomJdbcClientDetailsService(dataSource);
}
@Bean
public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(tokenServices)
.tokenStore(tokenStore)
.authorizationCodeServices(authorizationCodeServices)
.userDetailsService(userDetailsService)
.userApprovalHandler(userApprovalHandler())
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
// real 值可自定义
oauthServer.realm("spring-oauth-server")
// 支持 client_credentials 的配置
.allowFormAuthenticationForClients();
}
@Bean
public OAuth2RequestFactory oAuth2RequestFactory() {
return new DefaultOAuth2RequestFactory(clientDetailsService);
}
@Bean
public UserApprovalHandler userApprovalHandler() {
OauthUserApprovalHandler userApprovalHandler = new OauthUserApprovalHandler();
userApprovalHandler.setOauthService(oauthService);
userApprovalHandler.setTokenStore(tokenStore);
userApprovalHandler.setClientDetailsService(this.clientDetailsService);
userApprovalHandler.setRequestFactory(oAuth2RequestFactory());
return userApprovalHandler;
}
}
//
//
// @Override
// public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// endpoints.tokenServices(tokenServices)
// .tokenStore(tokenStore)
// .authorizationCodeServices(authorizationCodeServices)
// .userDetailsService(userDetailsService)
// .userApprovalHandler(userApprovalHandler())
// .authenticationManager(authenticationManager);
// }
//
// @Override
// public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
// // real 值可自定义
// oauthServer.realm("spring-oauth-server")
// // 支持 client_credentials 的配置
// .allowFormAuthenticationForClients();
// }
//
// @Bean
// public OAuth2RequestFactory oAuth2RequestFactory() {
// return new DefaultOAuth2RequestFactory(clientDetailsService);
// }
//
//
// @Bean
// public UserApprovalHandler userApprovalHandler() {
// OauthUserApprovalHandler userApprovalHandler = new OauthUserApprovalHandler();
// userApprovalHandler.setOauthService(oauthService);
// userApprovalHandler.setTokenStore(tokenStore);
// userApprovalHandler.setClientDetailsService(this.clientDetailsService);
// userApprovalHandler.setRequestFactory(oAuth2RequestFactory());
// return userApprovalHandler;
// }
//
// }
}

14
src/main/java/com/monkeyk/sos/domain/oauth/CustomJdbcClientDetailsService.java
View File

@ -1,6 +1,6 @@
package com.monkeyk.sos.domain.oauth;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
//import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import javax.sql.DataSource;
@ -8,8 +8,10 @@ import javax.sql.DataSource;
* Add <i>archived = 0</i> condition
*
* @author Shengzhao Li
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
public class CustomJdbcClientDetailsService extends JdbcClientDetailsService {
//public class CustomJdbcClientDetailsService extends JdbcClientDetailsService {
public class CustomJdbcClientDetailsService {
/**
* SQL
@ -20,10 +22,10 @@ public class CustomJdbcClientDetailsService extends JdbcClientDetailsService {
"from oauth_client_details where client_id = ? and archived = 0 ";
public CustomJdbcClientDetailsService(DataSource dataSource) {
super(dataSource);
setSelectClientDetailsSql(SELECT_CLIENT_DETAILS_SQL);
}
// public CustomJdbcClientDetailsService(DataSource dataSource) {
// super(dataSource);
// setSelectClientDetailsSql(SELECT_CLIENT_DETAILS_SQL);
// }
}

8
src/main/java/com/monkeyk/sos/domain/shared/GuidGenerator.java
View File

@ -1,6 +1,8 @@
package com.monkeyk.sos.domain.shared;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
//import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.apache.commons.lang.RandomStringUtils;
import java.util.UUID;
@ -10,7 +12,7 @@ import java.util.UUID;
public abstract class GuidGenerator {
private static RandomValueStringGenerator defaultClientSecretGenerator = new RandomValueStringGenerator(32);
// private static RandomValueStringGenerator defaultClientSecretGenerator = new RandomValueStringGenerator(32);
/**
@ -24,7 +26,7 @@ public abstract class GuidGenerator {
}
public static String generateClientSecret() {
return defaultClientSecretGenerator.generate();
return RandomStringUtils.random(32, true, true);
}
}

15
src/main/java/com/monkeyk/sos/service/business/ClientCredentialsInlineAccessTokenInvoker.java
View File

@ -1,8 +1,8 @@
package com.monkeyk.sos.service.business;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
//import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
//import org.springframework.security.oauth2.provider.TokenGranter;
//import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
/**
* 2019/7/5
@ -12,6 +12,7 @@ import org.springframework.security.oauth2.provider.client.ClientCredentialsToke
*
* @author Shengzhao Li
* @since 2.0.1
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
public class ClientCredentialsInlineAccessTokenInvoker extends InlineAccessTokenInvoker {
@ -19,10 +20,10 @@ public class ClientCredentialsInlineAccessTokenInvoker extends InlineAccessToken
public ClientCredentialsInlineAccessTokenInvoker() {
}
@Override
protected TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory) {
return new ClientCredentialsTokenGranter(this.tokenServices, this.clientDetailsService, oAuth2RequestFactory);
}
// @Override
// protected TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory) {
// return new ClientCredentialsTokenGranter(this.tokenServices, this.clientDetailsService, oAuth2RequestFactory);
// }
}

169
src/main/java/com/monkeyk/sos/service/business/InlineAccessTokenInvoker.java
View File

@ -7,24 +7,19 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.util.Assert;
import java.util.Map;
import static org.springframework.security.oauth2.common.util.OAuth2Utils.CLIENT_ID;
import static org.springframework.security.oauth2.common.util.OAuth2Utils.GRANT_TYPE;
import static org.springframework.security.oauth2.common.util.OAuth2Utils.SCOPE;
/**
* 2019/7/5
*
* @author Shengzhao Li
* @see org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
// * @see org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
* @since 2.0.1
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
public abstract class InlineAccessTokenInvoker implements InitializingBean {
@ -34,9 +29,9 @@ public abstract class InlineAccessTokenInvoker implements InitializingBean {
protected transient AuthenticationManager authenticationManager = SOSContextHolder.getBean(AuthenticationManager.class);
protected transient AuthorizationServerTokenServices tokenServices = SOSContextHolder.getBean(AuthorizationServerTokenServices.class);
;
protected transient ClientDetailsService clientDetailsService = SOSContextHolder.getBean(ClientDetailsService.class);
// protected transient AuthorizationServerTokenServices tokenServices = SOSContextHolder.getBean(AuthorizationServerTokenServices.class);
//
// protected transient ClientDetailsService clientDetailsService = SOSContextHolder.getBean(ClientDetailsService.class);
public InlineAccessTokenInvoker() {
@ -62,26 +57,27 @@ public abstract class InlineAccessTokenInvoker implements InitializingBean {
String clientId = validateParams(params);
final ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
if (clientDetails == null) {
LOG.warn("Not found ClientDetails by clientId: {}", clientId);
return null;
}
// final ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
// if (clientDetails == null) {
// LOG.warn("Not found ClientDetails by clientId: {}", clientId);
// return null;
// }
//
// OAuth2RequestFactory oAuth2RequestFactory = createOAuth2RequestFactory();
// TokenGranter tokenGranter = getTokenGranter(oAuth2RequestFactory);
// LOG.debug("Use TokenGranter: {}", tokenGranter);
//
// TokenRequest tokenRequest = oAuth2RequestFactory.createTokenRequest(params, clientDetails);
// final OAuth2AccessToken oAuth2AccessToken = tokenGranter.grant(getGrantType(params), tokenRequest);
OAuth2RequestFactory oAuth2RequestFactory = createOAuth2RequestFactory();
TokenGranter tokenGranter = getTokenGranter(oAuth2RequestFactory);
LOG.debug("Use TokenGranter: {}", tokenGranter);
TokenRequest tokenRequest = oAuth2RequestFactory.createTokenRequest(params, clientDetails);
final OAuth2AccessToken oAuth2AccessToken = tokenGranter.grant(getGrantType(params), tokenRequest);
if (oAuth2AccessToken == null) {
LOG.warn("TokenGranter: {} grant OAuth2AccessToken null", tokenGranter);
return null;
}
AccessTokenDto accessTokenDto = new AccessTokenDto(oAuth2AccessToken);
LOG.debug("Invoked accessTokenDto: {}", accessTokenDto);
return accessTokenDto;
// if (oAuth2AccessToken == null) {
// LOG.warn("TokenGranter: {} grant OAuth2AccessToken null", tokenGranter);
// return null;
// }
// AccessTokenDto accessTokenDto = new AccessTokenDto(oAuth2AccessToken);
// LOG.debug("Invoked accessTokenDto: {}", accessTokenDto);
// return accessTokenDto;
throw new UnsupportedOperationException("unsupport from v2.1.1");
}
@ -93,72 +89,73 @@ public abstract class InlineAccessTokenInvoker implements InitializingBean {
*/
protected String validateParams(Map<String, String> params) {
//validate client_id
String clientId = params.get(CLIENT_ID);
if (StringUtils.isBlank(clientId)) {
throw new IllegalStateException("Null or empty '" + CLIENT_ID + "' from params");
}
// String clientId = params.get(CLIENT_ID);
// if (StringUtils.isBlank(clientId)) {
// throw new IllegalStateException("Null or empty '" + CLIENT_ID + "' from params");
// }
//
// //validate grant_type
// final String grantType = params.get(GRANT_TYPE);
// if (StringUtils.isBlank(grantType)) {
// throw new IllegalStateException("Null or empty '" + GRANT_TYPE + "' from params");
// }
//
// //validate scope
// final String scope = params.get(SCOPE);
// if (StringUtils.isBlank(scope)) {
// throw new IllegalStateException("Null or empty '" + SCOPE + "' from params");
// }
//validate grant_type
final String grantType = params.get(GRANT_TYPE);
if (StringUtils.isBlank(grantType)) {
throw new IllegalStateException("Null or empty '" + GRANT_TYPE + "' from params");
}
//validate scope
final String scope = params.get(SCOPE);
if (StringUtils.isBlank(scope)) {
throw new IllegalStateException("Null or empty '" + SCOPE + "' from params");
}
return clientId;
// return clientId;
throw new UnsupportedOperationException("unsupport from v2.1.1");
}
/**
* Get grant_type from params
*
* @param params Map
* @return Grant Type
*/
protected String getGrantType(Map<String, String> params) {
return params.get(GRANT_TYPE);
}
// /**
// * Get grant_type from params
// *
// * @param params Map
// * @return Grant Type
// */
// protected String getGrantType(Map<String, String> params) {
// return params.get(GRANT_TYPE);
// }
//
//
// /**
// * Get TokenGranter implement
// *
// * @return TokenGranter
// */
// protected abstract TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory);
// /**
// * Create OAuth2RequestFactory
// *
// * @return OAuth2RequestFactory instance
// */
// protected OAuth2RequestFactory createOAuth2RequestFactory() {
// return new DefaultOAuth2RequestFactory(this.clientDetailsService);
// }
//
//
// public void setAuthenticationManager(AuthenticationManager authenticationManager) {
// this.authenticationManager = authenticationManager;
// }
/**
* Get TokenGranter implement
*
* @return TokenGranter
*/
protected abstract TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory);
/**
* Create OAuth2RequestFactory
*
* @return OAuth2RequestFactory instance
*/
protected OAuth2RequestFactory createOAuth2RequestFactory() {
return new DefaultOAuth2RequestFactory(this.clientDetailsService);
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setTokenServices(AuthorizationServerTokenServices tokenServices) {
this.tokenServices = tokenServices;
}
public void setClientDetailsService(ClientDetailsService clientDetailsService) {
this.clientDetailsService = clientDetailsService;
}
// public void setTokenServices(AuthorizationServerTokenServices tokenServices) {
// this.tokenServices = tokenServices;
// }
//
// public void setClientDetailsService(ClientDetailsService clientDetailsService) {
// this.clientDetailsService = clientDetailsService;
// }
@Override
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.authenticationManager, "authenticationManager is null");
Assert.notNull(this.tokenServices, "tokenServices is null");
// Assert.notNull(this.tokenServices, "tokenServices is null");
Assert.notNull(this.clientDetailsService, "clientDetailsService is null");
// Assert.notNull(this.clientDetailsService, "clientDetailsService is null");
}
}

17
src/main/java/com/monkeyk/sos/service/business/PasswordInlineAccessTokenInvoker.java
View File

@ -1,8 +1,8 @@
package com.monkeyk.sos.service.business;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
//import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
//import org.springframework.security.oauth2.provider.TokenGranter;
//import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
/**
* 2019/7/5
@ -12,17 +12,18 @@ import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswo
*
* @author Shengzhao Li
* @since 2.0.1
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
public class PasswordInlineAccessTokenInvoker extends InlineAccessTokenInvoker {
public PasswordInlineAccessTokenInvoker() {
}
@Override
protected TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory) {
return new ResourceOwnerPasswordTokenGranter(this.authenticationManager, this.tokenServices, this.clientDetailsService, oAuth2RequestFactory);
}
//
// @Override
// protected TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory) {
// return new ResourceOwnerPasswordTokenGranter(this.authenticationManager, this.tokenServices, this.clientDetailsService, oAuth2RequestFactory);
// }

15
src/main/java/com/monkeyk/sos/service/business/RefreshTokenInlineAccessTokenInvoker.java
View File

@ -1,8 +1,8 @@
package com.monkeyk.sos.service.business;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
//import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
//import org.springframework.security.oauth2.provider.TokenGranter;
//import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
/**
* 2019/7/5
@ -12,6 +12,7 @@ import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
*
* @author Shengzhao Li
* @since 2.0.1
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
public class RefreshTokenInlineAccessTokenInvoker extends InlineAccessTokenInvoker {
@ -19,10 +20,10 @@ public class RefreshTokenInlineAccessTokenInvoker extends InlineAccessTokenInvok
public RefreshTokenInlineAccessTokenInvoker() {
}
@Override
protected TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory) {
return new RefreshTokenGranter(this.tokenServices, this.clientDetailsService, oAuth2RequestFactory);
}
// @Override
// protected TokenGranter getTokenGranter(OAuth2RequestFactory oAuth2RequestFactory) {
// return new RefreshTokenGranter(this.tokenServices, this.clientDetailsService, oAuth2RequestFactory);
// }
}

32
src/main/java/com/monkeyk/sos/service/dto/AccessTokenDto.java
View File

@ -1,9 +1,11 @@
package com.monkeyk.sos.service.dto;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
//import org.apache.commons.lang.StringUtils;
//import org.springframework.security.oauth2.core.OAuth2AccessToken;
//import org.springframework.security.oauth2.core.OAuth2RefreshToken;
//import org.springframework.security.oauth2.common.OAuth2AccessToken;
//import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import java.io.Serializable;
@ -39,18 +41,18 @@ public class AccessTokenDto implements Serializable {
}
public AccessTokenDto(OAuth2AccessToken token) {
this.accessToken = token.getValue();
this.expiresIn = token.getExpiresIn();
this.scope = StringUtils.join(token.getScope(), ",");
this.tokenType = token.getTokenType();
final OAuth2RefreshToken oAuth2RefreshToken = token.getRefreshToken();
if (oAuth2RefreshToken != null) {
this.refreshToken = oAuth2RefreshToken.getValue();
}
}
// public AccessTokenDto(OAuth2AccessToken token) {
// this.accessToken = token.getValue();
// this.expiresIn = token.getExpiresIn();
//
// this.scope = StringUtils.join(token.getScope(), ",");
// this.tokenType = token.getTokenType();
//
// final OAuth2RefreshToken oAuth2RefreshToken = token.getRefreshToken();
// if (oAuth2RefreshToken != null) {
// this.refreshToken = oAuth2RefreshToken.getValue();
// }
// }
public String getAccessToken() {

43
src/main/java/com/monkeyk/sos/service/impl/UserServiceImpl.java
View File

@ -1,28 +1,25 @@
package com.monkeyk.sos.service.impl;
import com.monkeyk.sos.service.dto.UserDto;
import com.monkeyk.sos.service.dto.UserFormDto;
import com.monkeyk.sos.service.dto.UserJsonDto;
import com.monkeyk.sos.service.dto.UserOverviewDto;
import com.monkeyk.sos.domain.shared.security.SOSUserDetails;
import com.monkeyk.sos.domain.user.User;
import com.monkeyk.sos.domain.user.UserRepository;
import com.monkeyk.sos.service.UserService;
import com.monkeyk.sos.service.dto.UserDto;
import com.monkeyk.sos.service.dto.UserFormDto;
import com.monkeyk.sos.service.dto.UserJsonDto;
import com.monkeyk.sos.service.dto.UserOverviewDto;
import com.monkeyk.sos.web.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import java.util.Collection;
import java.util.List;
/**
@ -55,13 +52,19 @@ public class UserServiceImpl implements UserService {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final Object principal = authentication.getPrincipal();
if (authentication instanceof OAuth2Authentication &&
/* if (authentication instanceof OAuth2Authentication &&
(principal instanceof String || principal instanceof org.springframework.security.core.userdetails.User)) {
return loadOauthUserJsonDto((OAuth2Authentication) authentication);
} else {
} else {*/
if (principal instanceof SOSUserDetails) {
final SOSUserDetails userDetails = (SOSUserDetails) principal;
return new UserJsonDto(userRepository.findByGuid(userDetails.user().guid()));
}
// }
if (LOG.isWarnEnabled()) {
LOG.warn("{}|Unknown principal: {}, please checking, return null", WebUtils.getIp(), principal);
}
return null;
}
@Override
@ -89,15 +92,15 @@ public class UserServiceImpl implements UserService {
}
private UserJsonDto loadOauthUserJsonDto(OAuth2Authentication oAuth2Authentication) {
UserJsonDto userJsonDto = new UserJsonDto();
userJsonDto.setUsername(oAuth2Authentication.getName());
final Collection<GrantedAuthority> authorities = oAuth2Authentication.getAuthorities();
for (GrantedAuthority authority : authorities) {
userJsonDto.getPrivileges().add(authority.getAuthority());
}
return userJsonDto;
}
// private UserJsonDto loadOauthUserJsonDto(OAuth2Authentication oAuth2Authentication) {
// UserJsonDto userJsonDto = new UserJsonDto();
// userJsonDto.setUsername(oAuth2Authentication.getName());
//
// final Collection<GrantedAuthority> authorities = oAuth2Authentication.getAuthorities();
// for (GrantedAuthority authority : authorities) {
// userJsonDto.getPrivileges().add(authority.getAuthority());
// }
//
// return userJsonDto;
// }
}

9
src/main/java/com/monkeyk/sos/web/context/SOSContextHolder.java
View File

@ -7,7 +7,6 @@ import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.util.Assert;
/**
@ -82,10 +81,10 @@ public class SOSContextHolder implements BeanFactoryAware, InitializingBean {
public void afterPropertiesSet() throws Exception {
Assert.notNull(beanFactory, "beanFactory is null");
if (LOG.isDebugEnabled()) {
TokenStore tokenStore = getBean(TokenStore.class);
LOG.debug("{} use tokenStore: {}", this.applicationName, tokenStore);
}
// if (LOG.isDebugEnabled()) {
// TokenStore tokenStore = getBean(TokenStore.class);
// LOG.debug("{} use tokenStore: {}", this.applicationName, tokenStore);
// }
}
}

332
src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
View File

@ -16,34 +16,11 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.*;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import java.util.Collections;
import java.util.Map;
/**
* 2016/3/8
@ -51,7 +28,8 @@ import java.util.Map;
* Restful OAuth API
*
* @author Shengzhao Li
* @see org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
// * @see org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
@Controller
public class OAuthRestController implements InitializingBean, ApplicationContextAware {
@ -59,170 +37,170 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
private static final Logger LOG = LoggerFactory.getLogger(OAuthRestController.class);
@Autowired
private ClientDetailsService clientDetailsService;
// consumerTokenServices,defaultAuthorizationServerTokenServices
@Autowired
@Qualifier("defaultAuthorizationServerTokenServices")
private AuthorizationServerTokenServices tokenServices;
@Autowired
private AuthorizationCodeServices authorizationCodeServices;
// @Autowired
// private ClientDetailsService clientDetailsService;
//
// // consumerTokenServices,defaultAuthorizationServerTokenServices
// @Autowired
// @Qualifier("defaultAuthorizationServerTokenServices")
// private AuthorizationServerTokenServices tokenServices;
// @Autowired
// private AuthorizationCodeServices authorizationCodeServices;
//
@Autowired
private PasswordEncoder passwordEncoder;
private AuthenticationManager authenticationManager;
private OAuth2RequestFactory oAuth2RequestFactory;
private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
private WebResponseExceptionTranslator providerExceptionHandler = new DefaultWebResponseExceptionTranslator();
@RequestMapping(value = "/oauth/rest_token", method = RequestMethod.POST)
@ResponseBody
public OAuth2AccessToken postAccessToken(@RequestBody Map<String, String> parameters) {
String clientId = getClientId(parameters);
ClientDetails authenticatedClient = clientDetailsService.loadClientByClientId(clientId);
//validate client_secret
String clientSecret = getClientSecret(parameters);
if (clientSecret == null || clientSecret.equals("")) {
throw new InvalidClientException("Bad client credentials");
} else {
if (!this.passwordEncoder.matches(clientSecret, authenticatedClient.getClientSecret())) {
throw new InvalidClientException("Bad client credentials");
}
}
TokenRequest tokenRequest = oAuth2RequestFactory.createTokenRequest(parameters, authenticatedClient);
if (clientId != null && !clientId.equals("")) {
// Only validate the client details if a client authenticated during this
// request.
if (!clientId.equals(tokenRequest.getClientId())) {
// double check to make sure that the client ID in the token request is the same as that in the
// authenticated client
throw new InvalidClientException("Given client ID does not match authenticated client");
}
}
oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient);
final String grantType = tokenRequest.getGrantType();
if (!StringUtils.hasText(grantType)) {
throw new InvalidRequestException("Missing grant type");
}
if (grantType.equals("implicit")) {
throw new InvalidGrantException("Implicit grant type not supported from token endpoint");
}
if (isAuthCodeRequest(parameters)) {
// The scope was requested or determined during the authorization step
if (!tokenRequest.getScope().isEmpty()) {
LOG.debug("Clearing scope of incoming token request");
tokenRequest.setScope(Collections.<String>emptySet());
}
}
if (isRefreshTokenRequest(parameters)) {
// A refresh token has its own default scopes, so we should ignore any added by the factory here.
tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
}
OAuth2AccessToken token = getTokenGranter(grantType).grant(grantType, tokenRequest);
if (token == null) {
throw new UnsupportedGrantTypeException("Unsupported grant type: " + grantType);
}
return token;
}
protected TokenGranter getTokenGranter(String grantType) {
if ("authorization_code".equals(grantType)) {
return new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetailsService, this.oAuth2RequestFactory);
} else if ("password".equals(grantType)) {
return new ResourceOwnerPasswordTokenGranter(getAuthenticationManager(), tokenServices, clientDetailsService, this.oAuth2RequestFactory);
} else if ("refresh_token".equals(grantType)) {
return new RefreshTokenGranter(tokenServices, clientDetailsService, this.oAuth2RequestFactory);
} else if ("client_credentials".equals(grantType)) {
return new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, this.oAuth2RequestFactory);
} else if ("implicit".equals(grantType)) {
return new ImplicitTokenGranter(tokenServices, clientDetailsService, this.oAuth2RequestFactory);
} else {
throw new UnsupportedGrantTypeException("Unsupport grant_type: " + grantType);
}
}
@ExceptionHandler(Exception.class)
public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
LOG.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
return getExceptionTranslator().translate(e);
}
@ExceptionHandler(ClientRegistrationException.class)
public ResponseEntity<OAuth2Exception> handleClientRegistrationException(Exception e) throws Exception {
LOG.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
return getExceptionTranslator().translate(new BadClientCredentialsException());
}
@ExceptionHandler(OAuth2Exception.class)
public ResponseEntity<OAuth2Exception> handleException(OAuth2Exception e) throws Exception {
LOG.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
return getExceptionTranslator().translate(e);
}
private boolean isRefreshTokenRequest(Map<String, String> parameters) {
return "refresh_token".equals(parameters.get(OAuth2Utils.GRANT_TYPE)) && parameters.get("refresh_token") != null;
}
private boolean isAuthCodeRequest(Map<String, String> parameters) {
return "authorization_code".equals(parameters.get(OAuth2Utils.GRANT_TYPE)) && parameters.get("code") != null;
}
protected String getClientId(Map<String, String> parameters) {
return parameters.get(OAuth2Utils.CLIENT_ID);
}
protected String getClientSecret(Map<String, String> parameters) {
return parameters.get("client_secret");
}
private AuthenticationManager getAuthenticationManager() {
return this.authenticationManager;
}
//
// private AuthenticationManager authenticationManager;
//
// private OAuth2RequestFactory oAuth2RequestFactory;
//
// private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
// private WebResponseExceptionTranslator providerExceptionHandler = new DefaultWebResponseExceptionTranslator();
//
//
// @RequestMapping(value = "/oauth/rest_token", method = RequestMethod.POST)
// @ResponseBody
// public OAuth2AccessToken postAccessToken(@RequestBody Map<String, String> parameters) {
//
//
// String clientId = getClientId(parameters);
// ClientDetails authenticatedClient = clientDetailsService.loadClientByClientId(clientId);
//
// //validate client_secret
// String clientSecret = getClientSecret(parameters);
// if (clientSecret == null || clientSecret.equals("")) {
// throw new InvalidClientException("Bad client credentials");
// } else {
// if (!this.passwordEncoder.matches(clientSecret, authenticatedClient.getClientSecret())) {
// throw new InvalidClientException("Bad client credentials");
// }
// }
//
// TokenRequest tokenRequest = oAuth2RequestFactory.createTokenRequest(parameters, authenticatedClient);
//
// if (clientId != null && !clientId.equals("")) {
// // Only validate the client details if a client authenticated during this
// // request.
// if (!clientId.equals(tokenRequest.getClientId())) {
// // double check to make sure that the client ID in the token request is the same as that in the
// // authenticated client
// throw new InvalidClientException("Given client ID does not match authenticated client");
// }
// }
//
// oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient);
//
// final String grantType = tokenRequest.getGrantType();
// if (!StringUtils.hasText(grantType)) {
// throw new InvalidRequestException("Missing grant type");
// }
// if (grantType.equals("implicit")) {
// throw new InvalidGrantException("Implicit grant type not supported from token endpoint");
// }
//
// if (isAuthCodeRequest(parameters)) {
// // The scope was requested or determined during the authorization step
// if (!tokenRequest.getScope().isEmpty()) {
// LOG.debug("Clearing scope of incoming token request");
// tokenRequest.setScope(Collections.<String>emptySet());
// }
// }
//
//
// if (isRefreshTokenRequest(parameters)) {
// // A refresh token has its own default scopes, so we should ignore any added by the factory here.
// tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
// }
//
// OAuth2AccessToken token = getTokenGranter(grantType).grant(grantType, tokenRequest);
// if (token == null) {
// throw new UnsupportedGrantTypeException("Unsupported grant type: " + grantType);
// }
//
//
// return token;
//
// }
//
// protected TokenGranter getTokenGranter(String grantType) {
//
// if ("authorization_code".equals(grantType)) {
// return new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetailsService, this.oAuth2RequestFactory);
// } else if ("password".equals(grantType)) {
// return new ResourceOwnerPasswordTokenGranter(getAuthenticationManager(), tokenServices, clientDetailsService, this.oAuth2RequestFactory);
// } else if ("refresh_token".equals(grantType)) {
// return new RefreshTokenGranter(tokenServices, clientDetailsService, this.oAuth2RequestFactory);
// } else if ("client_credentials".equals(grantType)) {
// return new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, this.oAuth2RequestFactory);
// } else if ("implicit".equals(grantType)) {
// return new ImplicitTokenGranter(tokenServices, clientDetailsService, this.oAuth2RequestFactory);
// } else {
// throw new UnsupportedGrantTypeException("Unsupport grant_type: " + grantType);
// }
// }
//
//
// @ExceptionHandler(Exception.class)
// public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
// LOG.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
// return getExceptionTranslator().translate(e);
// }
//
// @ExceptionHandler(ClientRegistrationException.class)
// public ResponseEntity<OAuth2Exception> handleClientRegistrationException(Exception e) throws Exception {
// LOG.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
// return getExceptionTranslator().translate(new BadClientCredentialsException());
// }
//
// @ExceptionHandler(OAuth2Exception.class)
// public ResponseEntity<OAuth2Exception> handleException(OAuth2Exception e) throws Exception {
// LOG.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
// return getExceptionTranslator().translate(e);
// }
//
//
// private boolean isRefreshTokenRequest(Map<String, String> parameters) {
// return "refresh_token".equals(parameters.get(OAuth2Utils.GRANT_TYPE)) && parameters.get("refresh_token") != null;
// }
//
// private boolean isAuthCodeRequest(Map<String, String> parameters) {
// return "authorization_code".equals(parameters.get(OAuth2Utils.GRANT_TYPE)) && parameters.get("code") != null;
// }
//
//
// protected String getClientId(Map<String, String> parameters) {
// return parameters.get(OAuth2Utils.CLIENT_ID);
// }
//
// protected String getClientSecret(Map<String, String> parameters) {
// return parameters.get("client_secret");
// }
//
//
// private AuthenticationManager getAuthenticationManager() {
// return this.authenticationManager;
// }
//
@Override
public void afterPropertiesSet() throws Exception {
Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
Assert.state(authenticationManager != null, "AuthenticationManager must be provided");
// Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
// Assert.state(authenticationManager != null, "AuthenticationManager must be provided");
Assert.notNull(this.passwordEncoder, "PasswordEncoder is null");
oAuth2RequestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
// oAuth2RequestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
}
protected WebResponseExceptionTranslator getExceptionTranslator() {
return providerExceptionHandler;
}
// protected WebResponseExceptionTranslator getExceptionTranslator() {
// return providerExceptionHandler;
// }
//
//
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
if (this.authenticationManager == null) {
this.authenticationManager = (AuthenticationManager) applicationContext.getBean("authenticationManagerBean");
}
// if (this.authenticationManager == null) {
// this.authenticationManager = (AuthenticationManager) applicationContext.getBean("authenticationManagerBean");
// }
}
}

34
src/main/java/com/monkeyk/sos/web/oauth/OauthUserApprovalHandler.java
View File

@ -1,34 +1,32 @@
package com.monkeyk.sos.web.oauth;
import com.monkeyk.sos.domain.oauth.OauthClientDetails;
import com.monkeyk.sos.service.OauthService;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
/**
* @author Shengzhao Li
* @deprecated use spring-security-oauth2-authorization-server replaced from v2.1.1
*/
public class OauthUserApprovalHandler extends TokenStoreUserApprovalHandler {
//public class OauthUserApprovalHandler extends TokenStoreUserApprovalHandler {
public class OauthUserApprovalHandler {
private OauthService oauthService;
public OauthUserApprovalHandler() {
}
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
if (super.isApproved(authorizationRequest, userAuthentication)) {
return true;
}
if (!userAuthentication.isAuthenticated()) {
return false;
}
OauthClientDetails clientDetails = oauthService.loadOauthClientDetails(authorizationRequest.getClientId());
return clientDetails != null && clientDetails.trusted();
}
//
// public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
// if (super.isApproved(authorizationRequest, userAuthentication)) {
// return true;
// }
// if (!userAuthentication.isAuthenticated()) {
// return false;
// }
//
// OauthClientDetails clientDetails = oauthService.loadOauthClientDetails(authorizationRequest.getClientId());
// return clientDetails != null && clientDetails.trusted();
//
// }
public void setOauthService(OauthService oauthService) {
this.oauthService = oauthService;

24
src/test/java/com/monkeyk/sos/config/JWTTokenStoreConfigurationTest.java
View File

@ -2,8 +2,8 @@ package com.monkeyk.sos.config;
import org.junit.jupiter.api.Test;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
//import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
//import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import java.util.Map;
@ -22,9 +22,9 @@ class JWTTokenStoreConfigurationTest {
@Test
void keyTest() throws Exception {
RandomValueStringGenerator randomValueStringGenerator = new RandomValueStringGenerator(32);
String verifierKey = randomValueStringGenerator.generate();
assertNotNull(verifierKey);
// RandomValueStringGenerator randomValueStringGenerator = new RandomValueStringGenerator(32);
// String verifierKey = randomValueStringGenerator.generate();
// assertNotNull(verifierKey);
// System.out.println(verifierKey);
}
@ -33,13 +33,13 @@ class JWTTokenStoreConfigurationTest {
@Test
void testJwtAccessTokenConverter() throws Exception {
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setSigningKey("IH6S2dhCEMwGr7uE4fBakSuDh9SoIrRa");
jwtAccessTokenConverter.afterPropertiesSet();
assertFalse(jwtAccessTokenConverter.isPublic());
Map<String, String> key = jwtAccessTokenConverter.getKey();
assertNotNull(key);
// JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
// jwtAccessTokenConverter.setSigningKey("IH6S2dhCEMwGr7uE4fBakSuDh9SoIrRa");
// jwtAccessTokenConverter.afterPropertiesSet();
//
// assertFalse(jwtAccessTokenConverter.isPublic());
// Map<String, String> key = jwtAccessTokenConverter.getKey();
// assertNotNull(key);
}

16
src/test/java/com/monkeyk/sos/service/business/ClientCredentialsInlineAccessTokenInvokerTest.java
View File

@ -3,7 +3,7 @@ package com.monkeyk.sos.service.business;
import com.monkeyk.sos.service.dto.AccessTokenDto;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.springframework.security.oauth2.provider.NoSuchClientException;
//import org.springframework.security.oauth2.provider.NoSuchClientException;
import java.util.HashMap;
import java.util.Map;
@ -54,13 +54,13 @@ public class ClientCredentialsInlineAccessTokenInvokerTest extends AbstractInlin
params.put("scope", "read");
ClientCredentialsInlineAccessTokenInvoker accessTokenInvoker = new ClientCredentialsInlineAccessTokenInvoker();
assertThrows(NoSuchClientException.class, () -> {
final AccessTokenDto accessTokenDto = accessTokenInvoker.invoke(params);
assertNotNull(accessTokenDto);
assertNotNull(accessTokenDto.getAccessToken());
});
// ClientCredentialsInlineAccessTokenInvoker accessTokenInvoker = new ClientCredentialsInlineAccessTokenInvoker();
// assertThrows(NoSuchClientException.class, () -> {
// final AccessTokenDto accessTokenDto = accessTokenInvoker.invoke(params);
//
// assertNotNull(accessTokenDto);
// assertNotNull(accessTokenDto.getAccessToken());
// });
// System.out.println(accessTokenDto);

14
src/test/java/com/monkeyk/sos/service/business/PasswordInlineAccessTokenInvokerTest.java
View File

@ -2,7 +2,7 @@ package com.monkeyk.sos.service.business;
import com.monkeyk.sos.service.dto.AccessTokenDto;
import org.junit.jupiter.api.Test;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
//import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import java.util.HashMap;
import java.util.Map;
@ -61,12 +61,12 @@ class PasswordInlineAccessTokenInvokerTest extends AbstractInlineAccessTokenInvo
params.put("username", "useraaa");
params.put("password", "password");
PasswordInlineAccessTokenInvoker accessTokenInvoker = new PasswordInlineAccessTokenInvoker();
assertThrows(InvalidGrantException.class, () -> {
final AccessTokenDto tokenDto = accessTokenInvoker.invoke(params);
assertNull(tokenDto);
});
// PasswordInlineAccessTokenInvoker accessTokenInvoker = new PasswordInlineAccessTokenInvoker();
// assertThrows(InvalidGrantException.class, () -> {
// final AccessTokenDto tokenDto = accessTokenInvoker.invoke(params);
//
// assertNull(tokenDto);
// });
// System.out.println(accessTokenDto);

26
src/test/java/com/monkeyk/sos/service/business/RefreshTokenInlineAccessTokenInvokerTest.java
View File

@ -2,7 +2,7 @@ package com.monkeyk.sos.service.business;
import com.monkeyk.sos.service.dto.AccessTokenDto;
import org.junit.jupiter.api.Test;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
//import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import java.util.HashMap;
import java.util.Map;
@ -96,18 +96,18 @@ class RefreshTokenInlineAccessTokenInvokerTest extends AbstractInlineAccessToken
params2.put("refresh_token", tokenDto.getRefreshToken() + "sss");
RefreshTokenInlineAccessTokenInvoker refreshTokenInlineAccessTokenInvoker = new RefreshTokenInlineAccessTokenInvoker();
assertThrows(InvalidTokenException.class, () -> {
final AccessTokenDto accessTokenDto = refreshTokenInlineAccessTokenInvoker.invoke(params2);
assertNotNull(accessTokenDto);
assertNotNull(accessTokenDto.getAccessToken());
assertNotEquals(accessTokenDto.getAccessToken(), tokenDto.getAccessToken());
assertNotEquals(accessTokenDto.getRefreshToken(), tokenDto.getRefreshToken());
});
// RefreshTokenInlineAccessTokenInvoker refreshTokenInlineAccessTokenInvoker = new RefreshTokenInlineAccessTokenInvoker();
// assertThrows(InvalidTokenException.class, () -> {
// final AccessTokenDto accessTokenDto = refreshTokenInlineAccessTokenInvoker.invoke(params2);
//
//
// assertNotNull(accessTokenDto);
// assertNotNull(accessTokenDto.getAccessToken());
//
// assertNotEquals(accessTokenDto.getAccessToken(), tokenDto.getAccessToken());
// assertNotEquals(accessTokenDto.getRefreshToken(), tokenDto.getRefreshToken());
//
// });
}