109 升级 spring-security-oauth2 的版本到 2.0.6以上, 目前是1.0.5

113 Upgrade spring, spring security version to > 4.0 version: 0.4-beta
2015-11-09 15:08:37 +08:00 · 2015-11-09 15:08:37 +08:00 · efff49afbe
parent f6100f71c5
commit efff49afbe
12 changed files with 95 additions and 79 deletions
--- a/others/database/oauth.ddl
+++ b/others/database/oauth.ddl
@ -16,7 +16,8 @@ create table oauth_client_details (
  additional_information VARCHAR(4096),
  create_time timestamp default now(),
  archived tinyint(1) default '0',
-  trusted tinyint(1) default '0'
+  trusted tinyint(1) default '0',
  autoapprove VARCHAR (255) default 'false'
 );
 Drop table  if exists oauth_client_token;
--- a/pom.xml
+++ b/pom.xml
@ -6,18 +6,20 @@
    <groupId>wdcy.cc</groupId>
    <artifactId>spring-oauth-server</artifactId>
-    <version>0.3</version>
+    <version>0.4-beta</version>
    <name>spring-oauth-server</name>
    <packaging>war</packaging>
    <description>Spring Oauth Server</description>
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <spring.version>3.1.1.RELEASE</spring.version>
+
-        <spring.security.version>3.1.0.RELEASE</spring.security.version>
+        <spring.version>4.1.6.RELEASE</spring.version>
-        <!--Next branch version:  2.0.7.RELEASE-->
+        <spring.security.version>4.0.1.RELEASE</spring.security.version>
-        <spring.security.oauth.version>1.0.5.RELEASE</spring.security.oauth.version>
+        <spring.security.oauth.version>2.0.7.RELEASE</spring.security.oauth.version>
-        <aspectj.version>1.6.10</aspectj.version>
+        <fasterxml.jackson.version>2.5.4</fasterxml.jackson.version>
        <aspectj.version>1.8.6</aspectj.version>
        <mybatis.version>3.2.1</mybatis.version>
        <!--jdbc execute sql config-->
@ -196,11 +198,17 @@
            <version>${aspectj.version}</version>
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>commons-dbcp</groupId>
            <artifactId>commons-dbcp</artifactId>
            <version>1.4</version>
        </dependency>
        <dependency>
            <groupId>commons-lang</groupId>
            <artifactId>commons-lang</artifactId>
            <version>2.6</version>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
@ -269,16 +277,16 @@
            <artifactId>spring-security-taglibs</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
-        <dependency>
+        <!--<dependency>-->
-            <groupId>org.springframework.security</groupId>
+        <!--<groupId>org.springframework.security</groupId>-->
-            <artifactId>spring-security-acl</artifactId>
+        <!--<artifactId>spring-security-acl</artifactId>-->
-            <version>${spring.security.version}</version>
+        <!--<version>${spring.security.version}</version>-->
-        </dependency>
+        <!--</dependency>-->
-        <dependency>
+        <!--<dependency>-->
-            <groupId>org.springframework.security</groupId>
+        <!--<groupId>org.springframework.security</groupId>-->
-            <artifactId>spring-security-crypto</artifactId>
+        <!--<artifactId>spring-security-crypto</artifactId>-->
-            <version>${spring.security.version}</version>
+        <!--<version>${spring.security.version}</version>-->
-        </dependency>
+        <!--</dependency>-->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
@ -291,6 +299,13 @@
            <version>${spring.security.oauth.version}</version>
        </dependency>
        <!--json-->
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>${fasterxml.jackson.version}</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
@ -312,18 +327,6 @@
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>net.sf.json-lib</groupId>
            <artifactId>json-lib</artifactId>
            <version>2.4</version>
            <classifier>jdk15</classifier>
            <exclusions>
                <exclusion>
                    <groupId>commons-logging</groupId>
                    <artifactId>commons-logging</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!--mybatis-->
        <dependency>
--- a/src/main/java/cc/wdcy/domain/oauth/CustomJdbcClientDetailsService.java
+++ b/src/main/java/cc/wdcy/domain/oauth/CustomJdbcClientDetailsService.java
@ -1,6 +1,6 @@
 package cc.wdcy.domain.oauth;
-import org.springframework.security.oauth2.provider.JdbcClientDetailsService;
+import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
 import javax.sql.DataSource;
@ -12,7 +12,7 @@ import javax.sql.DataSource;
 public class CustomJdbcClientDetailsService extends JdbcClientDetailsService {
    private static final String SELECT_CLIENT_DETAILS_SQL = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, " +
-            "web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information " +
+            "web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove " +
            "from oauth_client_details where client_id = ? and archived = 0 ";
--- a/src/main/java/cc/wdcy/web/WebUtils.java
+++ b/src/main/java/cc/wdcy/web/WebUtils.java
@ -1,10 +1,8 @@
 package cc.wdcy.web;
-import net.sf.json.JSON;
+import org.apache.commons.lang.StringUtils;
-import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.PrintWriter;
 /**
 * @author Shengzhao Li
@ -17,16 +15,28 @@ public abstract class WebUtils {
    }
-    public static void writeJson(HttpServletResponse response, JSON json) {
+    /**
-        response.setContentType("application/json;charset=UTF-8");
+     * Retrieve client ip address
-        try {
+     *
-            PrintWriter writer = response.getWriter();
+     * @param request HttpServletRequest
-            json.write(writer);
+     * @return IP
-            writer.flush();
+     */
-        } catch (IOException e) {
+    public static String retrieveClientIp(HttpServletRequest request) {
-            throw new IllegalStateException("Write json to response error", e);
+        String ip = request.getHeader("x-forwarded-for");
-        }
+        if (isUnAvailableIp(ip)) {
-
+            ip = request.getHeader("Proxy-Client-IP");
        }
        if (isUnAvailableIp(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (isUnAvailableIp(ip)) {
            ip = request.getRemoteAddr();
        }
        return ip;
    }
    private static boolean isUnAvailableIp(String ip) {
        return (StringUtils.isEmpty(ip) || "unknown".equalsIgnoreCase(ip));
    }
 }
--- a/src/main/java/cc/wdcy/web/controller/mobile/MobileController.java
+++ b/src/main/java/cc/wdcy/web/controller/mobile/MobileController.java
@ -2,14 +2,10 @@ package cc.wdcy.web.controller.mobile;
 import cc.wdcy.domain.dto.UserJsonDto;
 import cc.wdcy.service.UserService;
 import net.sf.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
-
+import org.springframework.web.bind.annotation.ResponseBody;
 import javax.servlet.http.HttpServletResponse;
 import static cc.wdcy.web.WebUtils.writeJson;
 /**
 * @author Shengzhao Li
@ -28,9 +24,9 @@ public class MobileController {
    }
    @RequestMapping("user_info")
-    public void userInfo(HttpServletResponse response) throws Exception {
+    @ResponseBody
-        final UserJsonDto jsonDto = userService.loadCurrentUserJsonDto();
+    public UserJsonDto userInfo() throws Exception {
-        writeJson(response, JSONObject.fromObject(jsonDto));
+        return userService.loadCurrentUserJsonDto();
    }
 }
--- a/src/main/java/cc/wdcy/web/controller/unity/UnityController.java
+++ b/src/main/java/cc/wdcy/web/controller/unity/UnityController.java
@ -2,14 +2,10 @@ package cc.wdcy.web.controller.unity;
 import cc.wdcy.domain.dto.UserJsonDto;
 import cc.wdcy.service.UserService;
 import net.sf.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
-
+import org.springframework.web.bind.annotation.ResponseBody;
 import javax.servlet.http.HttpServletResponse;
 import static cc.wdcy.web.WebUtils.writeJson;
 /**
 * @author Shengzhao Li
@ -29,9 +25,9 @@ public class UnityController {
    }
    @RequestMapping("user_info")
-    public void userInfo(HttpServletResponse response) throws Exception {
+    @ResponseBody
-        final UserJsonDto jsonDto = userService.loadCurrentUserJsonDto();
+    public UserJsonDto userInfo() throws Exception {
-        writeJson(response, JSONObject.fromObject(jsonDto));
+        return userService.loadCurrentUserJsonDto();
    }
 }
--- a/src/main/java/cc/wdcy/web/oauth/OauthUserApprovalHandler.java
+++ b/src/main/java/cc/wdcy/web/oauth/OauthUserApprovalHandler.java
@ -4,12 +4,12 @@ import cc.wdcy.domain.oauth.OauthClientDetails;
 import cc.wdcy.service.OauthService;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
-import org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler;
+import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
 /**
 * @author Shengzhao Li
 */
-public class OauthUserApprovalHandler extends TokenServicesUserApprovalHandler {
+public class OauthUserApprovalHandler extends TokenStoreUserApprovalHandler {
    private OauthService oauthService;
--- a/src/main/resources/spring/context.xml
+++ b/src/main/resources/spring/context.xml
@ -3,9 +3,9 @@
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
-			http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+			http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
 		  http://www.springframework.org/schema/tx
-		  http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+		  http://www.springframework.org/schema/tx/spring-tx-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">
    <!--annotation configuration -->
--- a/src/main/resources/spring/security.xml
+++ b/src/main/resources/spring/security.xml
@ -4,9 +4,9 @@
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
             xmlns:mvc="http://www.springframework.org/schema/mvc"
-             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
                        http://www.springframework.org/schema/security
-                        http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
+                        http://www.springframework.org/schema/security/spring-security-4.0.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
    <!--<debug/>-->
@ -23,35 +23,38 @@
    <mvc:default-servlet-handler/>
    <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="oauth2AuthenticationManager"
-          entry-point-ref="oauth2AuthenticationEntryPoint">
+          entry-point-ref="oauth2AuthenticationEntryPoint" use-expressions="false">
        <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
        <anonymous enabled="false"/>
        <http-basic entry-point-ref="oauth2AuthenticationEntryPoint"/>
        <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/>
        <access-denied-handler ref="oauth2AccessDeniedHandler"/>
        <csrf disabled="true"/>
    </http>
    <!--unity http configuration-->
    <http pattern="/unity/**" create-session="never" entry-point-ref="oauth2AuthenticationEntryPoint"
-          access-decision-manager-ref="oauth2AccessDecisionManager">
+          access-decision-manager-ref="oauth2AccessDecisionManager" use-expressions="false">
        <anonymous enabled="false"/>
        <intercept-url pattern="/unity/**" access="ROLE_UNITY,SCOPE_READ"/>
        <custom-filter ref="unityResourceServer" before="PRE_AUTH_FILTER"/>
        <access-denied-handler ref="oauth2AccessDeniedHandler"/>
        <csrf disabled="true"/>
    </http>
    <!--mobile http configuration-->
    <http pattern="/m/**" create-session="never" entry-point-ref="oauth2AuthenticationEntryPoint"
-          access-decision-manager-ref="oauth2AccessDecisionManager">
+          access-decision-manager-ref="oauth2AccessDecisionManager" use-expressions="false">
        <anonymous enabled="false"/>
        <intercept-url pattern="/m/**" access="ROLE_MOBILE,SCOPE_READ"/>
        <custom-filter ref="mobileResourceServer" before="PRE_AUTH_FILTER"/>
        <access-denied-handler ref="oauth2AccessDeniedHandler"/>
        <csrf disabled="true"/>
    </http>
    <beans:bean id="clientCredentialsTokenEndpointFilter"
@ -87,7 +90,7 @@
    <!--Config token services-->
    <!--<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore"/>-->
-    <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
+    <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
        <beans:constructor-arg index="0" ref="dataSource"/>
    </beans:bean>
@ -104,8 +107,16 @@
    <!--<oauth2:expression-handler id="oauth2ExpressionHandler"/>-->
    <!--<oauth2:web-expression-handler id="oauth2WebExpressionHandler"/>-->
    <beans:bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory"
                id="oAuth2RequestFactory">
        <beans:constructor-arg name="clientDetailsService" ref="clientDetailsService"/>
    </beans:bean>
    <beans:bean id="oauthUserApprovalHandler" class="cc.wdcy.web.oauth.OauthUserApprovalHandler">
-        <beans:property name="tokenServices" ref="tokenServices"/>
+        <beans:property name="tokenStore" ref="tokenStore"/>
        <beans:property name="clientDetailsService" ref="clientDetailsService"/>
        <beans:property name="requestFactory" ref="oAuth2RequestFactory"/>
        <beans:property name="oauthService" ref="oauthService"/>
    </beans:bean>
@ -156,7 +167,7 @@
                class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
-    <http access-denied-page="/login.jsp?authorization_error=2" disable-url-rewriting="true"
+    <http disable-url-rewriting="true" use-expressions="false"
          authentication-manager-ref="authenticationManager">
        <intercept-url pattern="/oauth/**" access="ROLE_USER,ROLE_UNITY,ROLE_MOBILE"/>
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
@ -164,7 +175,9 @@
        <form-login authentication-failure-url="/login.jsp?authentication_error=1" default-target-url="/index.jsp"
                    login-page="/login.jsp" login-processing-url="/login.do"/>
        <logout logout-success-url="/index.jsp" logout-url="/logout.do"/>
        <access-denied-handler error-page="/login.jsp?authorization_error=2"/>
        <anonymous/>
        <csrf disabled="true"/>
    </http>
--- a/src/main/resources/spring/transaction.xml
+++ b/src/main/resources/spring/transaction.xml
@ -3,7 +3,7 @@
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
-			http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
+			http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd">
    <!--aop-->
    <aop:config>
--- a/src/main/webapp/WEB-INF/wdcy-servlet.xml
+++ b/src/main/webapp/WEB-INF/wdcy-servlet.xml
@ -18,11 +18,8 @@
    <mvc:resources mapping="/index.jsp*" location="/index.jsp"/>
    <mvc:resources mapping="/resources/**" location="/resources/"/>
-    <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
+    <mvc:annotation-driven/>
-        <property name="order" value="2"/>
+    <mvc:default-servlet-handler/>
    </bean>
    <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
    </bean>
    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
--- a/src/main/webapp/login.jsp
+++ b/src/main/webapp/login.jsp
@ -16,11 +16,11 @@
 <form action="${pageContext.request.contextPath}/login.do" method="post">
    <label for="username">Username:</label>
-    <input type="text" id="username" name="j_username" value="" required="required"/>
+    <input type="text" id="username" name="username" value="" required="required"/>
    <br/>
    <br/>
    <label for="password">Password:</label>
-    <input type="password" name="j_password" id="password" value="" required="required"/>
+    <input type="password" name="password" id="password" value="" required="required"/>
    <br/>
    <input type="submit" value="Login" class="btn btn-primary"/>
    <span class="text-danger">