├── README.adoc
├── basic-resource-server
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── README.adoc
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── habuma
│ │ │ ├── HttpBasicSecuredApplication.java
│ │ │ ├── SecuredController.java
│ │ │ ├── SecurityConfig.java
│ │ │ └── UnsecuredController.java
│ └── resources
│ │ └── application.properties
│ └── test
│ └── java
│ └── habuma
│ └── HttpBasicSecuredApplicationTests.java
├── jwt-auth-server
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── README.adoc
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── habuma
│ │ │ ├── JwtAuthServerApplication.java
│ │ │ ├── OAuth2AuthorizationServerConfig.java
│ │ │ └── SecurityConfig.java
│ └── resources
│ │ └── application.yml
│ └── test
│ └── java
│ └── habuma
│ └── JwtAuthServerApplicationTests.java
├── jwt-resource-server
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── README.adoc
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── habuma
│ │ │ ├── JwtResourceServerApplication.java
│ │ │ ├── OAuth2ResourceServerConfig.java
│ │ │ ├── SecuredController.java
│ │ │ └── UnsecuredController.java
│ └── resources
│ │ └── application.properties
│ └── test
│ └── java
│ └── habuma
│ └── JwtResourceServerApplicationTests.java
├── oauth-auth-server
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── README.adoc
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── habuma
│ │ │ ├── OAuth2AuthorizationServerConfig.java
│ │ │ ├── OAuthAuthServerApplication.java
│ │ │ └── SecurityConfig.java
│ └── resources
│ │ └── application.yml
│ └── test
│ └── java
│ └── habuma
│ └── OAuthAuthServerApplicationTests.java
└── oauth-resource-server
├── .gitignore
├── .mvn
└── wrapper
│ ├── maven-wrapper.jar
│ └── maven-wrapper.properties
├── README.adoc
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
├── main
├── java
│ └── habuma
│ │ ├── OAuth2ResourceServerConfig.java
│ │ ├── OAuthResourceServerApplication.java
│ │ ├── SecuredController.java
│ │ └── UnsecuredController.java
└── resources
│ └── application.properties
└── test
└── java
└── habuma
└── OAuthResourceServerApplicationTests.java
/README.adoc:
--------------------------------------------------------------------------------
1 | = Spring Security OAuth2 + JWT Examples
2 |
3 | This is a simple example of using Spring Security OAuth2 to provide
4 | an OAuth2 authorization server that issues JWT tokens as well as an
5 | API secured by an OAuth2 resource server that accepts those tokens.
6 |
7 | There are two Spring Boot applications contained in this repository:
8 |
9 | * `jwt-auth-server` : The authorization server.
10 | * `jwt-resource-server` : The API secured with an OAuth2 resource server.
11 |
12 | See each application's individual README.adoc files for details on
13 | building and running them.
14 |
15 | [NOTE]
16 | ====
17 | These projects are based on Spring Security for OAuth2 (S2OAuth), a
18 | separate extension for Spring Security. The roadmap for Spring
19 | Security has it eventually absorbing most/all of S2OAuth.
20 |
21 | Resource server support is slated for inclusion in Spring Security
22 | 5.1. Authorization server support will follow in Spring Security
23 | 5.2. As those versions of Spring Security become fully available,
24 | this example should (and will) be updated to showcase the new way
25 | of creating OAuth2 authorization and resource servers.
26 | ====
27 |
--------------------------------------------------------------------------------
/basic-resource-server/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /build/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
--------------------------------------------------------------------------------
/basic-resource-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/basic-resource-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/basic-resource-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip
2 |
--------------------------------------------------------------------------------
/basic-resource-server/README.adoc:
--------------------------------------------------------------------------------
1 | = Spring Security Basic Authentication Resource Server
2 |
3 | This is a simple example of using Spring Security and Spring MVC
4 | to provide an API that is secured by HTTP Basic authentication.
5 |
6 | == Building and running
7 |
8 | You can run the application directly from Maven using the Spring Boot
9 | Maven plugin:
10 |
11 | [source,sh]
12 | ----
13 | $ ./mvnw spring-boot:run
14 | ----
15 |
16 | Or you can build the application with Maven and then run the resulting
17 | JAR file:
18 |
19 | [source,sh]
20 | ----
21 | $ ./mvnw package
22 | $ java -jar target/basic-resource-server-0.0.1-SNAPSHOT.jar
23 | ----
24 |
25 | Or you may import the project into your IDE of choice and run it from there.
26 |
27 | Once the application is running, the API and resource server will be listening
28 | for requests on port 8080.
29 |
30 | == Consuming the API
31 |
32 | The API provided by this application has two endpoints:
33 |
34 | * `/unsecured` - An unsecured endpoint that requires no authentication.
35 | * `/secured` - A secured endpoint that can only be access with HTTP Basic authentication in the request.
36 |
37 | Using `curl`, you should be able to consume the `/unsecured` endpoint without any
38 | restriction:
39 |
40 | [source,sh]
41 | ----
42 | $ curl localhost:8080/unsecured
43 | This is an unsecured resource
44 | ----
45 |
46 | If, however, you attempt to consume the `/secured` endpoint without providing user
47 | credentials, you will receive an HTTP 401 (Unauthorized) response:
48 |
49 | [source,sh]
50 | ----
51 | $ curl localhost:8080/secured
52 | {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
53 | ----
54 |
55 | In order to successfully access the `/secured` endpoint, you'll need to provide
56 | a username and password in the `Authorization` header of the request. There are
57 | two users available: habuma and izzy. Both have "password" as their password.
58 | You can make a successful request with `curl` like this:
59 |
60 | [source,sh]
61 | ----
62 | $ curl localhost:8080/secured -u habuma:password
63 | This is a SECURED resource. Authentication: habuma; Authorities: [ROLE_ADMIN, ROLE_USER]
64 | ----
65 |
--------------------------------------------------------------------------------
/basic-resource-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Migwn, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
204 | echo $MAVEN_PROJECTBASEDIR
205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
206 |
207 | # For Cygwin, switch paths to Windows format before running java
208 | if $cygwin; then
209 | [ -n "$M2_HOME" ] &&
210 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
211 | [ -n "$JAVA_HOME" ] &&
212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
213 | [ -n "$CLASSPATH" ] &&
214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
215 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
217 | fi
218 |
219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
220 |
221 | exec "$JAVACMD" \
222 | $MAVEN_OPTS \
223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
226 |
--------------------------------------------------------------------------------
/basic-resource-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
40 |
41 | @REM set %HOME% to equivalent of $HOME
42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
43 |
44 | @REM Execute a user defined script before this one
45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
49 | :skipRcPre
50 |
51 | @setlocal
52 |
53 | set ERROR_CODE=0
54 |
55 | @REM To isolate internal variables from possible post scripts, we use another setlocal
56 | @setlocal
57 |
58 | @REM ==== START VALIDATION ====
59 | if not "%JAVA_HOME%" == "" goto OkJHome
60 |
61 | echo.
62 | echo Error: JAVA_HOME not found in your environment. >&2
63 | echo Please set the JAVA_HOME variable in your environment to match the >&2
64 | echo location of your Java installation. >&2
65 | echo.
66 | goto error
67 |
68 | :OkJHome
69 | if exist "%JAVA_HOME%\bin\java.exe" goto init
70 |
71 | echo.
72 | echo Error: JAVA_HOME is set to an invalid directory. >&2
73 | echo JAVA_HOME = "%JAVA_HOME%" >&2
74 | echo Please set the JAVA_HOME variable in your environment to match the >&2
75 | echo location of your Java installation. >&2
76 | echo.
77 | goto error
78 |
79 | @REM ==== END VALIDATION ====
80 |
81 | :init
82 |
83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
84 | @REM Fallback to current working directory if not found.
85 |
86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
88 |
89 | set EXEC_DIR=%CD%
90 | set WDIR=%EXEC_DIR%
91 | :findBaseDir
92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
93 | cd ..
94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
95 | set WDIR=%CD%
96 | goto findBaseDir
97 |
98 | :baseDirFound
99 | set MAVEN_PROJECTBASEDIR=%WDIR%
100 | cd "%EXEC_DIR%"
101 | goto endDetectBaseDir
102 |
103 | :baseDirNotFound
104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
105 | cd "%EXEC_DIR%"
106 |
107 | :endDetectBaseDir
108 |
109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
110 |
111 | @setlocal EnableExtensions EnableDelayedExpansion
112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
114 |
115 | :endReadAdditionalConfig
116 |
117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
118 |
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
123 | if ERRORLEVEL 1 goto error
124 | goto end
125 |
126 | :error
127 | set ERROR_CODE=1
128 |
129 | :end
130 | @endlocal & set ERROR_CODE=%ERROR_CODE%
131 |
132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
136 | :skipRcPost
137 |
138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
140 |
141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
142 |
143 | exit /B %ERROR_CODE%
144 |
--------------------------------------------------------------------------------
/basic-resource-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.habuma
8 | basic-resource-server
9 | 0.0.1-SNAPSHOT
10 | jar
11 |
12 | basic-resource-server
13 | Spring Security HTTP Basic Resource Server
14 |
15 |
16 | org.springframework.boot
17 | spring-boot-starter-parent
18 | 2.1.4.RELEASE
19 |
20 |
21 |
22 |
23 | UTF-8
24 | UTF-8
25 | 1.8
26 |
27 |
28 |
29 |
30 |
31 | org.springframework.boot
32 | spring-boot-starter-web
33 |
34 |
35 |
36 |
37 | org.springframework.boot
38 | spring-boot-starter-security
39 |
40 |
41 |
42 |
43 | org.springframework.boot
44 | spring-boot-starter-actuator
45 |
46 |
47 |
48 |
49 | org.springframework.boot
50 | spring-boot-devtools
51 | runtime
52 |
53 |
54 |
55 |
56 | org.springframework.boot
57 | spring-boot-starter-test
58 | test
59 |
60 |
61 | org.springframework.security
62 | spring-security-test
63 | test
64 |
65 |
66 |
67 |
68 |
69 |
70 | org.springframework.boot
71 | spring-boot-maven-plugin
72 |
73 |
74 |
75 |
76 |
77 |
--------------------------------------------------------------------------------
/basic-resource-server/src/main/java/habuma/HttpBasicSecuredApplication.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class HttpBasicSecuredApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(HttpBasicSecuredApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/basic-resource-server/src/main/java/habuma/SecuredController.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.security.core.Authentication;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.RequestMapping;
6 | import org.springframework.web.bind.annotation.RestController;
7 |
8 | @RestController
9 | @RequestMapping("/secured")
10 | public class SecuredController {
11 |
12 | @GetMapping
13 | public String securedResource(Authentication auth) {
14 | return "This is a SECURED resource. Authentication: " + auth.getName() + "; Authorities: " + auth.getAuthorities();
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/basic-resource-server/src/main/java/habuma/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.security.authentication.AuthenticationManager;
6 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10 | import org.springframework.security.crypto.password.NoOpPasswordEncoder;
11 | import org.springframework.security.crypto.password.PasswordEncoder;
12 |
13 | @SuppressWarnings("deprecation") // For NoOpPasswordEncoder
14 | @Configuration
15 | @EnableWebSecurity
16 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
17 |
18 | @Override
19 | @Bean
20 | public AuthenticationManager authenticationManagerBean() throws Exception {
21 | return super.authenticationManagerBean();
22 | }
23 |
24 | @Override
25 | public void configure(HttpSecurity http) throws Exception {
26 | //@formatter:off
27 | http
28 | .httpBasic()
29 | .and()
30 | .authorizeRequests()
31 | .antMatchers("/secured").hasAnyRole("USER")
32 | .anyRequest().permitAll();
33 | //@formatter:on
34 | }
35 |
36 | @Override
37 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
38 | //@formatter:off
39 | auth.inMemoryAuthentication()
40 | .withUser("habuma").password("password").authorities("ROLE_USER", "ROLE_ADMIN")
41 | .and()
42 | .withUser("izzy").password("password").authorities("ROLE_USER");
43 | //@formatter:on
44 | }
45 |
46 | // Using NoOpPasswordEncoder for simplicity's sake
47 | @Bean
48 | public PasswordEncoder passwordEncoder() {
49 | return NoOpPasswordEncoder.getInstance();
50 | }
51 |
52 | }
53 |
--------------------------------------------------------------------------------
/basic-resource-server/src/main/java/habuma/UnsecuredController.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.web.bind.annotation.GetMapping;
4 | import org.springframework.web.bind.annotation.RequestMapping;
5 | import org.springframework.web.bind.annotation.RestController;
6 |
7 | @RestController
8 | @RequestMapping("/unsecured")
9 | public class UnsecuredController {
10 |
11 | @GetMapping
12 | public String unsecuredResource() {
13 | return "This is an unsecured resource";
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/basic-resource-server/src/main/resources/application.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/basic-resource-server/src/main/resources/application.properties
--------------------------------------------------------------------------------
/basic-resource-server/src/test/java/habuma/HttpBasicSecuredApplicationTests.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class HttpBasicSecuredApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/jwt-auth-server/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /build/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
--------------------------------------------------------------------------------
/jwt-auth-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/jwt-auth-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/jwt-auth-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip
2 |
--------------------------------------------------------------------------------
/jwt-auth-server/README.adoc:
--------------------------------------------------------------------------------
1 | = Spring Security OAuth2 + JWT Authorization Server
2 |
3 | This is a simple example of using Spring Security OAuth2 to provide an
4 | authorization server that produces JWT access tokens.
5 |
6 | == Building and running
7 |
8 | You can run the application directly from Maven using the Spring Boot
9 | Maven plugin:
10 |
11 | [source,sh]
12 | ----
13 | $ ./mvnw spring-boot:run
14 | ----
15 |
16 | Or you can build the application with Maven and then run the resulting
17 | JAR file:
18 |
19 | [source,sh]
20 | ----
21 | $ ./mvnw package
22 | $ java -jar target/jwt-auth-server-0.0.1-SNAPSHOT.jar
23 | ----
24 |
25 | Or you may import the project into your IDE of choice and run it from there.
26 |
27 | Once the application is running, the authorization server will be listening
28 | for requests on port 9999.
29 |
30 | == Obtaining an access token
31 |
32 | This authorization server uses in-memory stores for both users and clients.
33 | In-memory stores were chosen to simplify the example. In a real production-ready
34 | scenario, you should use a different store (JDBC-based, for example).
35 |
36 | There are two users:
37 |
38 | * **Username**: habuma; **Password**: password
39 | * **Username**: izzy; **Password**: password
40 |
41 | There is only one client:
42 |
43 | * **Client ID**: myclient; **Client Secret**: secret
44 |
45 | Using the `curl` command line tool, you can request a token as follows
46 | (for the "habuma" user):
47 |
48 | [source,sh]
49 | ----
50 | $ curl http://localhost:9999/oauth/token \
51 | -d"grant_type=password&username=habuma&password=password" \
52 | -H"Content-type:application/x-www-form-urlencoded; charset=utf-8" \
53 | -u myclient:secret
54 | ----
55 |
56 | If you have the `jq` command line tool (https://stedolan.github.io/jq/) installed,
57 | it may be useful to extract the token value into an environment variable for later
58 | use:
59 |
60 | [source,sh]
61 | ----
62 | $ export ACCESS_TOKEN=`curl http://localhost:9999/oauth/token \
63 | -d"grant_type=password&username=habuma&password=password" \
64 | -H"Content-type:application/x-www-form-urlencoded; charset=utf-8" \
65 | -u myclient:secret --silent | jq -r ".access_token"`
66 | ----
67 |
68 | == Decoding the token
69 |
70 | JWT tokens are actually three JSON objects that carry claim information about the
71 | authorization, encoded into a `String`. That `String` is decoded by the resource server
72 | (and validated with the token's signature) to determine if the token carries
73 | adequate authority to perform a request. But you can decode it and see its payload
74 | by pasting the token into a form at https://jwt.io/.
75 |
76 | For example, a token issued by the authorization server for the "izzy" user might
77 | look like this:
78 |
79 | [source]
80 | ----
81 | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MzUyMjM2MzQsInVzZXJfbmFtZSI6Iml6enkiLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiYTlkNjQ4OWUtZmI2ZC00NGE5LTlkMzUtMThlOWYzODUxNTcyIiwiY2xpZW50X2lkIjoibXljbGllbnQiLCJzY29wZSI6WyJyZWFkIl19.ADWvi_RvL1IQz4rfduhduAWVt0aDB8LfsP6ewlTQ2sQ
82 | ----
83 |
84 | As you can see, it's not very human readable. That is, until you paste it into the
85 | form at https://jwt.io. Doing so yields the following decoded header:
86 |
87 | [source,json]
88 | ----
89 | {
90 | "alg": "HS256",
91 | "typ": "JWT"
92 | }
93 | ----
94 |
95 | This tells us that the token is a JWT token, encoded with "HS256" encoding. As for
96 | the payload:
97 |
98 | .Payload:
99 | [source,json]
100 | ----
101 | {
102 | "exp": 1535223634,
103 | "user_name": "izzy",
104 | "authorities": [
105 | "ROLE_USER"
106 | ],
107 | "jti": "a9d6489e-fb6d-44a9-9d35-18e9f3851572",
108 | "client_id": "myclient",
109 | "scope": [
110 | "read"
111 | ]
112 | }
113 | ----
114 |
115 | This tells us (among other things) that the token expires at 1535223634ms and was
116 | issued for the user named "izzy" who has "ROLE_USER" authority and OAuth2 "read" scope.
117 |
118 | The third component is the signature that is used to validate the contents. This
119 | helps the resource server know that the token was issued by a trusted authorization
120 | server and not synthesized in a malicious attempt to gain access to the resource
121 | server's resources.
122 |
123 | == Obtaining an access token via Client Credentials Grant
124 |
125 | If the resources your client is accessing are not user-specific, the client
126 | can obtain a token via Client Credentials Grant.
127 |
128 | Using the `curl` command line tool, you can request a token as follows
129 | (for the "habuma" user):
130 |
131 | [source,sh]
132 | ----
133 | $ curl http://localhost:9999/oauth/token \
134 | -d"grant_type=client_credentials" \
135 | -H"Content-type:application/x-www-form-urlencoded; charset=utf-8" \
136 | -u myclient:secret
137 | ----
138 |
139 | == Obtaining an access token via Authorization Code Grant
140 |
141 | Optionally, you can use Authorization Code Grant to obtain an access
142 | token. This grant flow is most suitable when the client is a web application,
143 | or a similar client. (Alexa skills can act as a connected client using
144 | Authorization Code Grant, for example.)
145 |
146 | First, point your browser to the authorization URL:
147 |
148 | ```
149 | http://localhost:9999/oauth/authorize?client_id=myclient&response_type=code&redirect_uri=http://localhost:9191/x
150 | ```
151 |
152 | If you've not already done this and haven't logged in, you'll be prompted to
153 | login. Use either "habuma" and "password" or "izzy" and "password" as your
154 | credentials.
155 |
156 | Next, you'll be prompted to either authorize the client or deny authorization.
157 | Assuming that you accept authorization and submit the form, you'll be redirected
158 | to a bogus URL at http://localhost:9191/x with an authorization code in the URL
159 | as a `code` parameter. (In a real application, this redirect URI would be a resource
160 | on your application that accepts the code and exchanges it for an access token.)
161 |
162 | Finally, make a POST request to the oauth/token path on the authorization server
163 | to exchange the authorization code for an access token ("y5wUpL" in this example):
164 |
165 | [souorce,sh]
166 | ----
167 | $ curl localhost:9999/oauth/token \
168 | -H"Content-type: application/x-www-form-urlencoded" \
169 | -d'grant_type=authorization_code&redirect_uri=http://localhost:9191/x&code=y5wUpL' \
170 | -u myclient:secret
171 | ----
172 |
173 | The access token will be returned in the response.
174 |
175 | == Obtaining an access token via Implicit Grant
176 |
177 | Finally, another way to obtain an access token is via Implicit Grant.
178 | This grant flow is best for situations when it would be awkward or impossible
179 | to exchange an authorization code for a token and you just want to get the
180 | token directly after authorization. (Alexa skills can also use Implict Grant
181 | to obtain access tokens when connecting to an external API.)
182 |
183 | First, point your browser to the authorization URL:
184 |
185 | ```
186 | http://localhost:9999/oauth/authorize?client_id=myclient&response_type=token&redirect_uri=http://localhost:9191/x
187 | ```
188 |
189 | If you've not already done this and haven't logged in, you'll be prompted to
190 | login. Use either "habuma" and "password" or "izzy" and "password" as your
191 | credentials.
192 |
193 | Next, you'll be prompted to either authorize the client or deny authorization.
194 | Assuming that you accept authorization and submit the form, you'll be redirected
195 | to a bogus URL at http://localhost:9191/x with the access token in the URL
196 | as an `access_token` hash parameter. (In a real application, this redirect URI
197 | would be a resource on your application that accepts the token for its own
198 | user.)
199 |
--------------------------------------------------------------------------------
/jwt-auth-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Migwn, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
204 | echo $MAVEN_PROJECTBASEDIR
205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
206 |
207 | # For Cygwin, switch paths to Windows format before running java
208 | if $cygwin; then
209 | [ -n "$M2_HOME" ] &&
210 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
211 | [ -n "$JAVA_HOME" ] &&
212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
213 | [ -n "$CLASSPATH" ] &&
214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
215 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
217 | fi
218 |
219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
220 |
221 | exec "$JAVACMD" \
222 | $MAVEN_OPTS \
223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
226 |
--------------------------------------------------------------------------------
/jwt-auth-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
40 |
41 | @REM set %HOME% to equivalent of $HOME
42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
43 |
44 | @REM Execute a user defined script before this one
45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
49 | :skipRcPre
50 |
51 | @setlocal
52 |
53 | set ERROR_CODE=0
54 |
55 | @REM To isolate internal variables from possible post scripts, we use another setlocal
56 | @setlocal
57 |
58 | @REM ==== START VALIDATION ====
59 | if not "%JAVA_HOME%" == "" goto OkJHome
60 |
61 | echo.
62 | echo Error: JAVA_HOME not found in your environment. >&2
63 | echo Please set the JAVA_HOME variable in your environment to match the >&2
64 | echo location of your Java installation. >&2
65 | echo.
66 | goto error
67 |
68 | :OkJHome
69 | if exist "%JAVA_HOME%\bin\java.exe" goto init
70 |
71 | echo.
72 | echo Error: JAVA_HOME is set to an invalid directory. >&2
73 | echo JAVA_HOME = "%JAVA_HOME%" >&2
74 | echo Please set the JAVA_HOME variable in your environment to match the >&2
75 | echo location of your Java installation. >&2
76 | echo.
77 | goto error
78 |
79 | @REM ==== END VALIDATION ====
80 |
81 | :init
82 |
83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
84 | @REM Fallback to current working directory if not found.
85 |
86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
88 |
89 | set EXEC_DIR=%CD%
90 | set WDIR=%EXEC_DIR%
91 | :findBaseDir
92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
93 | cd ..
94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
95 | set WDIR=%CD%
96 | goto findBaseDir
97 |
98 | :baseDirFound
99 | set MAVEN_PROJECTBASEDIR=%WDIR%
100 | cd "%EXEC_DIR%"
101 | goto endDetectBaseDir
102 |
103 | :baseDirNotFound
104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
105 | cd "%EXEC_DIR%"
106 |
107 | :endDetectBaseDir
108 |
109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
110 |
111 | @setlocal EnableExtensions EnableDelayedExpansion
112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
114 |
115 | :endReadAdditionalConfig
116 |
117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
118 |
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
123 | if ERRORLEVEL 1 goto error
124 | goto end
125 |
126 | :error
127 | set ERROR_CODE=1
128 |
129 | :end
130 | @endlocal & set ERROR_CODE=%ERROR_CODE%
131 |
132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
136 | :skipRcPost
137 |
138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
140 |
141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
142 |
143 | exit /B %ERROR_CODE%
144 |
--------------------------------------------------------------------------------
/jwt-auth-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.habuma
8 | jwt-authorization-server
9 | 0.0.1-SNAPSHOT
10 | jar
11 |
12 | jwt-auth-server
13 | Spring Security JWT Authorization Server
14 |
15 |
16 | org.springframework.boot
17 | spring-boot-starter-parent
18 | 2.1.4.RELEASE
19 |
20 |
21 |
22 |
23 | UTF-8
24 | UTF-8
25 | 1.8
26 | 2.3.5.RELEASE
27 | 1.0.9.RELEASE
28 |
29 |
30 |
31 |
32 |
33 | org.springframework.boot
34 | spring-boot-starter-web
35 |
36 |
37 |
38 |
39 | org.springframework.boot
40 | spring-boot-starter-security
41 |
42 |
43 |
44 |
45 | org.springframework.security.oauth
46 | spring-security-oauth2
47 | ${spring-security-oauth2.version}
48 |
49 |
50 | org.springframework.security
51 | spring-security-jwt
52 | ${spring-security-jwt.version}
53 |
54 |
55 |
56 |
57 | org.springframework.boot
58 | spring-boot-starter-actuator
59 |
60 |
61 |
62 |
63 | org.springframework.boot
64 | spring-boot-devtools
65 | runtime
66 |
67 |
68 |
69 |
70 | org.springframework.boot
71 | spring-boot-starter-test
72 | test
73 |
74 |
75 | org.springframework.security
76 | spring-security-test
77 | test
78 |
79 |
80 |
81 |
82 |
83 |
84 | org.springframework.boot
85 | spring-boot-maven-plugin
86 |
87 |
88 |
89 |
90 |
91 |
--------------------------------------------------------------------------------
/jwt-auth-server/src/main/java/habuma/JwtAuthServerApplication.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class JwtAuthServerApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(JwtAuthServerApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/jwt-auth-server/src/main/java/habuma/OAuth2AuthorizationServerConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.beans.factory.annotation.Qualifier;
5 | import org.springframework.context.annotation.Bean;
6 | import org.springframework.context.annotation.Configuration;
7 | import org.springframework.context.annotation.Primary;
8 | import org.springframework.security.authentication.AuthenticationManager;
9 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
10 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
11 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
12 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
13 | import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
14 | import org.springframework.security.oauth2.provider.token.TokenStore;
15 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
16 | import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
17 |
18 | @Configuration
19 | @EnableAuthorizationServer
20 | public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
21 |
22 | @Autowired
23 | @Qualifier("authenticationManagerBean")
24 | private AuthenticationManager authenticationManager;
25 |
26 | // Configure the token store and authentication manager
27 | @Override
28 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
29 | //@formatter:off
30 | endpoints
31 | .tokenStore(tokenStore())
32 | .accessTokenConverter(accessTokenConverter()) // added for JWT
33 | .authenticationManager(authenticationManager);
34 | //@formatter:on
35 | }
36 |
37 | // Configure a client store. In-memory for simplicity, but consider other
38 | // options for real apps.
39 | @Override
40 | public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
41 | //@formatter:off
42 | clients
43 | .inMemory()
44 | .withClient("myclient")
45 | .secret("secret")
46 | .authorizedGrantTypes("authorization_code", "implicit", "password", "client_credentials", "refresh_token")
47 | .scopes("read")
48 | .redirectUris("http://localhost:9191/x")
49 | .accessTokenValiditySeconds(86400); // 24 hours
50 | //@formatter:on
51 | }
52 |
53 | // A token store bean. JWT token store
54 | @Bean
55 | public TokenStore tokenStore() {
56 | return new JwtTokenStore(accessTokenConverter()); // For JWT. Use in-memory, jdbc, or other if not JWT
57 | }
58 |
59 | // Token converter. Needed for JWT
60 | @Bean
61 | public JwtAccessTokenConverter accessTokenConverter() {
62 | JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
63 | converter.setSigningKey("123"); // symmetric key
64 | return converter;
65 | }
66 |
67 | // Token services. Needed for JWT
68 | @Bean
69 | @Primary
70 | public DefaultTokenServices tokenServices() {
71 | DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
72 | defaultTokenServices.setTokenStore(tokenStore());
73 | return defaultTokenServices;
74 | }
75 | }
76 |
--------------------------------------------------------------------------------
/jwt-auth-server/src/main/java/habuma/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.security.authentication.AuthenticationManager;
6 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
8 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
9 | import org.springframework.security.crypto.password.NoOpPasswordEncoder;
10 | import org.springframework.security.crypto.password.PasswordEncoder;
11 |
12 | @SuppressWarnings("deprecation") // For NoOpPasswordEncoder
13 | @Configuration
14 | @EnableWebSecurity
15 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
16 |
17 | @Override
18 | @Bean
19 | public AuthenticationManager authenticationManagerBean() throws Exception {
20 | return super.authenticationManagerBean();
21 | }
22 |
23 | @Override
24 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
25 | //@formatter:off
26 | auth.inMemoryAuthentication()
27 | .withUser("habuma").password("password").authorities("ROLE_USER", "ROLE_ADMIN")
28 | .and()
29 | .withUser("izzy").password("password").authorities("ROLE_USER");
30 | //@formatter:on
31 | }
32 |
33 | // Using NoOpPasswordEncoder for simplicity's sake
34 | @Bean
35 | public PasswordEncoder passwordEncoder() {
36 | return NoOpPasswordEncoder.getInstance();
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/jwt-auth-server/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | server:
2 | port: 9999
--------------------------------------------------------------------------------
/jwt-auth-server/src/test/java/habuma/JwtAuthServerApplicationTests.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class JwtAuthServerApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/jwt-resource-server/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /build/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
--------------------------------------------------------------------------------
/jwt-resource-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/jwt-resource-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/jwt-resource-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip
2 |
--------------------------------------------------------------------------------
/jwt-resource-server/README.adoc:
--------------------------------------------------------------------------------
1 | = Spring Security OAuth2 + JWT Resource Server
2 |
3 | This is a simple example of using Spring Security OAuth2 and Spring MVC
4 | to provide an API that is secured by an OAuth2 resource server that accepts
5 | JWT access tokens.
6 |
7 | == Building and running
8 |
9 | You can run the application directly from Maven using the Spring Boot
10 | Maven plugin:
11 |
12 | [source,sh]
13 | ----
14 | $ ./mvnw spring-boot:run
15 | ----
16 |
17 | Or you can build the application with Maven and then run the resulting
18 | JAR file:
19 |
20 | [source,sh]
21 | ----
22 | $ ./mvnw package
23 | $ java -jar target/jwt-resource-server-0.0.1-SNAPSHOT.jar
24 | ----
25 |
26 | Or you may import the project into your IDE of choice and run it from there.
27 |
28 | Once the application is running, the API and resource server will be listening
29 | for requests on port 8080.
30 |
31 | == Consuming the API
32 |
33 | The API provided by this application has two endpoints:
34 |
35 | * `/unsecured` - An unsecured endpoint that requires no access token.
36 | * `/secured` - A secured endpoint that can only be access with a valid JWT access
37 | token in the request.
38 |
39 | Using `curl`, you should be able to consume the `/unsecured` endpoint without any
40 | restriction:
41 |
42 | [source,sh]
43 | ----
44 | $ curl localhost:8080/unsecured
45 | This is an unsecured resource
46 | ----
47 |
48 | If, however, you attempt to consume the `/secured` endpoint without providing a
49 | valid access token, you will receive an HTTP 401 (Unauthorized) response:
50 |
51 | [source,sh]
52 | ----
53 | $ curl localhost:8080/secured
54 | {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
55 | ----
56 |
57 | In order to successfully access the `/secured` endpoint, you'll need to provide
58 | a valid access token in the `Authorization` header of the request. Assuming that you
59 | have followed the instructions in the jwt-auth-server project's README to obtain
60 | an access token and assign it to the `ACCESS_TOKEN` environment variable, you can make
61 | a successful request with `curl` like this:
62 |
63 | [source,sh]
64 | ----
65 | $ curl localhost:8080/secured -H"Authorization: Bearer $ACCESS_TOKEN"
66 | This is a SECURED resource. Authentication: habuma; Authorities: [ROLE_ADMIN, ROLE_USER]
67 | ----
68 |
69 |
--------------------------------------------------------------------------------
/jwt-resource-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Migwn, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
204 | echo $MAVEN_PROJECTBASEDIR
205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
206 |
207 | # For Cygwin, switch paths to Windows format before running java
208 | if $cygwin; then
209 | [ -n "$M2_HOME" ] &&
210 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
211 | [ -n "$JAVA_HOME" ] &&
212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
213 | [ -n "$CLASSPATH" ] &&
214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
215 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
217 | fi
218 |
219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
220 |
221 | exec "$JAVACMD" \
222 | $MAVEN_OPTS \
223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
226 |
--------------------------------------------------------------------------------
/jwt-resource-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
40 |
41 | @REM set %HOME% to equivalent of $HOME
42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
43 |
44 | @REM Execute a user defined script before this one
45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
49 | :skipRcPre
50 |
51 | @setlocal
52 |
53 | set ERROR_CODE=0
54 |
55 | @REM To isolate internal variables from possible post scripts, we use another setlocal
56 | @setlocal
57 |
58 | @REM ==== START VALIDATION ====
59 | if not "%JAVA_HOME%" == "" goto OkJHome
60 |
61 | echo.
62 | echo Error: JAVA_HOME not found in your environment. >&2
63 | echo Please set the JAVA_HOME variable in your environment to match the >&2
64 | echo location of your Java installation. >&2
65 | echo.
66 | goto error
67 |
68 | :OkJHome
69 | if exist "%JAVA_HOME%\bin\java.exe" goto init
70 |
71 | echo.
72 | echo Error: JAVA_HOME is set to an invalid directory. >&2
73 | echo JAVA_HOME = "%JAVA_HOME%" >&2
74 | echo Please set the JAVA_HOME variable in your environment to match the >&2
75 | echo location of your Java installation. >&2
76 | echo.
77 | goto error
78 |
79 | @REM ==== END VALIDATION ====
80 |
81 | :init
82 |
83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
84 | @REM Fallback to current working directory if not found.
85 |
86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
88 |
89 | set EXEC_DIR=%CD%
90 | set WDIR=%EXEC_DIR%
91 | :findBaseDir
92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
93 | cd ..
94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
95 | set WDIR=%CD%
96 | goto findBaseDir
97 |
98 | :baseDirFound
99 | set MAVEN_PROJECTBASEDIR=%WDIR%
100 | cd "%EXEC_DIR%"
101 | goto endDetectBaseDir
102 |
103 | :baseDirNotFound
104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
105 | cd "%EXEC_DIR%"
106 |
107 | :endDetectBaseDir
108 |
109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
110 |
111 | @setlocal EnableExtensions EnableDelayedExpansion
112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
114 |
115 | :endReadAdditionalConfig
116 |
117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
118 |
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
123 | if ERRORLEVEL 1 goto error
124 | goto end
125 |
126 | :error
127 | set ERROR_CODE=1
128 |
129 | :end
130 | @endlocal & set ERROR_CODE=%ERROR_CODE%
131 |
132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
136 | :skipRcPost
137 |
138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
140 |
141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
142 |
143 | exit /B %ERROR_CODE%
144 |
--------------------------------------------------------------------------------
/jwt-resource-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.habuma
8 | jwt-resource-server
9 | 0.0.1-SNAPSHOT
10 | jar
11 |
12 | jwt-resource-server
13 | Spring Security JWT Resource Server
14 |
15 |
16 | org.springframework.boot
17 | spring-boot-starter-parent
18 | 2.1.4.RELEASE
19 |
20 |
21 |
22 |
23 | UTF-8
24 | UTF-8
25 | 1.8
26 | 2.3.5.RELEASE
27 | 1.0.9.RELEASE
28 |
29 |
30 |
31 |
32 |
33 | org.springframework.boot
34 | spring-boot-starter-web
35 |
36 |
37 |
38 |
39 | org.springframework.security.oauth
40 | spring-security-oauth2
41 | ${spring-security-oauth2.version}
42 |
43 |
44 | org.springframework.security
45 | spring-security-jwt
46 | ${spring-security-jwt.version}
47 |
48 |
49 |
50 |
51 | org.springframework.boot
52 | spring-boot-starter-actuator
53 |
54 |
55 |
56 |
57 | org.springframework.boot
58 | spring-boot-devtools
59 | runtime
60 |
61 |
62 |
63 |
64 | org.springframework.boot
65 | spring-boot-starter-test
66 | test
67 |
68 |
69 |
70 |
71 |
72 |
73 | org.springframework.boot
74 | spring-boot-maven-plugin
75 |
76 |
77 |
78 |
79 |
80 |
--------------------------------------------------------------------------------
/jwt-resource-server/src/main/java/habuma/JwtResourceServerApplication.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class JwtResourceServerApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(JwtResourceServerApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/jwt-resource-server/src/main/java/habuma/OAuth2ResourceServerConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.context.annotation.Primary;
6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
8 | import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
9 | import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
10 | import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
11 | import org.springframework.security.oauth2.provider.token.TokenStore;
12 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
13 | import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
14 |
15 | @Configuration
16 | @EnableResourceServer
17 | public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
18 |
19 | @Override
20 | public void configure(HttpSecurity http) throws Exception {
21 | //@formatter:off
22 | http
23 | .authorizeRequests()
24 | .antMatchers("/secured").authenticated()
25 | .anyRequest().permitAll();
26 | //@formatter:on
27 | }
28 |
29 | @Override
30 | public void configure(ResourceServerSecurityConfigurer config) {
31 | config.tokenServices(tokenServices());
32 | }
33 |
34 | @Bean
35 | public TokenStore tokenStore() {
36 | return new JwtTokenStore(accessTokenConverter());
37 | }
38 |
39 | @Bean
40 | public JwtAccessTokenConverter accessTokenConverter() {
41 | JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
42 | converter.setSigningKey("123"); // symmetric key
43 | return converter;
44 | }
45 |
46 | @Bean
47 | @Primary
48 | public DefaultTokenServices tokenServices() {
49 | DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
50 | defaultTokenServices.setTokenStore(tokenStore());
51 | return defaultTokenServices;
52 | }
53 |
54 | }
55 |
--------------------------------------------------------------------------------
/jwt-resource-server/src/main/java/habuma/SecuredController.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.security.core.Authentication;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.RequestMapping;
6 | import org.springframework.web.bind.annotation.RestController;
7 |
8 | @RestController
9 | @RequestMapping("/secured")
10 | public class SecuredController {
11 |
12 | @GetMapping
13 | public String securedResource(Authentication auth) {
14 | return "This is a SECURED resource. Authentication: " + auth.getName() + "; Authorities: " + auth.getAuthorities();
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/jwt-resource-server/src/main/java/habuma/UnsecuredController.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.web.bind.annotation.GetMapping;
4 | import org.springframework.web.bind.annotation.RequestMapping;
5 | import org.springframework.web.bind.annotation.RestController;
6 |
7 | @RestController
8 | @RequestMapping("/unsecured")
9 | public class UnsecuredController {
10 |
11 | @GetMapping
12 | public String unsecuredResource() {
13 | return "This is an unsecured resource";
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/jwt-resource-server/src/main/resources/application.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/jwt-resource-server/src/main/resources/application.properties
--------------------------------------------------------------------------------
/jwt-resource-server/src/test/java/habuma/JwtResourceServerApplicationTests.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class JwtResourceServerApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/oauth-auth-server/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /build/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
--------------------------------------------------------------------------------
/oauth-auth-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/oauth-auth-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/oauth-auth-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip
2 |
--------------------------------------------------------------------------------
/oauth-auth-server/README.adoc:
--------------------------------------------------------------------------------
1 | = Spring Security OAuth2 Authorization Server
2 |
3 | This is a simple example of using Spring Security OAuth2 to provide an
4 | authorization server that produces opaque access tokens.
5 |
6 | == Building and running
7 |
8 | You can run the application directly from Maven using the Spring Boot
9 | Maven plugin:
10 |
11 | [source,sh]
12 | ----
13 | $ ./mvnw spring-boot:run
14 | ----
15 |
16 | Or you can build the application with Maven and then run the resulting
17 | JAR file:
18 |
19 | [source,sh]
20 | ----
21 | $ ./mvnw package
22 | $ java -jar target/oauth-auth-server-0.0.1-SNAPSHOT.jar
23 | ----
24 |
25 | Or you may import the project into your IDE of choice and run it from there.
26 |
27 | Once the application is running, the authorization server will be listening
28 | for requests on port 9999.
29 |
30 | == Obtaining an access token via Password Grant
31 |
32 | This authorization server uses in-memory stores for both users and clients.
33 | In-memory stores were chosen to simplify the example. In a real production-ready
34 | scenario, you should use a different store (JDBC-based, for example).
35 |
36 | There are two users:
37 |
38 | * **Username**: habuma; **Password**: password
39 | * **Username**: izzy; **Password**: password
40 |
41 | There is only one client:
42 |
43 | * **Client ID**: myclient; **Client Secret**: secret
44 |
45 | Using the `curl` command line tool, you can request a token as follows
46 | (for the "habuma" user):
47 |
48 | [source,sh]
49 | ----
50 | $ curl http://localhost:9999/oauth/token \
51 | -d"grant_type=password&username=habuma&password=password" \
52 | -H"Content-type:application/x-www-form-urlencoded; charset=utf-8" \
53 | -u myclient:secret
54 | ----
55 |
56 | If you have the `jq` command line tool (https://stedolan.github.io/jq/) installed,
57 | it may be useful to extract the token value into an environment variable for later
58 | use:
59 |
60 | [source,sh]
61 | ----
62 | $ export ACCESS_TOKEN=`curl http://localhost:9999/oauth/token \
63 | -d"grant_type=password&username=habuma&password=password" \
64 | -H"Content-type:application/x-www-form-urlencoded; charset=utf-8" \
65 | -u myclient:secret --silent | jq -r ".access_token"`
66 | ----
67 |
68 | == Obtaining an access token via Client Credentials Grant
69 |
70 | If the resources your client is accessing are not user-specific, the client
71 | can obtain a token via Client Credentials Grant.
72 |
73 | Using the `curl` command line tool, you can request a token as follows
74 | (for the "habuma" user):
75 |
76 | [source,sh]
77 | ----
78 | $ curl http://localhost:9999/oauth/token \
79 | -d"grant_type=client_credentials" \
80 | -H"Content-type:application/x-www-form-urlencoded; charset=utf-8" \
81 | -u myclient:secret
82 | ----
83 |
84 | == Obtaining an access token via Authorization Code Grant
85 |
86 | Optionally, you can use Authorization Code Grant to obtain an access
87 | token. This grant flow is most suitable when the client is a web application,
88 | or a similar client. (Alexa skills can act as a connected client using
89 | Authorization Code Grant, for example.)
90 |
91 | First, point your browser to the authorization URL:
92 |
93 | ```
94 | http://localhost:9999/oauth/authorize?client_id=myclient&response_type=code&redirect_uri=http://localhost:9191/x
95 | ```
96 |
97 | If you've not already done this and haven't logged in, you'll be prompted to
98 | login. Use either "habuma" and "password" or "izzy" and "password" as your
99 | credentials.
100 |
101 | Next, you'll be prompted to either authorize the client or deny authorization.
102 | Assuming that you accept authorization and submit the form, you'll be redirected
103 | to a bogus URL at http://localhost:9191/x with an authorization code in the URL
104 | as a `code` parameter. (In a real application, this redirect URI would be a resource
105 | on your application that accepts the code and exchanges it for an access token.)
106 |
107 | Finally, make a POST request to the oauth/token path on the authorization server
108 | to exchange the authorization code for an access token ("y5wUpL" in this example):
109 |
110 | [souorce,sh]
111 | ----
112 | $ curl localhost:9999/oauth/token \
113 | -H"Content-type: application/x-www-form-urlencoded" \
114 | -d'grant_type=authorization_code&redirect_uri=http://localhost:9191/x&code=y5wUpL' \
115 | -u myclient:secret
116 | ----
117 |
118 | The access token will be returned in the response.
119 |
120 | == Obtaining an access token via Implicit Grant
121 |
122 | Finally, another way to obtain an access token is via Implicit Grant.
123 | This grant flow is best for situations when it would be awkward or impossible
124 | to exchange an authorization code for a token and you just want to get the
125 | token directly after authorization. (Alexa skills can also use Implict Grant
126 | to obtain access tokens when connecting to an external API.)
127 |
128 | First, point your browser to the authorization URL:
129 |
130 | ```
131 | http://localhost:9999/oauth/authorize?client_id=myclient&response_type=token&redirect_uri=http://localhost:9191/x
132 | ```
133 |
134 | If you've not already done this and haven't logged in, you'll be prompted to
135 | login. Use either "habuma" and "password" or "izzy" and "password" as your
136 | credentials.
137 |
138 | Next, you'll be prompted to either authorize the client or deny authorization.
139 | Assuming that you accept authorization and submit the form, you'll be redirected
140 | to a bogus URL at http://localhost:9191/x with the access token in the URL
141 | as an `access_token` hash parameter. (In a real application, this redirect URI
142 | would be a resource on your application that accepts the token for its own
143 | user.)
144 |
--------------------------------------------------------------------------------
/oauth-auth-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Migwn, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
204 | echo $MAVEN_PROJECTBASEDIR
205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
206 |
207 | # For Cygwin, switch paths to Windows format before running java
208 | if $cygwin; then
209 | [ -n "$M2_HOME" ] &&
210 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
211 | [ -n "$JAVA_HOME" ] &&
212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
213 | [ -n "$CLASSPATH" ] &&
214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
215 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
217 | fi
218 |
219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
220 |
221 | exec "$JAVACMD" \
222 | $MAVEN_OPTS \
223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
226 |
--------------------------------------------------------------------------------
/oauth-auth-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
40 |
41 | @REM set %HOME% to equivalent of $HOME
42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
43 |
44 | @REM Execute a user defined script before this one
45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
49 | :skipRcPre
50 |
51 | @setlocal
52 |
53 | set ERROR_CODE=0
54 |
55 | @REM To isolate internal variables from possible post scripts, we use another setlocal
56 | @setlocal
57 |
58 | @REM ==== START VALIDATION ====
59 | if not "%JAVA_HOME%" == "" goto OkJHome
60 |
61 | echo.
62 | echo Error: JAVA_HOME not found in your environment. >&2
63 | echo Please set the JAVA_HOME variable in your environment to match the >&2
64 | echo location of your Java installation. >&2
65 | echo.
66 | goto error
67 |
68 | :OkJHome
69 | if exist "%JAVA_HOME%\bin\java.exe" goto init
70 |
71 | echo.
72 | echo Error: JAVA_HOME is set to an invalid directory. >&2
73 | echo JAVA_HOME = "%JAVA_HOME%" >&2
74 | echo Please set the JAVA_HOME variable in your environment to match the >&2
75 | echo location of your Java installation. >&2
76 | echo.
77 | goto error
78 |
79 | @REM ==== END VALIDATION ====
80 |
81 | :init
82 |
83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
84 | @REM Fallback to current working directory if not found.
85 |
86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
88 |
89 | set EXEC_DIR=%CD%
90 | set WDIR=%EXEC_DIR%
91 | :findBaseDir
92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
93 | cd ..
94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
95 | set WDIR=%CD%
96 | goto findBaseDir
97 |
98 | :baseDirFound
99 | set MAVEN_PROJECTBASEDIR=%WDIR%
100 | cd "%EXEC_DIR%"
101 | goto endDetectBaseDir
102 |
103 | :baseDirNotFound
104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
105 | cd "%EXEC_DIR%"
106 |
107 | :endDetectBaseDir
108 |
109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
110 |
111 | @setlocal EnableExtensions EnableDelayedExpansion
112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
114 |
115 | :endReadAdditionalConfig
116 |
117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
118 |
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
123 | if ERRORLEVEL 1 goto error
124 | goto end
125 |
126 | :error
127 | set ERROR_CODE=1
128 |
129 | :end
130 | @endlocal & set ERROR_CODE=%ERROR_CODE%
131 |
132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
136 | :skipRcPost
137 |
138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
140 |
141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
142 |
143 | exit /B %ERROR_CODE%
144 |
--------------------------------------------------------------------------------
/oauth-auth-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.habuma
8 | oauth-authorization-server
9 | 0.0.1-SNAPSHOT
10 | jar
11 |
12 | oauth-auth-server
13 | Spring Security OAuth2 Authorization Server
14 |
15 |
16 | org.springframework.boot
17 | spring-boot-starter-parent
18 | 2.1.4.RELEASE
19 |
20 |
21 |
22 |
23 | UTF-8
24 | UTF-8
25 | 1.8
26 | 2.3.5.RELEASE
27 |
28 |
29 |
30 |
31 |
32 | org.springframework.boot
33 | spring-boot-starter-web
34 |
35 |
36 |
37 |
38 | org.springframework.boot
39 | spring-boot-starter-security
40 |
41 |
42 |
43 |
44 | org.springframework.security.oauth
45 | spring-security-oauth2
46 | ${spring-security-oauth2.version}
47 |
48 |
49 |
50 |
51 | org.springframework.boot
52 | spring-boot-starter-actuator
53 |
54 |
55 |
56 |
57 | org.springframework.boot
58 | spring-boot-devtools
59 | runtime
60 |
61 |
62 |
63 |
64 | org.springframework.boot
65 | spring-boot-starter-test
66 | test
67 |
68 |
69 | org.springframework.security
70 | spring-security-test
71 | test
72 |
73 |
74 |
75 |
76 |
77 |
78 | org.springframework.boot
79 | spring-boot-maven-plugin
80 |
81 |
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/oauth-auth-server/src/main/java/habuma/OAuth2AuthorizationServerConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.beans.factory.annotation.Qualifier;
5 | import org.springframework.context.annotation.Bean;
6 | import org.springframework.context.annotation.Configuration;
7 | import org.springframework.security.authentication.AuthenticationManager;
8 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
9 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
10 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
11 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
12 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
13 | import org.springframework.security.oauth2.provider.token.TokenStore;
14 | import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
15 |
16 | @Configuration
17 | @EnableAuthorizationServer
18 | public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
19 |
20 | @Autowired
21 | @Qualifier("authenticationManagerBean")
22 | private AuthenticationManager authenticationManager;
23 |
24 | @Override
25 | public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
26 | security.checkTokenAccess("isAuthenticated()");
27 | }
28 |
29 | // Configure the token store and authentication manager
30 | @Override
31 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
32 | //@formatter:off
33 | endpoints
34 | .tokenStore(tokenStore())
35 | .authenticationManager(authenticationManager);
36 | //@formatter:on
37 | }
38 |
39 | // Configure a client store. In-memory for simplicity, but consider other
40 | // options for real apps.
41 | @Override
42 | public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
43 | //@formatter:off
44 | clients
45 | .inMemory()
46 | .withClient("myclient")
47 | .secret("secret")
48 | .authorizedGrantTypes("authorization_code", "implicit", "password", "client_credentials", "refresh_token")
49 | .scopes("read")
50 | .redirectUris("http://localhost:9191/x")
51 | .accessTokenValiditySeconds(86400); // 24 hours
52 | //@formatter:on
53 | }
54 |
55 | // A token store bean. In-memory token store
56 | @Bean
57 | public TokenStore tokenStore() {
58 | return new InMemoryTokenStore();
59 | }
60 |
61 | }
62 |
--------------------------------------------------------------------------------
/oauth-auth-server/src/main/java/habuma/OAuthAuthServerApplication.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class OAuthAuthServerApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(OAuthAuthServerApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/oauth-auth-server/src/main/java/habuma/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.security.authentication.AuthenticationManager;
6 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
8 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
9 | import org.springframework.security.crypto.password.NoOpPasswordEncoder;
10 | import org.springframework.security.crypto.password.PasswordEncoder;
11 |
12 | @SuppressWarnings("deprecation") // For NoOpPasswordEncoder
13 | @Configuration
14 | @EnableWebSecurity
15 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
16 |
17 | @Override
18 | @Bean
19 | public AuthenticationManager authenticationManagerBean() throws Exception {
20 | return super.authenticationManagerBean();
21 | }
22 |
23 | @Override
24 | protected void configure(AuthenticationManagerBuilder auth) throws Exception {
25 | //@formatter:off
26 | auth.inMemoryAuthentication()
27 | .withUser("habuma").password("password").authorities("ROLE_USER", "ROLE_ADMIN")
28 | .and()
29 | .withUser("izzy").password("password").authorities("ROLE_USER");
30 | //@formatter:on
31 | }
32 |
33 | // Using NoOpPasswordEncoder for simplicity's sake
34 | @Bean
35 | public PasswordEncoder passwordEncoder() {
36 | return NoOpPasswordEncoder.getInstance();
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/oauth-auth-server/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | server:
2 | port: 9999
--------------------------------------------------------------------------------
/oauth-auth-server/src/test/java/habuma/OAuthAuthServerApplicationTests.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class OAuthAuthServerApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/oauth-resource-server/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /build/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
--------------------------------------------------------------------------------
/oauth-resource-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/oauth-resource-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/oauth-resource-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip
2 |
--------------------------------------------------------------------------------
/oauth-resource-server/README.adoc:
--------------------------------------------------------------------------------
1 | = Spring Security OAuth2 Resource Server
2 |
3 | This is a simple example of using Spring Security OAuth2 and Spring MVC
4 | to provide an API that is secured by an OAuth2 resource server that accepts
5 | opaque access tokens.
6 |
7 | == Building and running
8 |
9 | You can run the application directly from Maven using the Spring Boot
10 | Maven plugin:
11 |
12 | [source,sh]
13 | ----
14 | $ ./mvnw spring-boot:run
15 | ----
16 |
17 | Or you can build the application with Maven and then run the resulting
18 | JAR file:
19 |
20 | [source,sh]
21 | ----
22 | $ ./mvnw package
23 | $ java -jar target/oauth-resource-server-0.0.1-SNAPSHOT.jar
24 | ----
25 |
26 | Or you may import the project into your IDE of choice and run it from there.
27 |
28 | Once the application is running, the API and resource server will be listening
29 | for requests on port 8080.
30 |
31 | == Consuming the API
32 |
33 | The API provided by this application has two endpoints:
34 |
35 | * `/unsecured` - An unsecured endpoint that requires no access token.
36 | * `/secured` - A secured endpoint that can only be access with a valid access
37 | token in the request.
38 |
39 | Using `curl`, you should be able to consume the `/unsecured` endpoint without any
40 | restriction:
41 |
42 | [source,sh]
43 | ----
44 | $ curl localhost:8080/unsecured
45 | This is an unsecured resource
46 | ----
47 |
48 | If, however, you attempt to consume the `/secured` endpoint without providing a
49 | valid access token, you will receive an HTTP 401 (Unauthorized) response:
50 |
51 | [source,sh]
52 | ----
53 | $ curl localhost:8080/secured
54 | {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
55 | ----
56 |
57 | In order to successfully access the `/secured` endpoint, you'll need to provide
58 | a valid access token in the `Authorization` header of the request. Assuming that you
59 | have followed the instructions in the oauth-auth-server project's README to obtain
60 | an access token and assign it to the `ACCESS_TOKEN` environment variable, you can make
61 | a successful request with `curl` like this:
62 |
63 | [source,sh]
64 | ----
65 | $ curl localhost:8080/secured -H"Authorization: Bearer $ACCESS_TOKEN"
66 | This is a SECURED resource. Authentication: habuma; Authorities: [ROLE_ADMIN, ROLE_USER]
67 | ----
68 |
--------------------------------------------------------------------------------
/oauth-resource-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Migwn, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
204 | echo $MAVEN_PROJECTBASEDIR
205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
206 |
207 | # For Cygwin, switch paths to Windows format before running java
208 | if $cygwin; then
209 | [ -n "$M2_HOME" ] &&
210 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
211 | [ -n "$JAVA_HOME" ] &&
212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
213 | [ -n "$CLASSPATH" ] &&
214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
215 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
217 | fi
218 |
219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
220 |
221 | exec "$JAVACMD" \
222 | $MAVEN_OPTS \
223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
226 |
--------------------------------------------------------------------------------
/oauth-resource-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
40 |
41 | @REM set %HOME% to equivalent of $HOME
42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
43 |
44 | @REM Execute a user defined script before this one
45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
49 | :skipRcPre
50 |
51 | @setlocal
52 |
53 | set ERROR_CODE=0
54 |
55 | @REM To isolate internal variables from possible post scripts, we use another setlocal
56 | @setlocal
57 |
58 | @REM ==== START VALIDATION ====
59 | if not "%JAVA_HOME%" == "" goto OkJHome
60 |
61 | echo.
62 | echo Error: JAVA_HOME not found in your environment. >&2
63 | echo Please set the JAVA_HOME variable in your environment to match the >&2
64 | echo location of your Java installation. >&2
65 | echo.
66 | goto error
67 |
68 | :OkJHome
69 | if exist "%JAVA_HOME%\bin\java.exe" goto init
70 |
71 | echo.
72 | echo Error: JAVA_HOME is set to an invalid directory. >&2
73 | echo JAVA_HOME = "%JAVA_HOME%" >&2
74 | echo Please set the JAVA_HOME variable in your environment to match the >&2
75 | echo location of your Java installation. >&2
76 | echo.
77 | goto error
78 |
79 | @REM ==== END VALIDATION ====
80 |
81 | :init
82 |
83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
84 | @REM Fallback to current working directory if not found.
85 |
86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
88 |
89 | set EXEC_DIR=%CD%
90 | set WDIR=%EXEC_DIR%
91 | :findBaseDir
92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
93 | cd ..
94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
95 | set WDIR=%CD%
96 | goto findBaseDir
97 |
98 | :baseDirFound
99 | set MAVEN_PROJECTBASEDIR=%WDIR%
100 | cd "%EXEC_DIR%"
101 | goto endDetectBaseDir
102 |
103 | :baseDirNotFound
104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
105 | cd "%EXEC_DIR%"
106 |
107 | :endDetectBaseDir
108 |
109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
110 |
111 | @setlocal EnableExtensions EnableDelayedExpansion
112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
114 |
115 | :endReadAdditionalConfig
116 |
117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
118 |
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
123 | if ERRORLEVEL 1 goto error
124 | goto end
125 |
126 | :error
127 | set ERROR_CODE=1
128 |
129 | :end
130 | @endlocal & set ERROR_CODE=%ERROR_CODE%
131 |
132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
136 | :skipRcPost
137 |
138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
140 |
141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
142 |
143 | exit /B %ERROR_CODE%
144 |
--------------------------------------------------------------------------------
/oauth-resource-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.habuma
8 | oauth-resource-server
9 | 0.0.1-SNAPSHOT
10 | jar
11 |
12 | oauth-resource-server
13 | Spring Security OAuth2 Resource Server
14 |
15 |
16 | org.springframework.boot
17 | spring-boot-starter-parent
18 | 2.1.4.RELEASE
19 |
20 |
21 |
22 |
23 | UTF-8
24 | UTF-8
25 | 1.8
26 | 2.3.5.RELEASE
27 |
28 |
29 |
30 |
31 |
32 | org.springframework.boot
33 | spring-boot-starter-web
34 |
35 |
36 |
37 |
38 | org.springframework.security.oauth
39 | spring-security-oauth2
40 | ${spring-security-oauth2.version}
41 |
42 |
43 |
44 |
45 | org.springframework.boot
46 | spring-boot-starter-actuator
47 |
48 |
49 |
50 |
51 | org.springframework.boot
52 | spring-boot-devtools
53 | runtime
54 |
55 |
56 |
57 |
58 | org.springframework.boot
59 | spring-boot-starter-test
60 | test
61 |
62 |
63 |
64 |
65 |
66 |
67 | org.springframework.boot
68 | spring-boot-maven-plugin
69 |
70 |
71 |
72 |
73 |
74 |
--------------------------------------------------------------------------------
/oauth-resource-server/src/main/java/habuma/OAuth2ResourceServerConfig.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import org.springframework.context.annotation.Primary;
6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
8 | import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
9 | import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
10 |
11 | @Configuration
12 | @EnableResourceServer
13 | public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
14 |
15 | @Override
16 | public void configure(HttpSecurity http) throws Exception {
17 | //@formatter:off
18 | http
19 | .authorizeRequests()
20 | .antMatchers("/secured").authenticated()
21 | .anyRequest().permitAll();
22 | //@formatter:on
23 | }
24 |
25 | @Primary
26 | @Bean
27 | public RemoteTokenServices tokenServices() {
28 | final RemoteTokenServices tokenService = new RemoteTokenServices();
29 | tokenService.setCheckTokenEndpointUrl("http://localhost:9999/oauth/check_token");
30 | tokenService.setClientId("myclient");
31 | tokenService.setClientSecret("secret");
32 | return tokenService;
33 | }
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/oauth-resource-server/src/main/java/habuma/OAuthResourceServerApplication.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class OAuthResourceServerApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(OAuthResourceServerApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/oauth-resource-server/src/main/java/habuma/SecuredController.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.security.core.Authentication;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.RequestMapping;
6 | import org.springframework.web.bind.annotation.RestController;
7 |
8 | @RestController
9 | @RequestMapping("/secured")
10 | public class SecuredController {
11 |
12 | @GetMapping
13 | public String securedResource(Authentication auth) {
14 | return "This is a SECURED resource. Authentication: " + auth.getName() + "; Authorities: " + auth.getAuthorities();
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/oauth-resource-server/src/main/java/habuma/UnsecuredController.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.springframework.web.bind.annotation.GetMapping;
4 | import org.springframework.web.bind.annotation.RequestMapping;
5 | import org.springframework.web.bind.annotation.RestController;
6 |
7 | @RestController
8 | @RequestMapping("/unsecured")
9 | public class UnsecuredController {
10 |
11 | @GetMapping
12 | public String unsecuredResource() {
13 | return "This is an unsecured resource";
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/oauth-resource-server/src/main/resources/application.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/habuma/spring-security-oauth2-jwt-example/accf107faaf1bbf1a0dc7f989ac5a320b927e51f/oauth-resource-server/src/main/resources/application.properties
--------------------------------------------------------------------------------
/oauth-resource-server/src/test/java/habuma/OAuthResourceServerApplicationTests.java:
--------------------------------------------------------------------------------
1 | package habuma;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class OAuthResourceServerApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------