├── .gitignore
├── .mvn
└── wrapper
│ ├── MavenWrapperDownloader.java
│ ├── maven-wrapper.jar
│ └── maven-wrapper.properties
├── HELP.md
├── README.md
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
├── main
├── java
│ └── com
│ │ └── pig4cloud
│ │ └── auth
│ │ └── server
│ │ ├── AuthServerDemoApplication.java
│ │ ├── config
│ │ ├── AuthServerConfiguration.java
│ │ └── DefaultSecurityConfig.java
│ │ └── endpoint
│ │ └── LoginEndpoint.java
└── resources
│ ├── application.properties
│ └── logback-spring.xml
└── test
└── java
└── com
└── pig4cloud
└── auth
└── server
└── AuthServerDemoApplicationTests.java
/.gitignore:
--------------------------------------------------------------------------------
1 | ### gradle ###
2 | .gradle
3 | /build/
4 | !gradle/wrapper/gradle-wrapper.jar
5 |
6 | ### STS ###
7 | .settings/
8 | .apt_generated
9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 | bin/
15 |
16 | ### IntelliJ IDEA ###
17 | .idea
18 | *.iws
19 | *.iml
20 | *.ipr
21 | rebel.xml
22 |
23 | ### NetBeans ###
24 | nbproject/private/
25 | build/
26 | nbbuild/
27 | nbdist/
28 | .nb-gradle/
29 |
30 | ### maven ###
31 | target/
32 | *.war
33 | *.ear
34 | *.zip
35 | *.tar
36 | *.tar.gz
37 |
38 | ### vscode ###
39 | .vscode
40 |
41 | ### logs ###
42 | /logs/
43 | *.log
44 |
45 | ### temp ignore ###
46 | *.cache
47 | *.diff
48 | *.patch
49 | *.tmp
50 | *.java~
51 | *.properties~
52 | *.xml~
53 |
54 | ### system ignore ###
55 | .DS_Store
56 | Thumbs.db
57 | Servers
58 | .metadata
59 |
--------------------------------------------------------------------------------
/.mvn/wrapper/MavenWrapperDownloader.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2007-present the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | import java.net.*;
17 | import java.io.*;
18 | import java.nio.channels.*;
19 | import java.util.Properties;
20 |
21 | public class MavenWrapperDownloader {
22 |
23 | private static final String WRAPPER_VERSION = "0.5.6";
24 | /**
25 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
26 | */
27 | private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
28 | + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
29 |
30 | /**
31 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
32 | * use instead of the default one.
33 | */
34 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
35 | ".mvn/wrapper/maven-wrapper.properties";
36 |
37 | /**
38 | * Path where the maven-wrapper.jar will be saved to.
39 | */
40 | private static final String MAVEN_WRAPPER_JAR_PATH =
41 | ".mvn/wrapper/maven-wrapper.jar";
42 |
43 | /**
44 | * Name of the property which should be used to override the default download url for the wrapper.
45 | */
46 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
47 |
48 | public static void main(String args[]) {
49 | System.out.println("- Downloader started");
50 | File baseDirectory = new File(args[0]);
51 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
52 |
53 | // If the maven-wrapper.properties exists, read it and check if it contains a custom
54 | // wrapperUrl parameter.
55 | File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
56 | String url = DEFAULT_DOWNLOAD_URL;
57 | if(mavenWrapperPropertyFile.exists()) {
58 | FileInputStream mavenWrapperPropertyFileInputStream = null;
59 | try {
60 | mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
61 | Properties mavenWrapperProperties = new Properties();
62 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
63 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
64 | } catch (IOException e) {
65 | System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
66 | } finally {
67 | try {
68 | if(mavenWrapperPropertyFileInputStream != null) {
69 | mavenWrapperPropertyFileInputStream.close();
70 | }
71 | } catch (IOException e) {
72 | // Ignore ...
73 | }
74 | }
75 | }
76 | System.out.println("- Downloading from: " + url);
77 |
78 | File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
79 | if(!outputFile.getParentFile().exists()) {
80 | if(!outputFile.getParentFile().mkdirs()) {
81 | System.out.println(
82 | "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
83 | }
84 | }
85 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
86 | try {
87 | downloadFileFromURL(url, outputFile);
88 | System.out.println("Done");
89 | System.exit(0);
90 | } catch (Throwable e) {
91 | System.out.println("- Error downloading");
92 | e.printStackTrace();
93 | System.exit(1);
94 | }
95 | }
96 |
97 | private static void downloadFileFromURL(String urlString, File destination) throws Exception {
98 | if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) {
99 | String username = System.getenv("MVNW_USERNAME");
100 | char[] password = System.getenv("MVNW_PASSWORD").toCharArray();
101 | Authenticator.setDefault(new Authenticator() {
102 | @Override
103 | protected PasswordAuthentication getPasswordAuthentication() {
104 | return new PasswordAuthentication(username, password);
105 | }
106 | });
107 | }
108 | URL website = new URL(urlString);
109 | ReadableByteChannel rbc;
110 | rbc = Channels.newChannel(website.openStream());
111 | FileOutputStream fos = new FileOutputStream(destination);
112 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
113 | fos.close();
114 | rbc.close();
115 | }
116 |
117 | }
118 |
--------------------------------------------------------------------------------
/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lltx/auth-server-demo/2ad038ca0e7b03b0e19ebf2c437e4d37bc23f4b8/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
2 | wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
3 |
--------------------------------------------------------------------------------
/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.4.2/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.4.2/maven-plugin/reference/html/#build-image)
9 | * [Spring Web](https://docs.spring.io/spring-boot/docs/2.4.2/reference/htmlsingle/#boot-features-developing-web-applications)
10 | * [Spring Security](https://docs.spring.io/spring-boot/docs/2.4.2/reference/htmlsingle/#boot-features-security)
11 |
12 | ### Guides
13 | The following guides illustrate how to use some features concretely:
14 |
15 | * [Building a RESTful Web Service](https://spring.io/guides/gs/rest-service/)
16 | * [Serving Web Content with Spring MVC](https://spring.io/guides/gs/serving-web-content/)
17 | * [Building REST services with Spring](https://spring.io/guides/tutorials/bookmarks/)
18 | * [Securing a Web Application](https://spring.io/guides/gs/securing-web/)
19 | * [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/)
20 | * [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/)
21 |
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 | ## 工程化实践
3 |
4 | 国内第一个基于 spring-authorization-server 的工程化实践, 扩展了 密码模式、短信登录
5 |
6 | > https://github.com/pig-mesh/pig
7 |
8 |
9 | ## 授权码认证
10 | ```shell
11 | 'http://localhost:3000/oauth2/authorize?client_id=pig&client_secret=pig&response_type=code&redirect_uri=https://pig4cloud.com'
12 | ```
13 |
14 | ## 获取令牌
15 |
16 | ```shell
17 | curl --location --request POST 'http://localhost:3000/oauth2/token' \
18 | --header 'Authorization: Basic cGlnOnBpZw==' \
19 | --header 'Content-Type: application/x-www-form-urlencoded' \
20 | --data-urlencode 'grant_type=authorization_code' \
21 | --data-urlencode 'code=O9gGDaU87wnMVLM0dLNxxNTnE4In757BVBE_yJuG98BlG3T3rI_sluCLpEAThoxYTtRtmbhiGufiuFVc6FTtP3GhzFcObCMr5N_dqGuC3ChpZEvMJhrhqQ7dEqjMsuf5' \
22 | --data-urlencode 'redirect_uri=https://pig4cloud.com'
23 | ```
24 | ## 刷新令牌
25 |
26 | ```shell
27 | curl --location --request POST 'http://localhost:3000/oauth2/token' \
28 | --header 'Authorization: Basic cGlnOnBpZw==' \
29 | --header 'Content-Type: application/x-www-form-urlencoded' \
30 | --data-urlencode 'grant_type=refresh_token' \
31 | --data-urlencode 'refresh_token=ku4R4n7YD1f584KXj4k_3GP9o-HbdY-PDIIh-twPVJTmvHa5mLIoifaNhbBvFNBbse6_wAMcRoOWuVs9qeBWpxQ5zIFrF1A4g1Q7LhVAfH1vo9Uc7WL3SP3u82j0XU5x' \
32 | ```
33 |
34 | ## 撤销令牌
35 |
36 | - 通过 access_token
37 | ```shell
38 | curl --location --request POST 'http://localhost:3000/oauth2/revoke' \
39 | --header 'Authorization: Basic cGlnOnBpZw==' \
40 | --header 'Content-Type: application/x-www-form-urlencoded' \
41 | --data-urlencode 'token=eyJraWQiOiI0NmM3Zjk0OS01NmZmLTRlMjgtYmI4Zi0wNjZjYWU4ODllNDkiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJsZW5nbGVuZyIsImF1ZCI6InBpZyIsIm5iZiI6MTYyOTM0MzM4NiwiZXhwIjoxNjI5MzQzNjg2LCJpYXQiOjE2MjkzNDMzODZ9.avRZ9NuybP8bqenEstvDq3SAKuSI6Y3ihh2PqeiQvwkUAWBPY6N9JCaxJllKhrcS6OgL76I38Yvt0B1ICMFistqemWl1rxQUB2aXpZuTwnPjxtxV6deDxyr--Y1w7I9jVpT5jnaqOXDIZ6dhIlUCfqBPT9a4DmwuEsz5H60KUO-NbMM66DPDxvTgauuylhrjiPQgaDyaxFHbtdw6qq_pgFI023fkIASodauCFiUcl64HKV3or9B3OkXW0EgnA553ofTbgz0hlROMfee15wuzOAXTUkhlUOjjosuEslimT9vFM9wtRza4o864Gi_j_zIhIoSSmRfUScXTgt9aZT1xlQ' \
42 | --data-urlencode 'token_type_hint=access_token'
43 | ```
44 |
45 | - 通过 refresh_token
46 | ```shell
47 | curl --location --request POST 'http://localhost:3000/oauth2/revoke' \
48 | --header 'Authorization: Basic cGlnOnBpZw==' \
49 | --header 'Content-Type: application/x-www-form-urlencoded' \
50 | --data-urlencode 'token=ku4R4n7YD1f584KXj4k_3GP9o-HbdY-PDIIh-twPVJTmvHa5mLIoifaNhbBvFNBbse6_wAMcRoOWuVs9qeBWpxQ5zIFrF1A4g1Q7LhVAfH1vo9Uc7WL3SP3u82j0XU5x' \
51 | --data-urlencode 'token_type_hint=refresh_token'
52 | ```
53 |
--------------------------------------------------------------------------------
/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # https://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Mingw, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | fi
118 |
119 | if [ -z "$JAVA_HOME" ]; then
120 | javaExecutable="`which javac`"
121 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
122 | # readlink(1) is not available as standard on Solaris 10.
123 | readLink=`which readlink`
124 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
125 | if $darwin ; then
126 | javaHome="`dirname \"$javaExecutable\"`"
127 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
128 | else
129 | javaExecutable="`readlink -f \"$javaExecutable\"`"
130 | fi
131 | javaHome="`dirname \"$javaExecutable\"`"
132 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
133 | JAVA_HOME="$javaHome"
134 | export JAVA_HOME
135 | fi
136 | fi
137 | fi
138 |
139 | if [ -z "$JAVACMD" ] ; then
140 | if [ -n "$JAVA_HOME" ] ; then
141 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
142 | # IBM's JDK on AIX uses strange locations for the executables
143 | JAVACMD="$JAVA_HOME/jre/sh/java"
144 | else
145 | JAVACMD="$JAVA_HOME/bin/java"
146 | fi
147 | else
148 | JAVACMD="`which java`"
149 | fi
150 | fi
151 |
152 | if [ ! -x "$JAVACMD" ] ; then
153 | echo "Error: JAVA_HOME is not defined correctly." >&2
154 | echo " We cannot execute $JAVACMD" >&2
155 | exit 1
156 | fi
157 |
158 | if [ -z "$JAVA_HOME" ] ; then
159 | echo "Warning: JAVA_HOME environment variable is not set."
160 | fi
161 |
162 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
163 |
164 | # traverses directory structure from process work directory to filesystem root
165 | # first directory with .mvn subdirectory is considered project base directory
166 | find_maven_basedir() {
167 |
168 | if [ -z "$1" ]
169 | then
170 | echo "Path not specified to find_maven_basedir"
171 | return 1
172 | fi
173 |
174 | basedir="$1"
175 | wdir="$1"
176 | while [ "$wdir" != '/' ] ; do
177 | if [ -d "$wdir"/.mvn ] ; then
178 | basedir=$wdir
179 | break
180 | fi
181 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
182 | if [ -d "${wdir}" ]; then
183 | wdir=`cd "$wdir/.."; pwd`
184 | fi
185 | # end of workaround
186 | done
187 | echo "${basedir}"
188 | }
189 |
190 | # concatenates all lines of a file
191 | concat_lines() {
192 | if [ -f "$1" ]; then
193 | echo "$(tr -s '\n' ' ' < "$1")"
194 | fi
195 | }
196 |
197 | BASE_DIR=`find_maven_basedir "$(pwd)"`
198 | if [ -z "$BASE_DIR" ]; then
199 | exit 1;
200 | fi
201 |
202 | ##########################################################################################
203 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
204 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
205 | ##########################################################################################
206 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
207 | if [ "$MVNW_VERBOSE" = true ]; then
208 | echo "Found .mvn/wrapper/maven-wrapper.jar"
209 | fi
210 | else
211 | if [ "$MVNW_VERBOSE" = true ]; then
212 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
213 | fi
214 | if [ -n "$MVNW_REPOURL" ]; then
215 | jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
216 | else
217 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
218 | fi
219 | while IFS="=" read key value; do
220 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
221 | esac
222 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
223 | if [ "$MVNW_VERBOSE" = true ]; then
224 | echo "Downloading from: $jarUrl"
225 | fi
226 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
227 | if $cygwin; then
228 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
229 | fi
230 |
231 | if command -v wget > /dev/null; then
232 | if [ "$MVNW_VERBOSE" = true ]; then
233 | echo "Found wget ... using wget"
234 | fi
235 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
236 | wget "$jarUrl" -O "$wrapperJarPath"
237 | else
238 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
239 | fi
240 | elif command -v curl > /dev/null; then
241 | if [ "$MVNW_VERBOSE" = true ]; then
242 | echo "Found curl ... using curl"
243 | fi
244 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
245 | curl -o "$wrapperJarPath" "$jarUrl" -f
246 | else
247 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
248 | fi
249 |
250 | else
251 | if [ "$MVNW_VERBOSE" = true ]; then
252 | echo "Falling back to using Java to download"
253 | fi
254 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
255 | # For Cygwin, switch paths to Windows format before running javac
256 | if $cygwin; then
257 | javaClass=`cygpath --path --windows "$javaClass"`
258 | fi
259 | if [ -e "$javaClass" ]; then
260 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
261 | if [ "$MVNW_VERBOSE" = true ]; then
262 | echo " - Compiling MavenWrapperDownloader.java ..."
263 | fi
264 | # Compiling the Java class
265 | ("$JAVA_HOME/bin/javac" "$javaClass")
266 | fi
267 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
268 | # Running the downloader
269 | if [ "$MVNW_VERBOSE" = true ]; then
270 | echo " - Running MavenWrapperDownloader.java ..."
271 | fi
272 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
273 | fi
274 | fi
275 | fi
276 | fi
277 | ##########################################################################################
278 | # End of extension
279 | ##########################################################################################
280 |
281 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
282 | if [ "$MVNW_VERBOSE" = true ]; then
283 | echo $MAVEN_PROJECTBASEDIR
284 | fi
285 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
286 |
287 | # For Cygwin, switch paths to Windows format before running java
288 | if $cygwin; then
289 | [ -n "$M2_HOME" ] &&
290 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
291 | [ -n "$JAVA_HOME" ] &&
292 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
293 | [ -n "$CLASSPATH" ] &&
294 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
295 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
296 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
297 | fi
298 |
299 | # Provide a "standardized" way to retrieve the CLI args that will
300 | # work with both Windows and non-Windows executions.
301 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
302 | export MAVEN_CMD_LINE_ARGS
303 |
304 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
305 |
306 | exec "$JAVACMD" \
307 | $MAVEN_OPTS \
308 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
309 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
310 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
311 |
--------------------------------------------------------------------------------
/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM https://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM set title of command window
39 | title %0
40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
42 |
43 | @REM set %HOME% to equivalent of $HOME
44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
45 |
46 | @REM Execute a user defined script before this one
47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
51 | :skipRcPre
52 |
53 | @setlocal
54 |
55 | set ERROR_CODE=0
56 |
57 | @REM To isolate internal variables from possible post scripts, we use another setlocal
58 | @setlocal
59 |
60 | @REM ==== START VALIDATION ====
61 | if not "%JAVA_HOME%" == "" goto OkJHome
62 |
63 | echo.
64 | echo Error: JAVA_HOME not found in your environment. >&2
65 | echo Please set the JAVA_HOME variable in your environment to match the >&2
66 | echo location of your Java installation. >&2
67 | echo.
68 | goto error
69 |
70 | :OkJHome
71 | if exist "%JAVA_HOME%\bin\java.exe" goto init
72 |
73 | echo.
74 | echo Error: JAVA_HOME is set to an invalid directory. >&2
75 | echo JAVA_HOME = "%JAVA_HOME%" >&2
76 | echo Please set the JAVA_HOME variable in your environment to match the >&2
77 | echo location of your Java installation. >&2
78 | echo.
79 | goto error
80 |
81 | @REM ==== END VALIDATION ====
82 |
83 | :init
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
122 |
123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
124 |
125 | FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
127 | )
128 |
129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
131 | if exist %WRAPPER_JAR% (
132 | if "%MVNW_VERBOSE%" == "true" (
133 | echo Found %WRAPPER_JAR%
134 | )
135 | ) else (
136 | if not "%MVNW_REPOURL%" == "" (
137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
138 | )
139 | if "%MVNW_VERBOSE%" == "true" (
140 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
141 | echo Downloading from: %DOWNLOAD_URL%
142 | )
143 |
144 | powershell -Command "&{"^
145 | "$webclient = new-object System.Net.WebClient;"^
146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
148 | "}"^
149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
150 | "}"
151 | if "%MVNW_VERBOSE%" == "true" (
152 | echo Finished downloading %WRAPPER_JAR%
153 | )
154 | )
155 | @REM End of extension
156 |
157 | @REM Provide a "standardized" way to retrieve the CLI args that will
158 | @REM work with both Windows and non-Windows executions.
159 | set MAVEN_CMD_LINE_ARGS=%*
160 |
161 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
162 | if ERRORLEVEL 1 goto error
163 | goto end
164 |
165 | :error
166 | set ERROR_CODE=1
167 |
168 | :end
169 | @endlocal & set ERROR_CODE=%ERROR_CODE%
170 |
171 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
172 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
173 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
174 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
175 | :skipRcPost
176 |
177 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
178 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
179 |
180 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
181 |
182 | exit /B %ERROR_CODE%
183 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 2.7.0
9 |
10 |
11 | com.pig4cloud.auth.server
12 | auth-server-demo
13 | 0.0.2-SNAPSHOT
14 | auth-server-demo
15 | spring security oauth server
16 |
17 | 11
18 | 0.0.28
19 |
20 |
21 |
22 |
23 | org.springframework.security
24 | spring-security-oauth2-authorization-server
25 | 0.3.0
26 |
27 |
28 |
29 | org.springframework.boot
30 | spring-boot-starter-security
31 |
32 |
33 | org.springframework.boot
34 | spring-boot-starter-web
35 |
36 |
37 |
38 | org.projectlombok
39 | lombok
40 | true
41 |
42 |
43 |
44 | org.springframework.boot
45 | spring-boot-starter-test
46 | test
47 |
48 |
49 |
50 | cn.hutool
51 | hutool-all
52 | 5.5.7
53 |
54 |
55 | org.springframework.security
56 | spring-security-test
57 | test
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 | io.spring.javaformat
66 | spring-javaformat-maven-plugin
67 | ${spring.checkstyle.plugin}
68 |
69 |
70 | org.springframework.boot
71 | spring-boot-maven-plugin
72 |
73 |
74 |
75 | org.projectlombok
76 | lombok
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/src/main/java/com/pig4cloud/auth/server/AuthServerDemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.pig4cloud.auth.server;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class AuthServerDemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(AuthServerDemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/java/com/pig4cloud/auth/server/config/AuthServerConfiguration.java:
--------------------------------------------------------------------------------
1 | package com.pig4cloud.auth.server.config;
2 |
3 | import com.nimbusds.jose.JWSAlgorithm;
4 | import com.nimbusds.jose.jwk.JWKSet;
5 | import com.nimbusds.jose.jwk.RSAKey;
6 | import com.nimbusds.jose.jwk.source.JWKSource;
7 | import com.nimbusds.jose.proc.JWSKeySelector;
8 | import com.nimbusds.jose.proc.JWSVerificationKeySelector;
9 | import com.nimbusds.jose.proc.SecurityContext;
10 | import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
11 | import com.nimbusds.jwt.proc.DefaultJWTProcessor;
12 | import lombok.SneakyThrows;
13 | import org.springframework.context.annotation.Bean;
14 | import org.springframework.context.annotation.Configuration;
15 | import org.springframework.core.Ordered;
16 | import org.springframework.core.annotation.Order;
17 | import org.springframework.security.config.Customizer;
18 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
19 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
20 | import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
21 | import org.springframework.security.oauth2.core.AuthorizationGrantType;
22 | import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
23 | import org.springframework.security.oauth2.core.OAuth2TokenFormat;
24 | import org.springframework.security.oauth2.jwt.JwtDecoder;
25 | import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
26 | import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService;
27 | import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
28 | import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
29 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
30 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
31 | import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
32 | import org.springframework.security.oauth2.server.authorization.config.TokenSettings;
33 | import org.springframework.security.web.SecurityFilterChain;
34 |
35 | import java.security.KeyPair;
36 | import java.security.KeyPairGenerator;
37 | import java.security.interfaces.RSAPrivateKey;
38 | import java.security.interfaces.RSAPublicKey;
39 | import java.util.HashSet;
40 | import java.util.Set;
41 | import java.util.UUID;
42 |
43 | /**
44 | * @author lengleng
45 | * @date 2021/2/15
46 | */
47 | @Configuration
48 | @EnableWebSecurity
49 | public class AuthServerConfiguration {
50 |
51 | @Bean
52 | @Order(Ordered.HIGHEST_PRECEDENCE)
53 | public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
54 | OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
55 | return http.formLogin(Customizer.withDefaults()).build();
56 | }
57 |
58 | // @formatter:off
59 | @Bean
60 | public RegisteredClientRepository registeredClientRepository() {
61 | RegisteredClient client = RegisteredClient.withId("pig")
62 | .clientId("pig")
63 | .clientSecret("{noop}pig")
64 | .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
65 | .authorizationGrantTypes(authorizationGrantTypes -> {
66 | authorizationGrantTypes.add(AuthorizationGrantType.AUTHORIZATION_CODE);
67 | authorizationGrantTypes.add(AuthorizationGrantType.REFRESH_TOKEN);
68 | })
69 | .tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build())
70 | .redirectUri("https://pig4cloud.com")
71 | .build();
72 | return new InMemoryRegisteredClientRepository(client);
73 | }
74 | // @formatter:on
75 |
76 | @Bean
77 | @SneakyThrows
78 | public JWKSource jwkSource() {
79 | KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
80 | keyPairGenerator.initialize(2048);
81 | KeyPair keyPair = keyPairGenerator.generateKeyPair();
82 | RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
83 | RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
84 |
85 | // @formatter:off
86 | RSAKey rsaKey= new RSAKey.Builder(publicKey)
87 | .privateKey(privateKey)
88 | .keyID(UUID.randomUUID().toString())
89 | .build();
90 | JWKSet jwkSet = new JWKSet(rsaKey);
91 | return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
92 | }
93 |
94 | @Bean
95 | public static JwtDecoder jwtDecoder(JWKSource jwkSource) {
96 | Set jwsAlgs = new HashSet<>();
97 | jwsAlgs.addAll(JWSAlgorithm.Family.RSA);
98 | jwsAlgs.addAll(JWSAlgorithm.Family.EC);
99 | jwsAlgs.addAll(JWSAlgorithm.Family.HMAC_SHA);
100 | ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor<>();
101 | JWSKeySelector jwsKeySelector =
102 | new JWSVerificationKeySelector<>(jwsAlgs, jwkSource);
103 | jwtProcessor.setJWSKeySelector(jwsKeySelector);
104 | // Override the default Nimbus claims set verifier as NimbusJwtDecoder handles it instead
105 | jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {
106 | });
107 | return new NimbusJwtDecoder(jwtProcessor);
108 | }
109 |
110 | @Bean
111 | public ProviderSettings providerSettings(){
112 | return ProviderSettings.builder().build();
113 | }
114 | @Bean
115 | public OAuth2AuthorizationService authorizationService(){
116 | return new InMemoryOAuth2AuthorizationService();
117 | }
118 |
119 | }
120 |
--------------------------------------------------------------------------------
/src/main/java/com/pig4cloud/auth/server/config/DefaultSecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.pig4cloud.auth.server.config;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.security.config.Customizer;
5 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
6 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
7 | import org.springframework.security.core.userdetails.User;
8 | import org.springframework.security.core.userdetails.UserDetails;
9 | import org.springframework.security.core.userdetails.UserDetailsService;
10 | import org.springframework.security.provisioning.InMemoryUserDetailsManager;
11 | import org.springframework.security.web.SecurityFilterChain;
12 |
13 | /**
14 | * @author lengleng
15 | * @date 2021/8/18
16 | */
17 | @EnableWebSecurity
18 | public class DefaultSecurityConfig {
19 |
20 | // @formatter:off
21 | @Bean
22 | SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
23 | http
24 | .authorizeRequests(authorizeRequests -> authorizeRequests
25 | .antMatchers("/password/*").permitAll()
26 | .anyRequest().authenticated()
27 | )
28 | .formLogin(Customizer.withDefaults());
29 | return http.build();
30 | }
31 |
32 |
33 | // @formatter:off
34 | @Bean
35 | UserDetailsService users() {
36 | UserDetails user = User.builder()
37 | .username("lengleng")
38 | .password("{noop}123456")
39 | .roles("USER")
40 | .build();
41 | return new InMemoryUserDetailsManager(user);
42 | }
43 |
44 | }
45 |
--------------------------------------------------------------------------------
/src/main/java/com/pig4cloud/auth/server/endpoint/LoginEndpoint.java:
--------------------------------------------------------------------------------
1 | package com.pig4cloud.auth.server.endpoint;
2 |
3 | import lombok.RequiredArgsConstructor;
4 | import lombok.SneakyThrows;
5 | import org.springframework.http.converter.HttpMessageConverter;
6 | import org.springframework.http.server.ServletServerHttpResponse;
7 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
8 | import org.springframework.security.core.Authentication;
9 | import org.springframework.security.oauth2.core.*;
10 | import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
11 | import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
12 | import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
13 | import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
14 | import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
15 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
16 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
17 | import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
18 | import org.springframework.security.oauth2.server.authorization.token.OAuth2AccessTokenGenerator;
19 | import org.springframework.security.oauth2.server.authorization.token.OAuth2RefreshTokenGenerator;
20 | import org.springframework.util.CollectionUtils;
21 | import org.springframework.web.bind.annotation.GetMapping;
22 | import org.springframework.web.bind.annotation.RequestMapping;
23 | import org.springframework.web.bind.annotation.RestController;
24 |
25 | import javax.servlet.http.HttpServletRequest;
26 | import javax.servlet.http.HttpServletResponse;
27 | import java.io.IOException;
28 | import java.time.temporal.ChronoUnit;
29 | import java.util.HashMap;
30 | import java.util.Map;
31 |
32 | /**
33 | * 登录端点
34 | *
35 | * @author lengleng
36 | * @date 2022/5/27
37 | */
38 | @RestController
39 | @RequiredArgsConstructor
40 | @RequestMapping("/password")
41 | public class LoginEndpoint {
42 |
43 | private final OAuth2AuthorizationService tokenService;
44 |
45 | private final RegisteredClientRepository registeredClientRepository;
46 |
47 | private final OAuth2AccessTokenGenerator tokenGenerator = new OAuth2AccessTokenGenerator();
48 |
49 | private final HttpMessageConverter accessTokenHttpResponseConverter = new OAuth2AccessTokenResponseHttpMessageConverter();
50 |
51 | private final OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
52 |
53 | @SneakyThrows
54 | @GetMapping("/login")
55 | public void login(HttpServletResponse response, HttpServletRequest request) {
56 |
57 | RegisteredClient client = registeredClientRepository.findByClientId("pig");
58 |
59 | UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("lengleng",
60 | "123");
61 | // @formatter:off
62 | DefaultOAuth2TokenContext.Builder builder = DefaultOAuth2TokenContext.builder()
63 | .registeredClient(client)
64 | .principal(authenticationToken)
65 | //.providerContext(ProviderContextHolder.getProviderContext())
66 | // .authorizedScopes(authorizedScopes)
67 | .tokenType(OAuth2TokenType.ACCESS_TOKEN)
68 | .authorizationGrantType(AuthorizationGrantType.PASSWORD);
69 | // @formatter:on
70 |
71 | OAuth2Token generatedAccessToken = this.tokenGenerator.generate(builder.build());
72 | OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
73 | generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
74 | generatedAccessToken.getExpiresAt(), builder.build().getAuthorizedScopes());
75 |
76 | // @formatter:off
77 | OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(client)
78 | .principalName("pig")
79 | .principalName(authenticationToken.getName())
80 | .authorizationGrantType(AuthorizationGrantType.PASSWORD);
81 | // @formatter:on
82 | if (generatedAccessToken instanceof ClaimAccessor) {
83 | authorizationBuilder.token(accessToken,
84 | (metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME,
85 | ((ClaimAccessor) generatedAccessToken).getClaims()));
86 | }
87 | else {
88 | authorizationBuilder.accessToken(accessToken);
89 | }
90 |
91 | OAuth2Token generatedRefreshToken = this.refreshTokenGenerator
92 | .generate(builder.tokenType(OAuth2TokenType.REFRESH_TOKEN)
93 | .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).build());
94 | authorizationBuilder.refreshToken((OAuth2RefreshToken) generatedRefreshToken);
95 | OAuth2Authorization authorization = authorizationBuilder.build();
96 | tokenService.save(authorization);
97 |
98 | Map additionalParameters = new HashMap<>();
99 |
100 | additionalParameters.put("license", "pig");
101 |
102 | OAuth2AccessTokenAuthenticationToken oAuth2AccessTokenAuthenticationToken = new OAuth2AccessTokenAuthenticationToken(
103 | client, authenticationToken, accessToken, (OAuth2RefreshToken) generatedRefreshToken,
104 | additionalParameters);
105 | sendAccessTokenResponse(request, response, oAuth2AccessTokenAuthenticationToken);
106 |
107 | }
108 |
109 | @GetMapping("/info")
110 | public OAuth2Authorization info(String token) {
111 | return tokenService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
112 | }
113 |
114 | private void sendAccessTokenResponse(HttpServletRequest request, HttpServletResponse response,
115 | Authentication authentication) throws IOException {
116 |
117 | OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) authentication;
118 |
119 | OAuth2AccessToken accessToken = accessTokenAuthentication.getAccessToken();
120 | OAuth2RefreshToken refreshToken = accessTokenAuthentication.getRefreshToken();
121 | Map additionalParameters = accessTokenAuthentication.getAdditionalParameters();
122 |
123 | OAuth2AccessTokenResponse.Builder builder = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue())
124 | .tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes());
125 | if (accessToken.getIssuedAt() != null && accessToken.getExpiresAt() != null) {
126 | builder.expiresIn(ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()));
127 | }
128 | if (refreshToken != null) {
129 | builder.refreshToken(refreshToken.getTokenValue());
130 | }
131 | if (!CollectionUtils.isEmpty(additionalParameters)) {
132 | builder.additionalParameters(additionalParameters);
133 | }
134 | OAuth2AccessTokenResponse accessTokenResponse = builder.build();
135 | ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
136 | this.accessTokenHttpResponseConverter.write(accessTokenResponse, null, httpResponse);
137 | }
138 |
139 | }
140 |
--------------------------------------------------------------------------------
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=3000
2 |
--------------------------------------------------------------------------------
/src/main/resources/logback-spring.xml:
--------------------------------------------------------------------------------
1 |
2 |
17 |
18 |
19 |
20 |
21 |
22 |
24 |
25 |
26 |
28 |
30 |
31 |
32 |
33 | ${CONSOLE_LOG_PATTERN}
34 |
35 |
36 |
37 |
38 |
39 | ${log.path}/debug.log
40 |
41 | ${log.path}/%d{yyyy-MM, aux}/debug.%d{yyyy-MM-dd}.%i.log.gz
42 | 50MB
43 | 30
44 |
45 |
46 | %date [%thread] %-5level [%logger{50}] %file:%line - %msg%n
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------
/src/test/java/com/pig4cloud/auth/server/AuthServerDemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.pig4cloud.auth.server;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class AuthServerDemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------