map) {
41 | MessageDigest digest;
42 | try {
43 | digest = MessageDigest.getInstance("MD5");
44 | } catch (NoSuchAlgorithmException e) {
45 | throw new IllegalStateException("MD5 algorithm not available. Fatal (should be in the JDK).");
46 | }
47 |
48 | try {
49 | byte[] bytes = digest.digest(map.toString().getBytes("UTF-8"));
50 | return String.format("%032x", new BigInteger(1, bytes));
51 | } catch (UnsupportedEncodingException e) {
52 | throw new IllegalStateException("UTF-8 encoding not available. Fatal (should be in the JDK).");
53 | }
54 | }
55 |
56 | }
57 |
--------------------------------------------------------------------------------
/others/database/initial-db.ddl:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | set names utf8;
5 |
6 |
7 | -- Two users: admin/admin; test/test
8 | truncate users;
9 | insert into users(id,guid,create_time,username,password,default_user)
10 | values
11 | (21,uuid(),now(),'admin','21232f297a57a5a743894a0e4a801fc3',1),
12 | (22,uuid(),now(),'test','098f6bcd4621d373cade4e832627b4f6',0);
13 |
14 |
15 | -- Two roles: User,Admin
16 | truncate roles;
17 | insert into roles(id,guid,create_time,role_name)
18 | values
19 | (21,uuid(),now(),'Admin'),
20 | (22,uuid(),now(),'User');
21 |
22 |
23 | -- Four permissions: user:create,user:edit,user:list,user:delete
24 | truncate roles_permissions;
25 | insert into roles_permissions(roles_id, permission)
26 | values
27 | (21,'user:create'),
28 | (21,'user:edit'),
29 | (21,'user:list'),
30 | (21,'user:delete'),
31 | (22,'user:list');
32 |
33 |
34 | -- user_roles
35 | truncate user_roles;
36 | insert into user_roles(users_id,roles_id)
37 | values
38 | (21,21),
39 | (22,22);
40 |
41 |
42 |
43 |
44 | -- Initial Oauth
45 | -- oauth_client_details
46 | truncate oauth_client_details;
47 | insert into oauth_client_details(client_id, client_secret, client_name, client_uri,
48 | client_icon_uri, resource_ids, scope, grant_types,
49 | redirect_uri, roles)
50 | values
51 | ('test','test','Test Client','http://andaily.com',
52 | 'http://andaily.com/favicon.ico','os-resource','read write','authorization_code,password,refresh_token,client_credentials',
53 | 'http://localhost:7777/spring-oauth-client/authorization_code_callback','22');
54 | -- Mobile resource client details
55 | insert into oauth_client_details(client_id, client_secret, client_name, client_uri,
56 | client_icon_uri, resource_ids, scope, grant_types,
57 | redirect_uri, roles)
58 | values
59 | ('mobile','mobile','Mobile Client','http://andaily.com',
60 | 'http://andaily.com/favicon.ico','mobile-resource','read write','password,refresh_token',
61 | 'http://localhost:7777/spring-oauth-client/authorization_code_callback','22');
62 |
63 |
64 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/web/context/OAuthShiroHandlerExceptionResolver.java:
--------------------------------------------------------------------------------
1 | package com.monkeyk.os.web.context;
2 |
3 | import com.monkeyk.os.web.WebUtils;
4 | import org.apache.oltu.oauth2.as.response.OAuthASResponse;
5 | import org.apache.oltu.oauth2.common.error.OAuthError;
6 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
7 | import org.apache.oltu.oauth2.common.message.OAuthResponse;
8 | import org.apache.shiro.authz.AuthorizationException;
9 | import org.apache.shiro.authz.UnauthorizedException;
10 | import org.springframework.web.servlet.HandlerExceptionResolver;
11 | import org.springframework.web.servlet.ModelAndView;
12 |
13 | import javax.servlet.http.HttpServletRequest;
14 | import javax.servlet.http.HttpServletResponse;
15 |
16 | /**
17 | * 2015/9/29
18 | *
19 | * @author Shengzhao Li
20 | */
21 | public class OAuthShiroHandlerExceptionResolver implements HandlerExceptionResolver {
22 |
23 |
24 | public OAuthShiroHandlerExceptionResolver() {
25 | }
26 |
27 | @Override
28 | public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
29 |
30 | if (ex instanceof UnauthorizedException) {
31 | handleUnauthorizedException(response, ex);
32 | } else if (ex instanceof AuthorizationException) {
33 | handleUnauthorizedException(response, ex);
34 | }
35 | //more
36 |
37 | return null;
38 | }
39 |
40 | private void handleUnauthorizedException(HttpServletResponse response, Exception ex) {
41 | OAuthResponse oAuthResponse;
42 | try {
43 | oAuthResponse = OAuthASResponse.errorResponse(403)
44 | .setError(OAuthError.ResourceResponse.INVALID_TOKEN)
45 | .setErrorDescription(ex.getMessage())
46 | .buildJSONMessage();
47 | } catch (OAuthSystemException e) {
48 | throw new IllegalStateException(e);
49 | }
50 |
51 | WebUtils.writeOAuthJsonResponse(response, oAuthResponse);
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/resources/src/main/java/com/monkeyk/os/web/context/OAuthShiroHandlerExceptionResolver.java:
--------------------------------------------------------------------------------
1 | package com.monkeyk.os.web.context;
2 |
3 | import com.monkeyk.os.web.WebUtils;
4 | import org.apache.oltu.oauth2.common.error.OAuthError;
5 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
6 | import org.apache.oltu.oauth2.common.message.OAuthResponse;
7 | import org.apache.oltu.oauth2.rs.response.OAuthRSResponse;
8 | import org.apache.shiro.authz.AuthorizationException;
9 | import org.apache.shiro.authz.UnauthorizedException;
10 | import org.springframework.web.servlet.HandlerExceptionResolver;
11 | import org.springframework.web.servlet.ModelAndView;
12 |
13 | import javax.servlet.http.HttpServletRequest;
14 | import javax.servlet.http.HttpServletResponse;
15 |
16 | /**
17 | * 2015/9/29
18 | *
19 | * @author Shengzhao Li
20 | */
21 | public class OAuthShiroHandlerExceptionResolver implements HandlerExceptionResolver {
22 |
23 |
24 | public OAuthShiroHandlerExceptionResolver() {
25 | }
26 |
27 | @Override
28 | public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
29 |
30 | if (ex instanceof UnauthorizedException) {
31 | handleUnauthorizedException(response, ex);
32 | } else if (ex instanceof AuthorizationException) {
33 | handleUnauthorizedException(response, ex);
34 | }
35 | //more
36 |
37 | return null;
38 | }
39 |
40 | private void handleUnauthorizedException(HttpServletResponse response, Exception ex) {
41 | OAuthResponse oAuthResponse;
42 | try {
43 | oAuthResponse = OAuthRSResponse.errorResponse(403)
44 | .setError(OAuthError.ResourceResponse.INVALID_TOKEN)
45 | .setErrorDescription(ex.getMessage())
46 | .buildJSONMessage();
47 | } catch (OAuthSystemException e) {
48 | throw new IllegalStateException(e);
49 | }
50 |
51 | WebUtils.writeOAuthJsonResponse(response, oAuthResponse);
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/oauth/authorize/CodeAuthorizeHandler.java:
--------------------------------------------------------------------------------
1 | package com.monkeyk.os.oauth.authorize;
2 |
3 | import com.monkeyk.os.domain.oauth.ClientDetails;
4 | import com.monkeyk.os.web.WebUtils;
5 | import com.monkeyk.os.oauth.OAuthAuthxRequest;
6 | import com.monkeyk.os.oauth.validator.AbstractClientDetailsValidator;
7 | import com.monkeyk.os.oauth.validator.CodeClientDetailsValidator;
8 | import org.apache.oltu.oauth2.as.response.OAuthASResponse;
9 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
10 | import org.apache.oltu.oauth2.common.message.OAuthResponse;
11 | import org.slf4j.Logger;
12 | import org.slf4j.LoggerFactory;
13 |
14 | import javax.servlet.http.HttpServletResponse;
15 | import java.io.IOException;
16 |
17 | /**
18 | * 2015/6/25
19 | *
20 | * Handle response_type = 'code'
21 | *
22 | * @author Shengzhao Li
23 | */
24 | public class CodeAuthorizeHandler extends AbstractAuthorizeHandler {
25 |
26 | private static final Logger LOG = LoggerFactory.getLogger(CodeAuthorizeHandler.class);
27 |
28 |
29 | public CodeAuthorizeHandler(OAuthAuthxRequest oauthRequest, HttpServletResponse response) {
30 | super(oauthRequest, response);
31 | }
32 |
33 | @Override
34 | protected AbstractClientDetailsValidator getValidator() {
35 | return new CodeClientDetailsValidator(oauthRequest);
36 | }
37 |
38 |
39 | //response code
40 | @Override
41 | protected void handleResponse() throws OAuthSystemException, IOException {
42 | final ClientDetails clientDetails = clientDetails();
43 | final String authCode = oauthService.retrieveAuthCode(clientDetails);
44 |
45 | final OAuthResponse oAuthResponse = OAuthASResponse
46 | .authorizationResponse(oauthRequest.request(), HttpServletResponse.SC_OK)
47 | .location(clientDetails.redirectUri())
48 | .setCode(authCode)
49 | .buildQueryMessage();
50 | LOG.debug(" 'code' response: {}", oAuthResponse);
51 |
52 | WebUtils.writeOAuthQueryResponse(response, oAuthResponse);
53 | }
54 |
55 |
56 | }
57 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/web/controller/OauthTokenController.java:
--------------------------------------------------------------------------------
1 | package com.monkeyk.os.web.controller;
2 |
3 | import com.monkeyk.os.web.WebUtils;
4 | import com.monkeyk.os.oauth.OAuthTokenxRequest;
5 | import com.monkeyk.os.oauth.token.OAuthTokenHandleDispatcher;
6 | import org.apache.oltu.oauth2.as.response.OAuthASResponse;
7 | import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
8 | import org.apache.oltu.oauth2.common.message.OAuthResponse;
9 | import org.springframework.stereotype.Controller;
10 | import org.springframework.web.bind.annotation.RequestMapping;
11 |
12 | import javax.servlet.http.HttpServletRequest;
13 | import javax.servlet.http.HttpServletResponse;
14 |
15 | /**
16 | * 2015/7/3
17 | *
18 | * URL: oauth/token
19 | *
20 | * @author Shengzhao Li
21 | */
22 | @Controller
23 | @RequestMapping("oauth/")
24 | public class OauthTokenController {
25 |
26 |
27 | /**
28 | * Handle grant_types as follows:
29 | *
30 | * grant_type=authorization_code
31 | * grant_type=password
32 | * grant_type=refresh_token
33 | * grant_type=client_credentials
34 | *
35 | * @param request HttpServletRequest
36 | * @param response HttpServletResponse
37 | * @throws Exception
38 | */
39 | @RequestMapping("token")
40 | public void authorize(HttpServletRequest request, HttpServletResponse response) throws Exception {
41 | try {
42 | OAuthTokenxRequest tokenRequest = new OAuthTokenxRequest(request);
43 |
44 | OAuthTokenHandleDispatcher tokenHandleDispatcher = new OAuthTokenHandleDispatcher(tokenRequest, response);
45 | tokenHandleDispatcher.dispatch();
46 |
47 | } catch (OAuthProblemException e) {
48 | //exception
49 | OAuthResponse oAuthResponse = OAuthASResponse
50 | .errorResponse(HttpServletResponse.SC_FOUND)
51 | .location(e.getRedirectUri())
52 | .error(e)
53 | .buildJSONMessage();
54 | WebUtils.writeOAuthJsonResponse(response, oAuthResponse);
55 | }
56 |
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/core/src/main/java/com/monkeyk/os/domain/users/Users.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.domain.users;
13 |
14 | import com.monkeyk.os.domain.AbstractDomain;
15 | import com.monkeyk.os.domain.AbstractIdDomain;
16 | import com.monkeyk.os.domain.shared.GuidGenerator;
17 |
18 | import java.util.Date;
19 |
20 | /**
21 | * 2015/10/26
22 | *
23 | * Table: users
24 | *
25 | * @author Shengzhao Li
26 | */
27 | public class Users extends AbstractIdDomain {
28 |
29 |
30 | private static final long serialVersionUID = -3990278799194556012L;
31 |
32 |
33 | //unique
34 | private String username;
35 |
36 | private String password;
37 |
38 | /**
39 | * Label default user or not
40 | */
41 | private boolean defaultUser = false;
42 |
43 |
44 | private Date lastLoginTime;
45 |
46 |
47 | public Users() {
48 | }
49 |
50 | public String username() {
51 | return username;
52 | }
53 |
54 | public Users username(String username) {
55 | this.username = username;
56 | return this;
57 | }
58 |
59 | public String password() {
60 | return password;
61 | }
62 |
63 | public Users password(String password) {
64 | this.password = password;
65 | return this;
66 | }
67 |
68 | public boolean defaultUser() {
69 | return defaultUser;
70 | }
71 |
72 | public Users defaultUser(boolean defaultUser) {
73 | this.defaultUser = defaultUser;
74 | return this;
75 | }
76 |
77 | public Date lastLoginTime() {
78 | return lastLoginTime;
79 | }
80 |
81 | public Users lastLoginTime(Date lastLoginTime) {
82 | this.lastLoginTime = lastLoginTime;
83 | return this;
84 | }
85 |
86 |
87 | }
88 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/service/business/AbstractAccessTokenHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.service.business;
13 |
14 | import com.monkeyk.os.domain.oauth.AccessToken;
15 | import com.monkeyk.os.domain.oauth.AuthenticationIdGenerator;
16 | import com.monkeyk.os.domain.oauth.ClientDetails;
17 | import com.monkeyk.os.domain.shared.BeanProvider;
18 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
19 | import org.slf4j.Logger;
20 | import org.slf4j.LoggerFactory;
21 | import org.springframework.util.Assert;
22 |
23 | /**
24 | * 2015/10/22
25 | *
26 | * @author Shengzhao Li
27 | */
28 | public abstract class AbstractAccessTokenHandler extends AbstractOAuthHolder {
29 |
30 | private static final Logger LOG = LoggerFactory.getLogger(AbstractAccessTokenHandler.class);
31 |
32 |
33 | protected transient AuthenticationIdGenerator authenticationIdGenerator = BeanProvider.getBean(AuthenticationIdGenerator.class);
34 |
35 |
36 | protected AccessToken createAndSaveAccessToken(ClientDetails clientDetails, boolean includeRefreshToken, String username, String authenticationId) throws OAuthSystemException {
37 | Assert.notNull(username, "username is null");
38 | AccessToken accessToken = new AccessToken()
39 | .clientId(clientDetails.clientId())
40 | .username(username)
41 | .tokenId(oAuthIssuer.accessToken())
42 | .authenticationId(authenticationId)
43 | .updateByClientDetails(clientDetails);
44 |
45 | if (includeRefreshToken) {
46 | accessToken.refreshToken(oAuthIssuer.refreshToken());
47 | }
48 |
49 | this.oauthRepository.saveAccessToken(accessToken);
50 | LOG.debug("Save AccessToken: {}", accessToken);
51 | return accessToken;
52 | }
53 |
54 | }
55 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | #oauth2-shiro-redis
2 |
3 |
4 | Integrate oauth2-shiro with Redis
5 |
6 |
7 | GitHub地址: https://github.com/monkeyk/oauth2-shiro
8 |
9 |
10 |
11 |
12 |
说明
13 |
该项目具有 oauth2-shiro 的所有功能, 并添加了对 Redis 的支持
14 |
从 oauth2-shiro fork 的版本: 0.1-rc
15 |
项目使用的 Redis 版本信息
16 |
17 | spring-data-redis -> 1.5.2.RELEASE
18 |
19 | jedis -> 2.7.3
20 |
21 |
22 |
26 |
功能变化
27 |
相比 oauth2-shiro 项目, 添加并支持更多的功能与配置
28 |
29 | 支持Redis连接属性更多的设置, 详见配置文件 resources.properties, authz.properties
提供对 ClientDetails 的操作支持, 详见 ClientDetailsService.java
重构 ClientDetails, 使其支持 序列化(Serializable)
添加配置属性 remove.token.expired, 支持当检测到 access_token 过期时删除对应的 AccessToken 数据
根据需要可去掉MYSQL数据库支持, 只使用Redis, 详见 branch: redis
重构 OAUTH2 业务实现的代码, 使结构,代码更清晰, 可读更强
36 |
40 |
使用注意
41 |
authz 与 resources 模块中配置的 Redis 必须是同一个Redis的连接信息, 方可正常工作
42 |
在项目中,使用Redis做缓存, 提高性能,同时也将数据存入MYSQL数据库; 也支持去掉MYSQL,只使用Redis(需要修改配置实现)
43 |
44 |
48 |
Project Logs
49 |
记录项目的变化与发展历程
50 |
51 |
52 | 2015-10-21 从oauth2-shiro fork源代码到本项目中
2015-10-27 创建branch: redis, 只支持Redis操作
2016-07-08 oauth2-shiro-redis 开源
2017-01-21 加入GitHub https://github.com/monkeyk/oauth2-shiro-redis
57 |
61 |
技术支持联系方式
62 |
Email: sz@monkeyk.com
63 |
65 | 
66 |
67 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/service/OauthService.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2013 Andaily Information Technology Co. Ltd
3 | * www.andaily.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * Andaily Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with Andaily Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.service;
13 |
14 | import com.monkeyk.os.domain.oauth.AccessToken;
15 | import com.monkeyk.os.domain.oauth.ClientDetails;
16 | import com.monkeyk.os.domain.oauth.OauthCode;
17 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
18 |
19 | import java.util.Set;
20 |
21 | /**
22 | * 15-6-10
23 | *
24 | * @author Shengzhao Li
25 | */
26 | public interface OauthService {
27 |
28 | ClientDetails loadClientDetails(String clientId);
29 |
30 | String retrieveAuthCode(ClientDetails clientDetails) throws OAuthSystemException;
31 |
32 | AccessToken retrieveAccessToken(ClientDetails clientDetails, Set scopes, boolean includeRefreshToken) throws OAuthSystemException;
33 |
34 | //Always return new AccessToken, exclude refreshToken
35 | AccessToken retrieveNewAccessToken(ClientDetails clientDetails, Set scopes) throws OAuthSystemException;
36 |
37 | OauthCode loadOauthCode(String code, ClientDetails clientDetails);
38 |
39 | boolean removeOauthCode(String code, ClientDetails clientDetails);
40 |
41 | //Always return new AccessToken
42 | AccessToken retrieveAuthorizationCodeAccessToken(ClientDetails clientDetails, String code) throws OAuthSystemException;
43 |
44 | //grant_type=password AccessToken
45 | AccessToken retrievePasswordAccessToken(ClientDetails clientDetails, Set scopes, String username) throws OAuthSystemException;
46 |
47 | //grant_type=client_credentials
48 | AccessToken retrieveClientCredentialsAccessToken(ClientDetails clientDetails, Set scopes) throws OAuthSystemException;
49 |
50 | AccessToken loadAccessTokenByRefreshToken(String refreshToken, String clientId);
51 |
52 | AccessToken changeAccessTokenByRefreshToken(String refreshToken, String clientId) throws OAuthSystemException;
53 | }
54 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/service/business/AccessTokenRetriever.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.service.business;
13 |
14 | import com.monkeyk.os.domain.oauth.AccessToken;
15 | import com.monkeyk.os.domain.oauth.ClientDetails;
16 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
17 | import org.apache.oltu.oauth2.common.utils.OAuthUtils;
18 | import org.slf4j.Logger;
19 | import org.slf4j.LoggerFactory;
20 |
21 | import java.util.Set;
22 |
23 | /**
24 | * 2015/10/22
25 | *
26 | * @author Shengzhao Li
27 | */
28 | public class AccessTokenRetriever extends AbstractAccessTokenHandler {
29 |
30 | private static final Logger LOG = LoggerFactory.getLogger(AccessTokenRetriever.class);
31 |
32 | private final ClientDetails clientDetails;
33 | private final Set scopes;
34 | private final boolean includeRefreshToken;
35 |
36 | public AccessTokenRetriever(ClientDetails clientDetails, Set scopes, boolean includeRefreshToken) {
37 | this.clientDetails = clientDetails;
38 | this.scopes = scopes;
39 | this.includeRefreshToken = includeRefreshToken;
40 | }
41 |
42 | public AccessToken retrieve() throws OAuthSystemException {
43 |
44 | String scope = OAuthUtils.encodeScopes(scopes);
45 | final String username = currentUsername();
46 | final String clientId = clientDetails.clientId();
47 |
48 | final String authenticationId = authenticationIdGenerator.generate(clientId, username, scope);
49 |
50 | AccessToken accessToken = oauthRepository.findAccessToken(clientId, username, authenticationId);
51 | if (accessToken == null) {
52 | accessToken = createAndSaveAccessToken(clientDetails, includeRefreshToken, username, authenticationId);
53 | LOG.debug("Create a new AccessToken: {}", accessToken);
54 | }
55 |
56 | return accessToken;
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/infrastructure/jdbc/UsersJdbcRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.infrastructure.jdbc;
13 |
14 | import com.monkeyk.os.domain.users.*;
15 | import org.springframework.stereotype.Repository;
16 |
17 | import java.util.List;
18 |
19 | /**
20 | * 2015/10/26
21 | *
22 | * @author Shengzhao Li
23 | */
24 | @Repository("usersJdbcRepository")
25 | public class UsersJdbcRepository extends AbstractJdbcRepository implements UsersRepository {
26 |
27 |
28 | private static UsersRowMapper usersRowMapper = new UsersRowMapper();
29 |
30 | private static RolesRowMapper rolesRowMapper = new RolesRowMapper();
31 |
32 | private RolesPermissionsRowMapper rolesPermissionsRowMapper = new RolesPermissionsRowMapper();
33 |
34 |
35 | @Override
36 | public Users findUsersByUsername(String username) {
37 | final String sql = " select u.* from users u where u.archived = false and u.username = ? ";
38 | final List usersList = jdbcTemplate.query(sql, usersRowMapper, username);
39 | return usersList.isEmpty() ? null : usersList.get(0);
40 | }
41 |
42 |
43 | @Override
44 | public List findRolesByUsername(String username) {
45 | final String roleSql = " select r.* from roles r, user_roles ur, users u where u.archived = false " +
46 | " and u.id = ur.users_id and ur.roles_id = r.id and u.username = ? ";
47 | final List rolesList = jdbcTemplate.query(roleSql, rolesRowMapper, username);
48 |
49 | //load permissions
50 | for (Roles roles : rolesList) {
51 | loadRolesPermissions(roles);
52 | }
53 |
54 | return rolesList;
55 | }
56 |
57 | private void loadRolesPermissions(Roles roles) {
58 | final String pSql = " select p.* from roles_permissions p where p.roles_id = ? ";
59 | final List list = jdbcTemplate.query(pSql, rolesPermissionsRowMapper, roles.id());
60 | roles.permissions().addAll(list);
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/core/src/main/java/com/monkeyk/os/domain/AbstractIdDomain.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.domain;
13 |
14 | import com.monkeyk.os.domain.shared.GuidGenerator;
15 |
16 | /**
17 | * 2015/10/26
18 | *
19 | *
20 | * Add id, version field and so on
21 | * 扩展 AbstractDomain 的抽象类, 增加 字段id, version, archived, guid
22 | *
23 | * @author Shengzhao Li
24 | */
25 | public abstract class AbstractIdDomain extends AbstractDomain {
26 |
27 | private static final long serialVersionUID = 4653514788456221527L;
28 |
29 |
30 | protected int id;
31 |
32 | /*
33 | * 实现数据 乐观锁
34 | * */
35 | // Optimistic lock
36 | protected int version = 0;
37 |
38 | /**
39 | * 数据逻辑删除的 标记
40 | */
41 | // logic delete label
42 | protected boolean archived = false;
43 |
44 | /**
45 | * 数据业务ID
46 | */
47 | // business id
48 | protected String guid = GuidGenerator.generate();
49 |
50 |
51 | public AbstractIdDomain() {
52 | }
53 |
54 | public int id() {
55 | return id;
56 | }
57 |
58 | @SuppressWarnings("unchecked")
59 | public T id(int id) {
60 | this.id = id;
61 | return (T) this;
62 | }
63 |
64 | public int version() {
65 | return version;
66 | }
67 |
68 | @SuppressWarnings("unchecked")
69 | public T version(int version) {
70 | this.version = version;
71 | return (T) this;
72 | }
73 |
74 | public boolean archived() {
75 | return archived;
76 | }
77 |
78 | @SuppressWarnings("unchecked")
79 | public T archived(boolean archived) {
80 | this.archived = archived;
81 | return (T) this;
82 | }
83 |
84 | public String guid() {
85 | return guid;
86 | }
87 |
88 | @SuppressWarnings("unchecked")
89 | public T guid(String guid) {
90 | this.guid = guid;
91 | return (T) this;
92 | }
93 | }
94 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/service/business/AuthCodeRetriever.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.service.business;
13 |
14 | import com.monkeyk.os.domain.oauth.ClientDetails;
15 | import com.monkeyk.os.domain.oauth.OauthCode;
16 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
17 | import org.slf4j.Logger;
18 | import org.slf4j.LoggerFactory;
19 |
20 | /**
21 | * 2015/10/22
22 | *
23 | * @author Shengzhao Li
24 | */
25 | public class AuthCodeRetriever extends AbstractOAuthHolder {
26 |
27 | private static final Logger LOG = LoggerFactory.getLogger(AuthCodeRetriever.class);
28 |
29 |
30 |
31 | private ClientDetails clientDetails;
32 |
33 | public AuthCodeRetriever(ClientDetails clientDetails) {
34 | this.clientDetails = clientDetails;
35 | }
36 |
37 | public String retrieve() throws OAuthSystemException {
38 |
39 | final String clientId = clientDetails.clientId();
40 | final String username = currentUsername();
41 |
42 | OauthCode oauthCode = oauthRepository.findOauthCodeByUsernameClientId(username, clientId);
43 | if (oauthCode != null) {
44 | //Always delete exist
45 | LOG.debug("OauthCode ({}) is existed, remove it and create a new one", oauthCode);
46 | oauthRepository.deleteOauthCode(oauthCode);
47 | }
48 | //create a new one
49 | oauthCode = createOauthCode();
50 |
51 | return oauthCode.code();
52 | }
53 |
54 |
55 | private OauthCode createOauthCode() throws OAuthSystemException {
56 | final String authCode = oAuthIssuer.authorizationCode();
57 |
58 | LOG.debug("Save OauthCode authorizationCode '{}' of ClientDetails '{}'", authCode, clientDetails);
59 | final String username = currentUsername();
60 | OauthCode oauthCode = new OauthCode().code(authCode).username(username).clientId(clientDetails.clientId());
61 |
62 | oauthRepository.saveOauthCode(oauthCode);
63 | return oauthCode;
64 | }
65 |
66 |
67 | }
68 |
--------------------------------------------------------------------------------
/resources/src/main/webapp/WEB-INF/mkk-servlet.xml:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
41 |
42 |
43 |
45 |
47 |
48 |
49 |
50 |
51 |
--------------------------------------------------------------------------------
/authz/src/main/resources/spring/authz-redis.xml:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
--------------------------------------------------------------------------------
/resources/src/main/resources/spring/rs-redis.xml:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/web/controller/ShiroController.java:
--------------------------------------------------------------------------------
1 | package com.monkeyk.os.web.controller;
2 |
3 | import com.monkeyk.os.service.dto.LoginDto;
4 | import org.apache.shiro.SecurityUtils;
5 | import org.apache.shiro.authc.UsernamePasswordToken;
6 | import org.slf4j.Logger;
7 | import org.slf4j.LoggerFactory;
8 | import org.springframework.stereotype.Controller;
9 | import org.springframework.ui.Model;
10 | import org.springframework.validation.BindingResult;
11 | import org.springframework.web.bind.annotation.ModelAttribute;
12 | import org.springframework.web.bind.annotation.RequestMapping;
13 | import org.springframework.web.bind.annotation.RequestMethod;
14 |
15 | /**
16 | * 15-6-10
17 | *
18 | * Just test Shiro
19 | *
20 | * @author Shengzhao Li
21 | */
22 | @Controller
23 | public class ShiroController {
24 |
25 | private static final Logger LOG = LoggerFactory.getLogger(ShiroController.class);
26 |
27 |
28 | @RequestMapping("index")
29 | public String index() {
30 | return "index";
31 | }
32 |
33 | @RequestMapping("unauthorized")
34 | public String unauthorized() {
35 | return "unauthorized";
36 | }
37 |
38 | /*
39 | * Logout
40 | */
41 | // @RequestMapping("logout")
42 | // public String logout() {
43 | // final Subject subject = SecurityUtils.getSubject();
44 | // LOG.debug("{} is logout", subject.getPrincipal());
45 | // subject.logout();
46 | // return "redirect:/";
47 | // }
48 |
49 | /*
50 | * Go login page
51 | */
52 | @RequestMapping(value = "login", method = RequestMethod.GET)
53 | public String login(Model model) {
54 | final LoginDto loginDto = new LoginDto();
55 | //TODO: Just testing
56 | loginDto.setUsername("test");
57 |
58 | model.addAttribute("formDto", loginDto);
59 | return "login";
60 | }
61 |
62 | @RequestMapping(value = "login", method = RequestMethod.POST)
63 | public String login(@ModelAttribute("formDto") LoginDto formDto, BindingResult errors) {
64 |
65 | UsernamePasswordToken token = formDto.token();
66 | token.setRememberMe(false);
67 |
68 | try {
69 | SecurityUtils.getSubject().login(token);
70 | } catch (Exception e) {
71 | LOG.debug("Error authenticating.", e);
72 | errors.rejectValue("username", null, "The username or password was not correct.");
73 | return "login";
74 | }
75 |
76 | return "redirect:index";
77 | }
78 |
79 |
80 | }
81 |
--------------------------------------------------------------------------------
/authz/src/main/webapp/WEB-INF/mkk-servlet.xml:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
42 |
43 |
44 |
46 |
48 |
49 |
50 |
51 |
52 |
--------------------------------------------------------------------------------
/others/oauth_test.txt:
--------------------------------------------------------------------------------
1 |
2 | Make sure project modules context path as below:
3 | authz -> authz
4 | resources -> rs
5 |
6 |
7 | -- Test grant_type = 'authorization_code' , get code
8 |
9 | http://localhost:8080/authz/oauth/authorize?response_type=code&scope=read write&client_id=test&redirect_uri=http%3A%2F%2Flocalhost%3A7777%2Fspring-oauth-client%2Fauthorization_code_callback&state=09876999
10 |
11 | http://localhost:8080/authz/oauth/authorize?response_type=code&scope=read%20write&client_id=test&redirect_uri=http%3A%2F%2Flocalhost%3A7777%2Fspring-oauth-client%2Fauthorization_code_callback&state=swss58522555
12 |
13 |
14 | -- Test grant_type = 'token'
15 | -- implicit
16 |
17 | http://localhost:8080/authz/oauth/authorize?response_type=token&scope=read write&client_id=test&client_secret=test&redirect_uri=http%3A%2F%2Flocalhost%3A7777%2Fspring-oauth-client%2Fauthorization_code_callback
18 |
19 |
20 | -- Test from 'code' get 'token' [POST]
21 | http://localhost:8080/authz/oauth/token?client_id=test&client_secret=test&grant_type=authorization_code&code=ac0bd18863b07adfb518cc6e6dfcfcab&redirect_uri=http://localhost:8080/os/oauth/authorize?response_type=code&scope=read%20write&client_id=test&redirect_uri=http%3A%2F%2Flocalhost%3A7777%2Fspring-oauth-client%2Fauthorization_code_callback&state=09876999
22 |
23 |
24 |
25 | -- Test grant_type='password' [POST]
26 | http://localhost:8080/authz/oauth/token?client_id=test&client_secret=test&grant_type=password&scope=read write&username=test&password=test
27 |
28 |
29 |
30 | -- Test grant_type='client_credentials' [POST]
31 | http://localhost:8080/authz/oauth/token?client_id=test&client_secret=test&grant_type=client_credentials&scope=read
32 |
33 |
34 | -- Test grant_type='refresh_token' [POST]
35 | http://localhost:8080/authz/oauth/token?client_id=test&client_secret=test&grant_type=refresh_token&refresh_token=b36f4978a1724aa8af8960f58abe3ba1
36 |
37 |
38 |
39 | --
40 | Test-Page URL: http://localhost:8080/authz/resources/oauth_test.html
41 | --
42 |
43 |
44 | --注意: scope是用空格分隔的, 如:read write
45 |
46 |
47 |
48 | -- Test resource
49 | http://localhost:8080/rs/rs/username?access_token=6b7b0726e603cd04c797d5b28c7be4c4
50 |
51 |
52 | --
53 | -- Mobile Resource
54 | --
55 |
56 | -- Test grant_type='password' [POST]
57 | http://localhost:8080/authz/oauth/token?client_id=mobile&client_secret=mobile&grant_type=password&scope=read write&username=test&password=test
58 |
59 |
60 |
61 | -- Test mobile resource
62 | http://qc8.cc:8080/rs/mobile/system_time?access_token=b69c2f61212780c901e69cebd6854667
63 |
64 |
65 |
--------------------------------------------------------------------------------
/core/src/main/java/com/monkeyk/os/infrastructure/cache/AbstractCacheSupport.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 MONKEYK Information Technology Co. Ltd
3 | * www.monkeyk.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * MONKEYK Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with MONKEYK Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.infrastructure.cache;
13 |
14 | import org.slf4j.Logger;
15 | import org.slf4j.LoggerFactory;
16 | import org.springframework.cache.Cache;
17 |
18 | /**
19 | * 2015/10/26
20 | *
21 | * 公共类,将常用 的缓存操作放置于此
22 | *
23 | * @author Shengzhao Li
24 | */
25 | public abstract class AbstractCacheSupport {
26 |
27 |
28 | private static final Logger LOG = LoggerFactory.getLogger(AbstractCacheSupport.class);
29 |
30 |
31 | /**
32 | * 从指定的缓存中获取缓存数据
33 | *
34 | * @param cache Cache
35 | * @param key Cache key
36 | * @return Cache value
37 | */
38 | protected Object getFromCache(Cache cache, String key) {
39 | final Cache.ValueWrapper valueWrapper = cache.get(key);
40 | return valueWrapper == null ? null : valueWrapper.get();
41 | }
42 |
43 |
44 | /**
45 | * 向缓存中添加 缓存数据
46 | *
47 | * @param cache Cache
48 | * @param key Cache key
49 | * @param value Cache value, null will return false
50 | * @return True is successful,otherwise false
51 | */
52 | protected boolean putToCache(Cache cache, Object key, Object value) {
53 | if (value == null) {
54 | LOG.debug("Ignore put to cache[{}], key = {}, because value is null", cache, key);
55 | return false;
56 | }
57 | cache.put(key, value);
58 | LOG.debug("Put [{} = {}] to cache[{}]", key, value, cache);
59 | return true;
60 | }
61 |
62 |
63 | /**
64 | * 清除缓存中具体的 缓存数据
65 | *
66 | * @param cache Cache
67 | * @param key Cache key
68 | * @return True is evict successful
69 | */
70 | protected boolean evictFromCache(Cache cache, Object key) {
71 | if (key == null) {
72 | LOG.debug("Ignore evict from cache[{}], because key is null", cache);
73 | return false;
74 | }
75 | cache.evict(key);
76 | LOG.debug("Evict key[{}] from cache[{}]", key, cache);
77 | return true;
78 | }
79 |
80 |
81 | }
82 |
--------------------------------------------------------------------------------
/authz/src/main/java/com/monkeyk/os/oauth/token/OAuthTokenHandleDispatcher.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2013 Andaily Information Technology Co. Ltd
3 | * www.andaily.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * Andaily Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with Andaily Information Technology Co. Ltd.
11 | */
12 | package com.monkeyk.os.oauth.token;
13 |
14 | import com.monkeyk.os.oauth.OAuthTokenxRequest;
15 | import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
16 | import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
17 | import org.slf4j.Logger;
18 | import org.slf4j.LoggerFactory;
19 |
20 | import javax.servlet.http.HttpServletResponse;
21 | import java.util.ArrayList;
22 | import java.util.List;
23 |
24 | /**
25 | * 2015/7/3
26 | *
27 | * @author Shengzhao Li
28 | */
29 | public class OAuthTokenHandleDispatcher {
30 |
31 | private static final Logger LOG = LoggerFactory.getLogger(OAuthTokenHandleDispatcher.class);
32 |
33 | private List handlers = new ArrayList<>();
34 |
35 | private final OAuthTokenxRequest tokenRequest;
36 | private final HttpServletResponse response;
37 |
38 | public OAuthTokenHandleDispatcher(OAuthTokenxRequest tokenRequest, HttpServletResponse response) {
39 | this.tokenRequest = tokenRequest;
40 | this.response = response;
41 |
42 | initialHandlers();
43 | }
44 |
45 | private void initialHandlers() {
46 | handlers.add(new AuthorizationCodeTokenHandler());
47 | handlers.add(new PasswordTokenHandler());
48 | handlers.add(new RefreshTokenHandler());
49 |
50 | handlers.add(new ClientCredentialsTokenHandler());
51 |
52 | LOG.debug("Initialed '{}' OAuthTokenHandler(s): {}", handlers.size(), handlers);
53 | }
54 |
55 |
56 | public void dispatch() throws OAuthProblemException, OAuthSystemException {
57 | for (OAuthTokenHandler handler : handlers) {
58 | if (handler.support(tokenRequest)) {
59 | LOG.debug("Found '{}' handle OAuthTokenxRequest: {}", handler, tokenRequest);
60 | handler.handle(tokenRequest, response);
61 | return;
62 | }
63 | }
64 | throw new IllegalStateException("Not found 'OAuthTokenHandler' to handle OAuthTokenxRequest: " + tokenRequest);
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/authz/src/main/webapp/WEB-INF/jsp/oauth/oauth_login.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | * Copyright (c) 2013 Andaily Information Technology Co. Ltd
3 | * www.andaily.com
4 | * All rights reserved.
5 | *
6 | * This software is the confidential and proprietary information of
7 | * Andaily Information Technology Co. Ltd ("Confidential Information").
8 | * You shall not disclose such Confidential Information and shall use
9 | * it only in accordance with the terms of the license agreement you
10 | * entered into with Andaily Information Technology Co. Ltd.
11 | --%>
12 | <%--
13 | *
14 | * @author Shengzhao Li
15 | --%>
16 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
17 | <%@ include file="../comm-header.jsp" %>
18 |
19 |
20 |
21 | Oauth Login
22 |
23 |
24 |
25 |
26 |
Oauth Login
27 |
28 |
29 | Login for client_id: '${param.client_id}'.
30 |
31 |
32 |
48 |
51 |
You can use the users to login as follow:
52 |
53 |
54 |
55 | | username |
56 | password |
57 | grant_types |
58 | roles |
59 |
60 |
61 |
62 |
63 | | test |
64 | test |
65 | authorization_code,password,refresh_token,client_credentials |
66 | User(id=22) |
67 |
68 |
69 |
70 |