├── README.md
├── SpringAuthorizationServerCustomPasswordGrantType
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── willydekeyser
│ │ │ ├── SpringAuthorizationServerCustomPasswordGrantTypeApplication.java
│ │ │ ├── config
│ │ │ └── SecurityConfig.java
│ │ │ └── security
│ │ │ ├── CustomCodeGrantAuthenticationConverter.java
│ │ │ ├── CustomCodeGrantAuthenticationProvider.java
│ │ │ └── CustomCodeGrantAuthenticationToken.java
│ └── resources
│ │ └── application.properties
│ └── test
│ └── java
│ └── willydekeyser
│ └── SpringAuthorizationServerCustomPasswordGrantTypeApplicationTests.java
└── SpringResourceServerCustomPasswordGrantType
├── .gitignore
├── .mvn
└── wrapper
│ ├── maven-wrapper.jar
│ └── maven-wrapper.properties
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
├── main
├── java
│ └── willydekeyser
│ │ ├── SpringResourceServerCustomPasswordGrantTypeApplication.java
│ │ ├── config
│ │ └── SecurityConfig.java
│ │ └── controller
│ │ └── HomeController.java
└── resources
│ └── application.yml
└── test
└── java
└── willydekeyser
└── SpringResourceServerCustomPasswordGrantTypeApplicationTests.java
/README.md:
--------------------------------------------------------------------------------
1 | # SpringAuthorizationServerCustomPasswordGrantType
2 | Spring Authorization Server Custom Password Grant Type
3 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/.gitignore:
--------------------------------------------------------------------------------
1 | HELP.md
2 | target/
3 | !.mvn/wrapper/maven-wrapper.jar
4 | !**/src/main/**/target/
5 | !**/src/test/**/target/
6 |
7 | ### STS ###
8 | .apt_generated
9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 | .sts4-cache
15 |
16 | ### IntelliJ IDEA ###
17 | .idea
18 | *.iws
19 | *.iml
20 | *.ipr
21 |
22 | ### NetBeans ###
23 | /nbproject/private/
24 | /nbbuild/
25 | /dist/
26 | /nbdist/
27 | /.nb-gradle/
28 | build/
29 | !**/src/main/**/build/
30 | !**/src/test/**/build/
31 |
32 | ### VS Code ###
33 | .vscode/
34 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wdkeyser02/SpringAuthorizationServerCustomPasswordGrantType/fc8ccd590ff10f4e582d961389078e151831d2a3/SpringAuthorizationServerCustomPasswordGrantType/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar
3 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # https://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Apache Maven Wrapper startup batch script, version 3.2.0
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | # e.g. to debug Maven itself, use
32 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | # ----------------------------------------------------------------------------
35 |
36 | if [ -z "$MAVEN_SKIP_RC" ] ; then
37 |
38 | if [ -f /usr/local/etc/mavenrc ] ; then
39 | . /usr/local/etc/mavenrc
40 | fi
41 |
42 | if [ -f /etc/mavenrc ] ; then
43 | . /etc/mavenrc
44 | fi
45 |
46 | if [ -f "$HOME/.mavenrc" ] ; then
47 | . "$HOME/.mavenrc"
48 | fi
49 |
50 | fi
51 |
52 | # OS specific support. $var _must_ be set to either true or false.
53 | cygwin=false;
54 | darwin=false;
55 | mingw=false
56 | case "$(uname)" in
57 | CYGWIN*) cygwin=true ;;
58 | MINGW*) mingw=true;;
59 | Darwin*) darwin=true
60 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
61 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
62 | if [ -z "$JAVA_HOME" ]; then
63 | if [ -x "/usr/libexec/java_home" ]; then
64 | JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME
65 | else
66 | JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
67 | fi
68 | fi
69 | ;;
70 | esac
71 |
72 | if [ -z "$JAVA_HOME" ] ; then
73 | if [ -r /etc/gentoo-release ] ; then
74 | JAVA_HOME=$(java-config --jre-home)
75 | fi
76 | fi
77 |
78 | # For Cygwin, ensure paths are in UNIX format before anything is touched
79 | if $cygwin ; then
80 | [ -n "$JAVA_HOME" ] &&
81 | JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
82 | [ -n "$CLASSPATH" ] &&
83 | CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
84 | fi
85 |
86 | # For Mingw, ensure paths are in UNIX format before anything is touched
87 | if $mingw ; then
88 | [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] &&
89 | JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)"
90 | fi
91 |
92 | if [ -z "$JAVA_HOME" ]; then
93 | javaExecutable="$(which javac)"
94 | if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then
95 | # readlink(1) is not available as standard on Solaris 10.
96 | readLink=$(which readlink)
97 | if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
98 | if $darwin ; then
99 | javaHome="$(dirname "\"$javaExecutable\"")"
100 | javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac"
101 | else
102 | javaExecutable="$(readlink -f "\"$javaExecutable\"")"
103 | fi
104 | javaHome="$(dirname "\"$javaExecutable\"")"
105 | javaHome=$(expr "$javaHome" : '\(.*\)/bin')
106 | JAVA_HOME="$javaHome"
107 | export JAVA_HOME
108 | fi
109 | fi
110 | fi
111 |
112 | if [ -z "$JAVACMD" ] ; then
113 | if [ -n "$JAVA_HOME" ] ; then
114 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
115 | # IBM's JDK on AIX uses strange locations for the executables
116 | JAVACMD="$JAVA_HOME/jre/sh/java"
117 | else
118 | JAVACMD="$JAVA_HOME/bin/java"
119 | fi
120 | else
121 | JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)"
122 | fi
123 | fi
124 |
125 | if [ ! -x "$JAVACMD" ] ; then
126 | echo "Error: JAVA_HOME is not defined correctly." >&2
127 | echo " We cannot execute $JAVACMD" >&2
128 | exit 1
129 | fi
130 |
131 | if [ -z "$JAVA_HOME" ] ; then
132 | echo "Warning: JAVA_HOME environment variable is not set."
133 | fi
134 |
135 | # traverses directory structure from process work directory to filesystem root
136 | # first directory with .mvn subdirectory is considered project base directory
137 | find_maven_basedir() {
138 | if [ -z "$1" ]
139 | then
140 | echo "Path not specified to find_maven_basedir"
141 | return 1
142 | fi
143 |
144 | basedir="$1"
145 | wdir="$1"
146 | while [ "$wdir" != '/' ] ; do
147 | if [ -d "$wdir"/.mvn ] ; then
148 | basedir=$wdir
149 | break
150 | fi
151 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
152 | if [ -d "${wdir}" ]; then
153 | wdir=$(cd "$wdir/.." || exit 1; pwd)
154 | fi
155 | # end of workaround
156 | done
157 | printf '%s' "$(cd "$basedir" || exit 1; pwd)"
158 | }
159 |
160 | # concatenates all lines of a file
161 | concat_lines() {
162 | if [ -f "$1" ]; then
163 | # Remove \r in case we run on Windows within Git Bash
164 | # and check out the repository with auto CRLF management
165 | # enabled. Otherwise, we may read lines that are delimited with
166 | # \r\n and produce $'-Xarg\r' rather than -Xarg due to word
167 | # splitting rules.
168 | tr -s '\r\n' ' ' < "$1"
169 | fi
170 | }
171 |
172 | log() {
173 | if [ "$MVNW_VERBOSE" = true ]; then
174 | printf '%s\n' "$1"
175 | fi
176 | }
177 |
178 | BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
179 | if [ -z "$BASE_DIR" ]; then
180 | exit 1;
181 | fi
182 |
183 | MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
184 | log "$MAVEN_PROJECTBASEDIR"
185 |
186 | ##########################################################################################
187 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
188 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
189 | ##########################################################################################
190 | wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
191 | if [ -r "$wrapperJarPath" ]; then
192 | log "Found $wrapperJarPath"
193 | else
194 | log "Couldn't find $wrapperJarPath, downloading it ..."
195 |
196 | if [ -n "$MVNW_REPOURL" ]; then
197 | wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
198 | else
199 | wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
200 | fi
201 | while IFS="=" read -r key value; do
202 | # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
203 | safeValue=$(echo "$value" | tr -d '\r')
204 | case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;;
205 | esac
206 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
207 | log "Downloading from: $wrapperUrl"
208 |
209 | if $cygwin; then
210 | wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
211 | fi
212 |
213 | if command -v wget > /dev/null; then
214 | log "Found wget ... using wget"
215 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
216 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
217 | wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
218 | else
219 | wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
220 | fi
221 | elif command -v curl > /dev/null; then
222 | log "Found curl ... using curl"
223 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
224 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
225 | curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
226 | else
227 | curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
228 | fi
229 | else
230 | log "Falling back to using Java to download"
231 | javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
232 | javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
233 | # For Cygwin, switch paths to Windows format before running javac
234 | if $cygwin; then
235 | javaSource=$(cygpath --path --windows "$javaSource")
236 | javaClass=$(cygpath --path --windows "$javaClass")
237 | fi
238 | if [ -e "$javaSource" ]; then
239 | if [ ! -e "$javaClass" ]; then
240 | log " - Compiling MavenWrapperDownloader.java ..."
241 | ("$JAVA_HOME/bin/javac" "$javaSource")
242 | fi
243 | if [ -e "$javaClass" ]; then
244 | log " - Running MavenWrapperDownloader.java ..."
245 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
246 | fi
247 | fi
248 | fi
249 | fi
250 | ##########################################################################################
251 | # End of extension
252 | ##########################################################################################
253 |
254 | # If specified, validate the SHA-256 sum of the Maven wrapper jar file
255 | wrapperSha256Sum=""
256 | while IFS="=" read -r key value; do
257 | case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;
258 | esac
259 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
260 | if [ -n "$wrapperSha256Sum" ]; then
261 | wrapperSha256Result=false
262 | if command -v sha256sum > /dev/null; then
263 | if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then
264 | wrapperSha256Result=true
265 | fi
266 | elif command -v shasum > /dev/null; then
267 | if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then
268 | wrapperSha256Result=true
269 | fi
270 | else
271 | echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available."
272 | echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties."
273 | exit 1
274 | fi
275 | if [ $wrapperSha256Result = false ]; then
276 | echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2
277 | echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2
278 | echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
279 | exit 1
280 | fi
281 | fi
282 |
283 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
284 |
285 | # For Cygwin, switch paths to Windows format before running java
286 | if $cygwin; then
287 | [ -n "$JAVA_HOME" ] &&
288 | JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
289 | [ -n "$CLASSPATH" ] &&
290 | CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
291 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
292 | MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
293 | fi
294 |
295 | # Provide a "standardized" way to retrieve the CLI args that will
296 | # work with both Windows and non-Windows executions.
297 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
298 | export MAVEN_CMD_LINE_ARGS
299 |
300 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
301 |
302 | # shellcheck disable=SC2086 # safe args
303 | exec "$JAVACMD" \
304 | $MAVEN_OPTS \
305 | $MAVEN_DEBUG_OPTS \
306 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
307 | "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
308 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
309 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM https://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Apache Maven Wrapper startup batch script, version 3.2.0
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
28 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
29 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
30 | @REM e.g. to debug Maven itself, use
31 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
32 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
33 | @REM ----------------------------------------------------------------------------
34 |
35 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
36 | @echo off
37 | @REM set title of command window
38 | title %0
39 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
40 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
41 |
42 | @REM set %HOME% to equivalent of $HOME
43 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
44 |
45 | @REM Execute a user defined script before this one
46 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
47 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
48 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
49 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
50 | :skipRcPre
51 |
52 | @setlocal
53 |
54 | set ERROR_CODE=0
55 |
56 | @REM To isolate internal variables from possible post scripts, we use another setlocal
57 | @setlocal
58 |
59 | @REM ==== START VALIDATION ====
60 | if not "%JAVA_HOME%" == "" goto OkJHome
61 |
62 | echo.
63 | echo Error: JAVA_HOME not found in your environment. >&2
64 | echo Please set the JAVA_HOME variable in your environment to match the >&2
65 | echo location of your Java installation. >&2
66 | echo.
67 | goto error
68 |
69 | :OkJHome
70 | if exist "%JAVA_HOME%\bin\java.exe" goto init
71 |
72 | echo.
73 | echo Error: JAVA_HOME is set to an invalid directory. >&2
74 | echo JAVA_HOME = "%JAVA_HOME%" >&2
75 | echo Please set the JAVA_HOME variable in your environment to match the >&2
76 | echo location of your Java installation. >&2
77 | echo.
78 | goto error
79 |
80 | @REM ==== END VALIDATION ====
81 |
82 | :init
83 |
84 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
85 | @REM Fallback to current working directory if not found.
86 |
87 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
88 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
89 |
90 | set EXEC_DIR=%CD%
91 | set WDIR=%EXEC_DIR%
92 | :findBaseDir
93 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
94 | cd ..
95 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
96 | set WDIR=%CD%
97 | goto findBaseDir
98 |
99 | :baseDirFound
100 | set MAVEN_PROJECTBASEDIR=%WDIR%
101 | cd "%EXEC_DIR%"
102 | goto endDetectBaseDir
103 |
104 | :baseDirNotFound
105 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
106 | cd "%EXEC_DIR%"
107 |
108 | :endDetectBaseDir
109 |
110 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
111 |
112 | @setlocal EnableExtensions EnableDelayedExpansion
113 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
114 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
115 |
116 | :endReadAdditionalConfig
117 |
118 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
123 |
124 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
125 | IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
126 | )
127 |
128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
130 | if exist %WRAPPER_JAR% (
131 | if "%MVNW_VERBOSE%" == "true" (
132 | echo Found %WRAPPER_JAR%
133 | )
134 | ) else (
135 | if not "%MVNW_REPOURL%" == "" (
136 | SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
137 | )
138 | if "%MVNW_VERBOSE%" == "true" (
139 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
140 | echo Downloading from: %WRAPPER_URL%
141 | )
142 |
143 | powershell -Command "&{"^
144 | "$webclient = new-object System.Net.WebClient;"^
145 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
146 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
147 | "}"^
148 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
149 | "}"
150 | if "%MVNW_VERBOSE%" == "true" (
151 | echo Finished downloading %WRAPPER_JAR%
152 | )
153 | )
154 | @REM End of extension
155 |
156 | @REM If specified, validate the SHA-256 sum of the Maven wrapper jar file
157 | SET WRAPPER_SHA_256_SUM=""
158 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
159 | IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B
160 | )
161 | IF NOT %WRAPPER_SHA_256_SUM%=="" (
162 | powershell -Command "&{"^
163 | "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^
164 | "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^
165 | " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^
166 | " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^
167 | " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^
168 | " exit 1;"^
169 | "}"^
170 | "}"
171 | if ERRORLEVEL 1 goto error
172 | )
173 |
174 | @REM Provide a "standardized" way to retrieve the CLI args that will
175 | @REM work with both Windows and non-Windows executions.
176 | set MAVEN_CMD_LINE_ARGS=%*
177 |
178 | %MAVEN_JAVA_EXE% ^
179 | %JVM_CONFIG_MAVEN_PROPS% ^
180 | %MAVEN_OPTS% ^
181 | %MAVEN_DEBUG_OPTS% ^
182 | -classpath %WRAPPER_JAR% ^
183 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
184 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
185 | if ERRORLEVEL 1 goto error
186 | goto end
187 |
188 | :error
189 | set ERROR_CODE=1
190 |
191 | :end
192 | @endlocal & set ERROR_CODE=%ERROR_CODE%
193 |
194 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
195 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
196 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
197 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
198 | :skipRcPost
199 |
200 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
201 | if "%MAVEN_BATCH_PAUSE%"=="on" pause
202 |
203 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
204 |
205 | cmd /C exit /B %ERROR_CODE%
206 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 3.1.5
9 |
10 |
11 | willydekeyser
12 | SpringAuthorizationServerCustomPasswordGrantType
13 | 0.0.1
14 | SpringAuthorizationServerCustomPasswordGrantType
15 | Spring Authorization Server Custom Password Grant Type
16 |
17 | 21
18 |
19 |
20 |
21 | org.springframework.boot
22 | spring-boot-starter-oauth2-authorization-server
23 |
24 |
25 |
26 | org.springframework.boot
27 | spring-boot-starter-test
28 | test
29 |
30 |
31 |
32 |
33 |
34 |
35 | org.springframework.boot
36 | spring-boot-maven-plugin
37 |
38 |
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/main/java/willydekeyser/SpringAuthorizationServerCustomPasswordGrantTypeApplication.java:
--------------------------------------------------------------------------------
1 | package willydekeyser;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class SpringAuthorizationServerCustomPasswordGrantTypeApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(SpringAuthorizationServerCustomPasswordGrantTypeApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/main/java/willydekeyser/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package willydekeyser.config;
2 |
3 | import java.security.KeyPair;
4 | import java.security.KeyPairGenerator;
5 | import java.security.interfaces.RSAPrivateKey;
6 | import java.security.interfaces.RSAPublicKey;
7 | import java.time.Duration;
8 | import java.util.Set;
9 | import java.util.UUID;
10 | import java.util.stream.Collectors;
11 |
12 | import org.springframework.context.annotation.Bean;
13 | import org.springframework.context.annotation.Configuration;
14 | import org.springframework.core.annotation.Order;
15 | import org.springframework.http.MediaType;
16 | import org.springframework.security.config.Customizer;
17 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
18 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
19 | import org.springframework.security.core.Authentication;
20 | import org.springframework.security.core.GrantedAuthority;
21 | import org.springframework.security.core.userdetails.User;
22 | import org.springframework.security.crypto.factory.PasswordEncoderFactories;
23 | import org.springframework.security.crypto.password.PasswordEncoder;
24 | import org.springframework.security.oauth2.core.AuthorizationGrantType;
25 | import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
26 | import org.springframework.security.oauth2.core.OAuth2Token;
27 | import org.springframework.security.oauth2.core.oidc.OidcScopes;
28 | import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
29 | import org.springframework.security.oauth2.jwt.JwtDecoder;
30 | import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
31 | import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService;
32 | import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
33 | import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
34 | import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
35 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
36 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
37 | import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
38 | import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
39 | import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
40 | import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
41 | import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
42 | import org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator;
43 | import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
44 | import org.springframework.security.oauth2.server.authorization.token.JwtGenerator;
45 | import org.springframework.security.oauth2.server.authorization.token.OAuth2AccessTokenGenerator;
46 | import org.springframework.security.oauth2.server.authorization.token.OAuth2RefreshTokenGenerator;
47 | import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
48 | import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
49 | import org.springframework.security.provisioning.InMemoryUserDetailsManager;
50 | import org.springframework.security.provisioning.UserDetailsManager;
51 | import org.springframework.security.web.SecurityFilterChain;
52 | import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
53 | import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
54 |
55 | import com.nimbusds.jose.jwk.JWKSet;
56 | import com.nimbusds.jose.jwk.RSAKey;
57 | import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
58 | import com.nimbusds.jose.jwk.source.JWKSource;
59 | import com.nimbusds.jose.proc.SecurityContext;
60 |
61 | import willydekeyser.security.CustomCodeGrantAuthenticationConverter;
62 | import willydekeyser.security.CustomCodeGrantAuthenticationProvider;
63 |
64 | @Configuration
65 | @EnableWebSecurity
66 | public class SecurityConfig {
67 |
68 | @Bean
69 | @Order(1)
70 | SecurityFilterChain authorizationServerSecurityFilterChain(
71 | HttpSecurity http)
72 | throws Exception {
73 | OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
74 | http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
75 | .oidc(Customizer.withDefaults())
76 | .tokenEndpoint(tokenEndpoint -> tokenEndpoint
77 | .accessTokenRequestConverter(new CustomCodeGrantAuthenticationConverter())
78 | .authenticationProvider(new CustomCodeGrantAuthenticationProvider(
79 | oAuth2AuthorizationService(),
80 | tokenGenerator(),
81 | inMemoryUserDetailsManager(),
82 | passwordEncoder())));
83 | http
84 | .exceptionHandling((exceptions) -> exceptions
85 | .defaultAuthenticationEntryPointFor(
86 | new LoginUrlAuthenticationEntryPoint("/login"),
87 | new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
88 | )
89 | )
90 | .oauth2ResourceServer((resourceServer) -> resourceServer
91 | .jwt(Customizer.withDefaults()));
92 |
93 | return http.build();
94 | }
95 |
96 | @Bean
97 | @Order(2)
98 | SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
99 | throws Exception {
100 | http
101 | .authorizeHttpRequests((authorize) -> authorize
102 | .anyRequest().authenticated()
103 | )
104 | .formLogin(Customizer.withDefaults());
105 |
106 | return http.build();
107 | }
108 |
109 | @Bean
110 | PasswordEncoder passwordEncoder() {
111 | return PasswordEncoderFactories.createDelegatingPasswordEncoder();
112 | }
113 |
114 | @Bean
115 | UserDetailsManager inMemoryUserDetailsManager() {
116 | var user1 = User.withUsername("user").password("{noop}password").roles("USER").build();
117 | var user2 = User.withUsername("admin").password("{noop}password").roles("USER", "ADMIN").build();
118 | return new InMemoryUserDetailsManager(user1, user2);
119 | }
120 |
121 | @Bean
122 | RegisteredClientRepository registeredClientRepository() {
123 | RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
124 | .clientId("client")
125 | .clientSecret("{noop}secret")
126 | .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
127 | .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
128 | .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
129 | .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
130 | .authorizationGrantType(new AuthorizationGrantType("custom_password"))
131 | .redirectUri("http://127.0.0.1:8080/login/oauth2")
132 | .postLogoutRedirectUri("http://127.0.0.1:8080/")
133 | .scope(OidcScopes.OPENID)
134 | .scope(OidcScopes.PROFILE)
135 | .clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build())
136 | .tokenSettings(TokenSettings.builder().accessTokenTimeToLive(Duration.ofHours(1)).build())
137 | .build();
138 |
139 | return new InMemoryRegisteredClientRepository(oidcClient);
140 | }
141 |
142 | @Bean
143 | JWKSource jwkSource() {
144 | KeyPair keyPair = generateRsaKey();
145 | RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
146 | RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
147 | RSAKey rsaKey = new RSAKey.Builder(publicKey)
148 | .privateKey(privateKey)
149 | .keyID(UUID.randomUUID().toString())
150 | .build();
151 | JWKSet jwkSet = new JWKSet(rsaKey);
152 | return new ImmutableJWKSet<>(jwkSet);
153 | }
154 |
155 | private static KeyPair generateRsaKey() {
156 | KeyPair keyPair;
157 | try {
158 | KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
159 | keyPairGenerator.initialize(2048);
160 | keyPair = keyPairGenerator.generateKeyPair();
161 | }
162 | catch (Exception ex) {
163 | throw new IllegalStateException(ex);
164 | }
165 | return keyPair;
166 | }
167 |
168 | @Bean
169 | JwtDecoder jwtDecoder(JWKSource jwkSource) {
170 | return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
171 | }
172 |
173 | @Bean
174 | AuthorizationServerSettings authorizationServerSettings() {
175 | return AuthorizationServerSettings.builder().build();
176 | }
177 |
178 | @Bean
179 | OAuth2AuthorizationService oAuth2AuthorizationService() {
180 | return new InMemoryOAuth2AuthorizationService();
181 | }
182 |
183 | @Bean
184 | OAuth2TokenGenerator tokenGenerator() {
185 | NimbusJwtEncoder jwtEncoder = new NimbusJwtEncoder(jwkSource());
186 | JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder);
187 | jwtGenerator.setJwtCustomizer(tokenCustomizer());
188 | OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
189 | OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
190 | return new DelegatingOAuth2TokenGenerator(
191 | jwtGenerator, accessTokenGenerator, refreshTokenGenerator);
192 | }
193 |
194 | @Bean
195 | OAuth2TokenCustomizer tokenCustomizer() {
196 | return context -> {
197 | Authentication principal = context.getPrincipal();
198 | if (OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
199 | Set authorities = principal.getAuthorities().stream().map(GrantedAuthority::getAuthority)
200 | .collect(Collectors.toSet());
201 | context.getClaims().claim("authorities", authorities);
202 | }
203 |
204 | if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) {
205 | Set authorities = principal.getAuthorities().stream().map(GrantedAuthority::getAuthority)
206 | .collect(Collectors.toSet());
207 | context.getClaims().claim("authorities", authorities);
208 | }
209 | };
210 | }
211 | }
212 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/main/java/willydekeyser/security/CustomCodeGrantAuthenticationConverter.java:
--------------------------------------------------------------------------------
1 | package willydekeyser.security;
2 |
3 | import java.util.HashMap;
4 | import java.util.Map;
5 |
6 | import org.springframework.lang.Nullable;
7 | import org.springframework.security.core.Authentication;
8 | import org.springframework.security.core.context.SecurityContextHolder;
9 | import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
10 | import org.springframework.security.web.authentication.AuthenticationConverter;
11 | import org.springframework.util.LinkedMultiValueMap;
12 | import org.springframework.util.MultiValueMap;
13 |
14 | import jakarta.servlet.http.HttpServletRequest;
15 |
16 | public class CustomCodeGrantAuthenticationConverter implements AuthenticationConverter {
17 |
18 | @Nullable
19 | @Override
20 | public Authentication convert(HttpServletRequest request) {
21 |
22 | String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
23 | if (!"custom_password".equals(grantType)) {
24 | return null;
25 | }
26 | Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
27 | MultiValueMap parameters = getParameters(request);
28 | Map additionalParameters = new HashMap<>();
29 | parameters.forEach((key, value) -> {
30 | if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
31 | !key.equals(OAuth2ParameterNames.CLIENT_ID)
32 | ) {
33 | additionalParameters.put(key, value.get(0));
34 | }
35 | });
36 | return new CustomCodeGrantAuthenticationToken(grantType, clientPrincipal, additionalParameters);
37 | }
38 |
39 | private static MultiValueMap getParameters(HttpServletRequest request) {
40 | Map parameterMap = request.getParameterMap();
41 | MultiValueMap parameters = new LinkedMultiValueMap<>(parameterMap.size());
42 | parameterMap.forEach((key, values) -> {
43 | if (values.length > 0) {
44 | for (String value : values) {
45 | parameters.add(key, value);
46 | }
47 | }
48 | });
49 | return parameters;
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/main/java/willydekeyser/security/CustomCodeGrantAuthenticationProvider.java:
--------------------------------------------------------------------------------
1 | package willydekeyser.security;
2 |
3 | import java.nio.charset.StandardCharsets;
4 | import java.security.MessageDigest;
5 | import java.security.NoSuchAlgorithmException;
6 | import java.security.Principal;
7 | import java.util.ArrayList;
8 | import java.util.Base64;
9 | import java.util.Collections;
10 | import java.util.Comparator;
11 | import java.util.HashMap;
12 | import java.util.HashSet;
13 | import java.util.List;
14 | import java.util.Map;
15 | import java.util.Set;
16 |
17 | import org.springframework.security.authentication.AuthenticationProvider;
18 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
19 | import org.springframework.security.core.Authentication;
20 | import org.springframework.security.core.AuthenticationException;
21 | import org.springframework.security.core.session.SessionInformation;
22 | import org.springframework.security.core.session.SessionRegistry;
23 | import org.springframework.security.core.userdetails.User;
24 | import org.springframework.security.core.userdetails.UserDetailsService;
25 | import org.springframework.security.core.userdetails.UsernameNotFoundException;
26 | import org.springframework.security.crypto.password.PasswordEncoder;
27 | import org.springframework.security.oauth2.core.AuthorizationGrantType;
28 | import org.springframework.security.oauth2.core.ClaimAccessor;
29 | import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
30 | import org.springframework.security.oauth2.core.OAuth2AccessToken;
31 | import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
32 | import org.springframework.security.oauth2.core.OAuth2Error;
33 | import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
34 | import org.springframework.security.oauth2.core.OAuth2RefreshToken;
35 | import org.springframework.security.oauth2.core.OAuth2Token;
36 | import org.springframework.security.oauth2.core.oidc.OidcIdToken;
37 | import org.springframework.security.oauth2.core.oidc.OidcScopes;
38 | import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
39 | import org.springframework.security.oauth2.jwt.Jwt;
40 | import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
41 | import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
42 | import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
43 | import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
44 | import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
45 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
46 | import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
47 | import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
48 | import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
49 | import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
50 | import org.springframework.security.provisioning.UserDetailsManager;
51 | import org.springframework.util.Assert;
52 | import org.springframework.util.CollectionUtils;
53 |
54 | public class CustomCodeGrantAuthenticationProvider implements AuthenticationProvider {
55 |
56 | private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
57 | private static final OAuth2TokenType ID_TOKEN_TOKEN_TYPE = new OAuth2TokenType(OidcParameterNames.ID_TOKEN);
58 | private final OAuth2AuthorizationService authorizationService;
59 | private final OAuth2TokenGenerator tokenGenerator;
60 | private final UserDetailsService userDetailsService;
61 | private final PasswordEncoder passwordEncoder;
62 | private String username = new String();
63 | private String password = new String();
64 | private Set authorizedScopes = new HashSet<>();
65 | private SessionRegistry sessionRegistry;
66 |
67 | public CustomCodeGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService,
68 | OAuth2TokenGenerator tokenGenerator, UserDetailsManager userDetailsService,
69 | PasswordEncoder passwordEncoder) {
70 | Assert.notNull(authorizationService, "authorizationService cannot be null");
71 | Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
72 | this.authorizationService = authorizationService;
73 | this.tokenGenerator = tokenGenerator;
74 | this.userDetailsService = userDetailsService;
75 | this.passwordEncoder = passwordEncoder;
76 | }
77 |
78 | @Override
79 | public Authentication authenticate(Authentication authentication) throws AuthenticationException {
80 |
81 | CustomCodeGrantAuthenticationToken customCodeGrantAuthentication = (CustomCodeGrantAuthenticationToken) authentication;
82 | OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(
83 | customCodeGrantAuthentication);
84 | RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
85 | username = customCodeGrantAuthentication.getUsername();
86 | password = customCodeGrantAuthentication.getPassword();
87 | authorizedScopes = customCodeGrantAuthentication.getScope();
88 | User user = null;
89 | try {
90 | user = (User) userDetailsService.loadUserByUsername(username);
91 | } catch (UsernameNotFoundException e) {
92 | throw new OAuth2AuthenticationException(OAuth2ErrorCodes.ACCESS_DENIED);
93 | }
94 | if (!passwordEncoder.matches(password, user.getPassword()) || !user.getUsername().equals(username)) {
95 | throw new OAuth2AuthenticationException(OAuth2ErrorCodes.ACCESS_DENIED);
96 | }
97 | if (!registeredClient.getAuthorizationGrantTypes().contains(customCodeGrantAuthentication.getGrantType())) {
98 | throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
99 | }
100 | authorizedScopes.forEach(scope -> {
101 | if (!registeredClient.getScopes().contains(scope)) {
102 | throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
103 | }
104 | });
105 | Authentication usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, null,
106 | user.getAuthorities());
107 |
108 | DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
109 | .registeredClient(registeredClient)
110 | .principal(usernamePasswordAuthenticationToken)
111 | .authorizationServerContext(AuthorizationServerContextHolder.getContext())
112 | .authorizedScopes(authorizedScopes)
113 | .authorizationGrantType(customCodeGrantAuthentication.getGrantType())
114 | .authorizationGrant(customCodeGrantAuthentication);
115 |
116 | // ----- Access Token -----
117 | OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
118 | OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
119 | if (generatedAccessToken == null) {
120 | OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
121 | "The token generator failed to generate the access token.", null);
122 | throw new OAuth2AuthenticationException(error);
123 | }
124 | OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
125 | generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
126 | generatedAccessToken.getExpiresAt(), null);
127 |
128 | OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
129 | .principalName(clientPrincipal.getName())
130 | .authorizationGrantType(customCodeGrantAuthentication.getGrantType());
131 | if (generatedAccessToken instanceof ClaimAccessor) {
132 | authorizationBuilder.token(accessToken,
133 | (metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME,
134 | ((ClaimAccessor) generatedAccessToken).getClaims()));
135 | } else {
136 | authorizationBuilder.accessToken(accessToken);
137 | }
138 |
139 | // ----- Refresh Token -----
140 | OAuth2RefreshToken refreshToken = null;
141 | if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN)
142 | && !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
143 | tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
144 | OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
145 | if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
146 | OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
147 | "The token generator failed to generate the refresh token.", ERROR_URI);
148 | throw new OAuth2AuthenticationException(error);
149 | }
150 | refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
151 | authorizationBuilder.refreshToken(refreshToken);
152 | }
153 |
154 | // ----- ID token -----
155 | OidcIdToken idToken;
156 | if (customCodeGrantAuthentication.getScope().contains(OidcScopes.OPENID)) {
157 | SessionInformation sessionInformation = getSessionInformation(usernamePasswordAuthenticationToken);
158 | if (sessionInformation != null) {
159 | try {
160 | sessionInformation = new SessionInformation(sessionInformation.getPrincipal(),
161 | createHash(sessionInformation.getSessionId()), sessionInformation.getLastRequest());
162 | } catch (NoSuchAlgorithmException ex) {
163 | OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
164 | "Failed to compute hash for Session ID.", ERROR_URI);
165 | throw new OAuth2AuthenticationException(error);
166 | }
167 | tokenContextBuilder.put(SessionInformation.class, sessionInformation);
168 | }
169 | tokenContext = tokenContextBuilder
170 | .tokenType(ID_TOKEN_TOKEN_TYPE)
171 | .authorization(authorizationBuilder.build())
172 | .build();
173 | OAuth2Token generatedIdToken = this.tokenGenerator.generate(tokenContext);
174 | if (!(generatedIdToken instanceof Jwt)) {
175 | OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
176 | "The token generator failed to generate the ID token.", ERROR_URI);
177 | throw new OAuth2AuthenticationException(error);
178 | }
179 | idToken = new OidcIdToken(generatedIdToken.getTokenValue(), generatedIdToken.getIssuedAt(),
180 | generatedIdToken.getExpiresAt(), ((Jwt) generatedIdToken).getClaims());
181 | authorizationBuilder.token(idToken,
182 | (metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
183 | } else {
184 | idToken = null;
185 | }
186 |
187 | Map additionalParameters = Collections.emptyMap();
188 | if (idToken != null) {
189 | additionalParameters = new HashMap<>();
190 | additionalParameters.put(OidcParameterNames.ID_TOKEN, idToken.getTokenValue());
191 | }
192 |
193 | OAuth2Authorization authorization = authorizationBuilder
194 | .accessToken(accessToken)
195 | .refreshToken(refreshToken)
196 | .authorizedScopes(authorizedScopes)
197 | .attribute(Principal.class.getName(), usernamePasswordAuthenticationToken)
198 | .build();
199 | this.authorizationService.save(authorization);
200 |
201 | return new OAuth2AccessTokenAuthenticationToken(registeredClient, usernamePasswordAuthenticationToken, accessToken, refreshToken, additionalParameters);
202 | }
203 |
204 | @Override
205 | public boolean supports(Class authentication) {
206 | return CustomCodeGrantAuthenticationToken.class.isAssignableFrom(authentication);
207 | }
208 |
209 | private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(
210 | Authentication authentication) {
211 | OAuth2ClientAuthenticationToken clientPrincipal = null;
212 | if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
213 | clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
214 | }
215 | if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
216 | return clientPrincipal;
217 | }
218 | throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
219 | }
220 |
221 | public void setSessionRegistry(SessionRegistry sessionRegistry) {
222 | Assert.notNull(sessionRegistry, "sessionRegistry cannot be null");
223 | this.sessionRegistry = sessionRegistry;
224 | }
225 |
226 | private SessionInformation getSessionInformation(Authentication principal) {
227 | SessionInformation sessionInformation = null;
228 | if (this.sessionRegistry != null) {
229 | List sessions = this.sessionRegistry.getAllSessions(principal.getPrincipal(), false);
230 | if (!CollectionUtils.isEmpty(sessions)) {
231 | sessionInformation = sessions.get(0);
232 | if (sessions.size() > 1) {
233 | // Get the most recent session
234 | sessions = new ArrayList<>(sessions);
235 | sessions.sort(Comparator.comparing(SessionInformation::getLastRequest));
236 | sessionInformation = sessions.get(sessions.size() - 1);
237 | }
238 | }
239 | }
240 | return sessionInformation;
241 | }
242 |
243 | private static String createHash(String value) throws NoSuchAlgorithmException {
244 | MessageDigest md = MessageDigest.getInstance("SHA-256");
245 | byte[] digest = md.digest(value.getBytes(StandardCharsets.US_ASCII));
246 | return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
247 | }
248 |
249 | }
250 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/main/java/willydekeyser/security/CustomCodeGrantAuthenticationToken.java:
--------------------------------------------------------------------------------
1 | package willydekeyser.security;
2 |
3 | import java.util.Map;
4 | import java.util.Set;
5 |
6 | import org.springframework.security.core.Authentication;
7 | import org.springframework.security.oauth2.core.AuthorizationGrantType;
8 | import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
9 | import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
10 | import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
11 | import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
12 | import org.springframework.util.StringUtils;
13 |
14 | public class CustomCodeGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
15 |
16 | private static final long serialVersionUID = 1L;
17 | private final String username;
18 | private final String password;
19 | private final String scope;
20 |
21 | protected CustomCodeGrantAuthenticationToken(
22 | String granttype,
23 | Authentication clientPrincipal,
24 | Map additionalParameters) {
25 | super(new AuthorizationGrantType(granttype), clientPrincipal, additionalParameters);
26 | this.username = (String) additionalParameters.get(OAuth2ParameterNames.USERNAME);
27 | this.password = (String) additionalParameters.get(OAuth2ParameterNames.PASSWORD);
28 | this.scope = (String) additionalParameters.get(OAuth2ParameterNames.SCOPE);
29 | if (this.scope == null) {
30 | throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
31 | }
32 | }
33 |
34 | public String getUsername() {
35 | return this.username;
36 | }
37 |
38 | public String getPassword() {
39 | return this.password;
40 | }
41 |
42 | public Set getScope() {
43 | return StringUtils.commaDelimitedListToSet(scope.replace(" ", ""));
44 | }
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=9000
2 |
3 |
--------------------------------------------------------------------------------
/SpringAuthorizationServerCustomPasswordGrantType/src/test/java/willydekeyser/SpringAuthorizationServerCustomPasswordGrantTypeApplicationTests.java:
--------------------------------------------------------------------------------
1 | package willydekeyser;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class SpringAuthorizationServerCustomPasswordGrantTypeApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/.gitignore:
--------------------------------------------------------------------------------
1 | HELP.md
2 | target/
3 | !.mvn/wrapper/maven-wrapper.jar
4 | !**/src/main/**/target/
5 | !**/src/test/**/target/
6 |
7 | ### STS ###
8 | .apt_generated
9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 | .sts4-cache
15 |
16 | ### IntelliJ IDEA ###
17 | .idea
18 | *.iws
19 | *.iml
20 | *.ipr
21 |
22 | ### NetBeans ###
23 | /nbproject/private/
24 | /nbbuild/
25 | /dist/
26 | /nbdist/
27 | /.nb-gradle/
28 | build/
29 | !**/src/main/**/build/
30 | !**/src/test/**/build/
31 |
32 | ### VS Code ###
33 | .vscode/
34 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wdkeyser02/SpringAuthorizationServerCustomPasswordGrantType/fc8ccd590ff10f4e582d961389078e151831d2a3/SpringResourceServerCustomPasswordGrantType/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar
3 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # https://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Apache Maven Wrapper startup batch script, version 3.2.0
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | # e.g. to debug Maven itself, use
32 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | # ----------------------------------------------------------------------------
35 |
36 | if [ -z "$MAVEN_SKIP_RC" ] ; then
37 |
38 | if [ -f /usr/local/etc/mavenrc ] ; then
39 | . /usr/local/etc/mavenrc
40 | fi
41 |
42 | if [ -f /etc/mavenrc ] ; then
43 | . /etc/mavenrc
44 | fi
45 |
46 | if [ -f "$HOME/.mavenrc" ] ; then
47 | . "$HOME/.mavenrc"
48 | fi
49 |
50 | fi
51 |
52 | # OS specific support. $var _must_ be set to either true or false.
53 | cygwin=false;
54 | darwin=false;
55 | mingw=false
56 | case "$(uname)" in
57 | CYGWIN*) cygwin=true ;;
58 | MINGW*) mingw=true;;
59 | Darwin*) darwin=true
60 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
61 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
62 | if [ -z "$JAVA_HOME" ]; then
63 | if [ -x "/usr/libexec/java_home" ]; then
64 | JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME
65 | else
66 | JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
67 | fi
68 | fi
69 | ;;
70 | esac
71 |
72 | if [ -z "$JAVA_HOME" ] ; then
73 | if [ -r /etc/gentoo-release ] ; then
74 | JAVA_HOME=$(java-config --jre-home)
75 | fi
76 | fi
77 |
78 | # For Cygwin, ensure paths are in UNIX format before anything is touched
79 | if $cygwin ; then
80 | [ -n "$JAVA_HOME" ] &&
81 | JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
82 | [ -n "$CLASSPATH" ] &&
83 | CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
84 | fi
85 |
86 | # For Mingw, ensure paths are in UNIX format before anything is touched
87 | if $mingw ; then
88 | [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] &&
89 | JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)"
90 | fi
91 |
92 | if [ -z "$JAVA_HOME" ]; then
93 | javaExecutable="$(which javac)"
94 | if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then
95 | # readlink(1) is not available as standard on Solaris 10.
96 | readLink=$(which readlink)
97 | if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
98 | if $darwin ; then
99 | javaHome="$(dirname "\"$javaExecutable\"")"
100 | javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac"
101 | else
102 | javaExecutable="$(readlink -f "\"$javaExecutable\"")"
103 | fi
104 | javaHome="$(dirname "\"$javaExecutable\"")"
105 | javaHome=$(expr "$javaHome" : '\(.*\)/bin')
106 | JAVA_HOME="$javaHome"
107 | export JAVA_HOME
108 | fi
109 | fi
110 | fi
111 |
112 | if [ -z "$JAVACMD" ] ; then
113 | if [ -n "$JAVA_HOME" ] ; then
114 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
115 | # IBM's JDK on AIX uses strange locations for the executables
116 | JAVACMD="$JAVA_HOME/jre/sh/java"
117 | else
118 | JAVACMD="$JAVA_HOME/bin/java"
119 | fi
120 | else
121 | JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)"
122 | fi
123 | fi
124 |
125 | if [ ! -x "$JAVACMD" ] ; then
126 | echo "Error: JAVA_HOME is not defined correctly." >&2
127 | echo " We cannot execute $JAVACMD" >&2
128 | exit 1
129 | fi
130 |
131 | if [ -z "$JAVA_HOME" ] ; then
132 | echo "Warning: JAVA_HOME environment variable is not set."
133 | fi
134 |
135 | # traverses directory structure from process work directory to filesystem root
136 | # first directory with .mvn subdirectory is considered project base directory
137 | find_maven_basedir() {
138 | if [ -z "$1" ]
139 | then
140 | echo "Path not specified to find_maven_basedir"
141 | return 1
142 | fi
143 |
144 | basedir="$1"
145 | wdir="$1"
146 | while [ "$wdir" != '/' ] ; do
147 | if [ -d "$wdir"/.mvn ] ; then
148 | basedir=$wdir
149 | break
150 | fi
151 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
152 | if [ -d "${wdir}" ]; then
153 | wdir=$(cd "$wdir/.." || exit 1; pwd)
154 | fi
155 | # end of workaround
156 | done
157 | printf '%s' "$(cd "$basedir" || exit 1; pwd)"
158 | }
159 |
160 | # concatenates all lines of a file
161 | concat_lines() {
162 | if [ -f "$1" ]; then
163 | # Remove \r in case we run on Windows within Git Bash
164 | # and check out the repository with auto CRLF management
165 | # enabled. Otherwise, we may read lines that are delimited with
166 | # \r\n and produce $'-Xarg\r' rather than -Xarg due to word
167 | # splitting rules.
168 | tr -s '\r\n' ' ' < "$1"
169 | fi
170 | }
171 |
172 | log() {
173 | if [ "$MVNW_VERBOSE" = true ]; then
174 | printf '%s\n' "$1"
175 | fi
176 | }
177 |
178 | BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
179 | if [ -z "$BASE_DIR" ]; then
180 | exit 1;
181 | fi
182 |
183 | MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
184 | log "$MAVEN_PROJECTBASEDIR"
185 |
186 | ##########################################################################################
187 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
188 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
189 | ##########################################################################################
190 | wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
191 | if [ -r "$wrapperJarPath" ]; then
192 | log "Found $wrapperJarPath"
193 | else
194 | log "Couldn't find $wrapperJarPath, downloading it ..."
195 |
196 | if [ -n "$MVNW_REPOURL" ]; then
197 | wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
198 | else
199 | wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
200 | fi
201 | while IFS="=" read -r key value; do
202 | # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
203 | safeValue=$(echo "$value" | tr -d '\r')
204 | case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;;
205 | esac
206 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
207 | log "Downloading from: $wrapperUrl"
208 |
209 | if $cygwin; then
210 | wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
211 | fi
212 |
213 | if command -v wget > /dev/null; then
214 | log "Found wget ... using wget"
215 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
216 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
217 | wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
218 | else
219 | wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
220 | fi
221 | elif command -v curl > /dev/null; then
222 | log "Found curl ... using curl"
223 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
224 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
225 | curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
226 | else
227 | curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
228 | fi
229 | else
230 | log "Falling back to using Java to download"
231 | javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
232 | javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
233 | # For Cygwin, switch paths to Windows format before running javac
234 | if $cygwin; then
235 | javaSource=$(cygpath --path --windows "$javaSource")
236 | javaClass=$(cygpath --path --windows "$javaClass")
237 | fi
238 | if [ -e "$javaSource" ]; then
239 | if [ ! -e "$javaClass" ]; then
240 | log " - Compiling MavenWrapperDownloader.java ..."
241 | ("$JAVA_HOME/bin/javac" "$javaSource")
242 | fi
243 | if [ -e "$javaClass" ]; then
244 | log " - Running MavenWrapperDownloader.java ..."
245 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
246 | fi
247 | fi
248 | fi
249 | fi
250 | ##########################################################################################
251 | # End of extension
252 | ##########################################################################################
253 |
254 | # If specified, validate the SHA-256 sum of the Maven wrapper jar file
255 | wrapperSha256Sum=""
256 | while IFS="=" read -r key value; do
257 | case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;
258 | esac
259 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
260 | if [ -n "$wrapperSha256Sum" ]; then
261 | wrapperSha256Result=false
262 | if command -v sha256sum > /dev/null; then
263 | if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then
264 | wrapperSha256Result=true
265 | fi
266 | elif command -v shasum > /dev/null; then
267 | if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then
268 | wrapperSha256Result=true
269 | fi
270 | else
271 | echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available."
272 | echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties."
273 | exit 1
274 | fi
275 | if [ $wrapperSha256Result = false ]; then
276 | echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2
277 | echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2
278 | echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
279 | exit 1
280 | fi
281 | fi
282 |
283 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
284 |
285 | # For Cygwin, switch paths to Windows format before running java
286 | if $cygwin; then
287 | [ -n "$JAVA_HOME" ] &&
288 | JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
289 | [ -n "$CLASSPATH" ] &&
290 | CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
291 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
292 | MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
293 | fi
294 |
295 | # Provide a "standardized" way to retrieve the CLI args that will
296 | # work with both Windows and non-Windows executions.
297 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
298 | export MAVEN_CMD_LINE_ARGS
299 |
300 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
301 |
302 | # shellcheck disable=SC2086 # safe args
303 | exec "$JAVACMD" \
304 | $MAVEN_OPTS \
305 | $MAVEN_DEBUG_OPTS \
306 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
307 | "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
308 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
309 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM https://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Apache Maven Wrapper startup batch script, version 3.2.0
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
28 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
29 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
30 | @REM e.g. to debug Maven itself, use
31 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
32 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
33 | @REM ----------------------------------------------------------------------------
34 |
35 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
36 | @echo off
37 | @REM set title of command window
38 | title %0
39 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
40 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
41 |
42 | @REM set %HOME% to equivalent of $HOME
43 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
44 |
45 | @REM Execute a user defined script before this one
46 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
47 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
48 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
49 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
50 | :skipRcPre
51 |
52 | @setlocal
53 |
54 | set ERROR_CODE=0
55 |
56 | @REM To isolate internal variables from possible post scripts, we use another setlocal
57 | @setlocal
58 |
59 | @REM ==== START VALIDATION ====
60 | if not "%JAVA_HOME%" == "" goto OkJHome
61 |
62 | echo.
63 | echo Error: JAVA_HOME not found in your environment. >&2
64 | echo Please set the JAVA_HOME variable in your environment to match the >&2
65 | echo location of your Java installation. >&2
66 | echo.
67 | goto error
68 |
69 | :OkJHome
70 | if exist "%JAVA_HOME%\bin\java.exe" goto init
71 |
72 | echo.
73 | echo Error: JAVA_HOME is set to an invalid directory. >&2
74 | echo JAVA_HOME = "%JAVA_HOME%" >&2
75 | echo Please set the JAVA_HOME variable in your environment to match the >&2
76 | echo location of your Java installation. >&2
77 | echo.
78 | goto error
79 |
80 | @REM ==== END VALIDATION ====
81 |
82 | :init
83 |
84 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
85 | @REM Fallback to current working directory if not found.
86 |
87 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
88 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
89 |
90 | set EXEC_DIR=%CD%
91 | set WDIR=%EXEC_DIR%
92 | :findBaseDir
93 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
94 | cd ..
95 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
96 | set WDIR=%CD%
97 | goto findBaseDir
98 |
99 | :baseDirFound
100 | set MAVEN_PROJECTBASEDIR=%WDIR%
101 | cd "%EXEC_DIR%"
102 | goto endDetectBaseDir
103 |
104 | :baseDirNotFound
105 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
106 | cd "%EXEC_DIR%"
107 |
108 | :endDetectBaseDir
109 |
110 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
111 |
112 | @setlocal EnableExtensions EnableDelayedExpansion
113 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
114 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
115 |
116 | :endReadAdditionalConfig
117 |
118 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
123 |
124 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
125 | IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
126 | )
127 |
128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
130 | if exist %WRAPPER_JAR% (
131 | if "%MVNW_VERBOSE%" == "true" (
132 | echo Found %WRAPPER_JAR%
133 | )
134 | ) else (
135 | if not "%MVNW_REPOURL%" == "" (
136 | SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
137 | )
138 | if "%MVNW_VERBOSE%" == "true" (
139 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
140 | echo Downloading from: %WRAPPER_URL%
141 | )
142 |
143 | powershell -Command "&{"^
144 | "$webclient = new-object System.Net.WebClient;"^
145 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
146 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
147 | "}"^
148 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
149 | "}"
150 | if "%MVNW_VERBOSE%" == "true" (
151 | echo Finished downloading %WRAPPER_JAR%
152 | )
153 | )
154 | @REM End of extension
155 |
156 | @REM If specified, validate the SHA-256 sum of the Maven wrapper jar file
157 | SET WRAPPER_SHA_256_SUM=""
158 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
159 | IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B
160 | )
161 | IF NOT %WRAPPER_SHA_256_SUM%=="" (
162 | powershell -Command "&{"^
163 | "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^
164 | "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^
165 | " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^
166 | " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^
167 | " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^
168 | " exit 1;"^
169 | "}"^
170 | "}"
171 | if ERRORLEVEL 1 goto error
172 | )
173 |
174 | @REM Provide a "standardized" way to retrieve the CLI args that will
175 | @REM work with both Windows and non-Windows executions.
176 | set MAVEN_CMD_LINE_ARGS=%*
177 |
178 | %MAVEN_JAVA_EXE% ^
179 | %JVM_CONFIG_MAVEN_PROPS% ^
180 | %MAVEN_OPTS% ^
181 | %MAVEN_DEBUG_OPTS% ^
182 | -classpath %WRAPPER_JAR% ^
183 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
184 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
185 | if ERRORLEVEL 1 goto error
186 | goto end
187 |
188 | :error
189 | set ERROR_CODE=1
190 |
191 | :end
192 | @endlocal & set ERROR_CODE=%ERROR_CODE%
193 |
194 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
195 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
196 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
197 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
198 | :skipRcPost
199 |
200 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
201 | if "%MAVEN_BATCH_PAUSE%"=="on" pause
202 |
203 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
204 |
205 | cmd /C exit /B %ERROR_CODE%
206 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 3.1.5
9 |
10 |
11 | willydekeyser
12 | SpringResourceServerCustomPasswordGrantType
13 | 0.0.1
14 | SpringResourceServerCustomPasswordGrantType
15 | Spring Resource Server Custom Password Grant Type
16 |
17 | 21
18 |
19 |
20 |
21 | org.springframework.boot
22 | spring-boot-starter-oauth2-resource-server
23 |
24 |
25 | org.springframework.boot
26 | spring-boot-starter-web
27 |
28 |
29 |
30 | org.springframework.boot
31 | spring-boot-starter-test
32 | test
33 |
34 |
35 |
36 |
37 |
38 |
39 | org.springframework.boot
40 | spring-boot-maven-plugin
41 |
42 |
43 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/src/main/java/willydekeyser/SpringResourceServerCustomPasswordGrantTypeApplication.java:
--------------------------------------------------------------------------------
1 | package willydekeyser;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class SpringResourceServerCustomPasswordGrantTypeApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(SpringResourceServerCustomPasswordGrantTypeApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/src/main/java/willydekeyser/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package willydekeyser.config;
2 |
3 | import org.springframework.beans.factory.annotation.Value;
4 | import org.springframework.context.annotation.Bean;
5 | import org.springframework.context.annotation.Configuration;
6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7 | import org.springframework.security.oauth2.jwt.JwtDecoders;
8 | import org.springframework.security.web.SecurityFilterChain;
9 |
10 | @Configuration
11 | public class SecurityConfig {
12 |
13 | @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
14 | String issuerUri;
15 |
16 | @Bean
17 | SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
18 | return http
19 | .authorizeHttpRequests(auth -> auth
20 | .anyRequest().authenticated())
21 | .oauth2ResourceServer(oauth2 -> oauth2
22 | .jwt(jwt -> jwt.decoder(JwtDecoders.fromIssuerLocation(issuerUri))))
23 | .build();
24 | }
25 | }
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/src/main/java/willydekeyser/controller/HomeController.java:
--------------------------------------------------------------------------------
1 | package willydekeyser.controller;
2 |
3 | import org.springframework.security.core.Authentication;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.RequestMapping;
6 | import org.springframework.web.bind.annotation.RestController;
7 |
8 | @RestController
9 | @RequestMapping("/resourceserver01")
10 | public class HomeController {
11 |
12 | @GetMapping("/")
13 | public String home(Authentication authentication) {
14 | return "Spring Resource Server 01: " + authentication.getName();
15 | }
16 | }
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | server:
2 | port: 8091
3 |
4 | spring:
5 | application:
6 | name: resourceserver01
7 | security:
8 | oauth2:
9 | resourceserver:
10 | jwt:
11 | issuer-uri: http://localhost:9000
12 |
--------------------------------------------------------------------------------
/SpringResourceServerCustomPasswordGrantType/src/test/java/willydekeyser/SpringResourceServerCustomPasswordGrantTypeApplicationTests.java:
--------------------------------------------------------------------------------
1 | package willydekeyser;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class SpringResourceServerCustomPasswordGrantTypeApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------