├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── src └── main │ ├── resources │ ├── application.properties │ ├── application-postgres.properties │ ├── application-mysql.properties │ └── data.sql │ └── java │ └── com │ └── zeldan │ ├── repository │ └── AccountRepository.java │ ├── DemoApplication.java │ ├── controller │ ├── UserController.java │ └── AdminController.java │ ├── security │ ├── config │ │ ├── PasswordEncoderConfiguration.java │ │ ├── WebSecurityConfiguration.java │ │ └── OAuth2ServerConfiguration.java │ ├── AccountAuthenticationProvider.java │ └── CustomUserDetailsService.java │ └── model │ ├── Privilege.java │ ├── Role.java │ └── Account.java ├── .gitignore ├── pom.xml ├── README.md ├── mvnw.cmd ├── mvnw └── LICENSE /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zeldan/spring-boot-oauth2-password-flow/HEAD/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.6.0/apache-maven-3.6.0-bin.zip 2 | -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.jpa.hibernate.ddlAuto=update 2 | 3 | # Do not show warning during schema creation 4 | logging.level.org.hibernate.tool=ERROR -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | 4 | ### STS ### 5 | .apt_generated 6 | .classpath 7 | .factorypath 8 | .project 9 | .settings 10 | .springBeans 11 | .sts4-cache 12 | 13 | ### IntelliJ IDEA ### 14 | .idea 15 | *.iws 16 | *.iml 17 | *.ipr 18 | 19 | ### NetBeans ### 20 | nbproject/private/ 21 | build/ 22 | nbbuild/ 23 | dist/ 24 | nbdist/ 25 | .nb-gradle/ -------------------------------------------------------------------------------- /src/main/java/com/zeldan/repository/AccountRepository.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.repository; 2 | 3 | import com.zeldan.model.Account; 4 | import org.springframework.data.jpa.repository.JpaRepository; 5 | 6 | import java.util.Optional; 7 | 8 | public interface AccountRepository extends JpaRepository { 9 | 10 | Optional findByUsername(String username); 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/DemoApplication.java: -------------------------------------------------------------------------------- 1 | package com.zeldan; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class DemoApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(DemoApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /src/main/resources/application-postgres.properties: -------------------------------------------------------------------------------- 1 | spring.datasource.url= jdbc:postgresql://localhost:5432/zeldan 2 | spring.datasource.username=postgres 3 | spring.datasource.password=postgres 4 | spring.datasource.initialization-mode=always 5 | spring.jpa.hibernate.ddlAuto=create 6 | spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults = false 7 | spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.PostgreSQLDialect -------------------------------------------------------------------------------- /src/main/resources/application-mysql.properties: -------------------------------------------------------------------------------- 1 | spring.datasource.url= jdbc:mysql://localhost:3306/zeldan?serverTimezone=UTC 2 | spring.datasource.username=root 3 | spring.datasource.password=admin 4 | spring.datasource.initialization-mode=always 5 | spring.jpa.hibernate.ddlAuto=create 6 | spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults = false 7 | spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5InnoDBDialect -------------------------------------------------------------------------------- /src/main/java/com/zeldan/controller/UserController.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.controller; 2 | 3 | import org.springframework.security.access.prepost.PreAuthorize; 4 | import org.springframework.web.bind.annotation.GetMapping; 5 | import org.springframework.web.bind.annotation.RestController; 6 | 7 | @RestController 8 | public class UserController { 9 | 10 | @GetMapping("/user") 11 | @PreAuthorize("hasAuthority('PRIVILEGE_USER_READ')") 12 | public String user() { 13 | return "user can access this endpoint"; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/controller/AdminController.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.controller; 2 | 3 | import org.springframework.security.access.prepost.PreAuthorize; 4 | import org.springframework.web.bind.annotation.GetMapping; 5 | import org.springframework.web.bind.annotation.RestController; 6 | 7 | @RestController 8 | public class AdminController { 9 | 10 | @GetMapping("/admin") 11 | @PreAuthorize("hasAuthority('PRIVILEGE_ADMIN_READ')") 12 | public String admin() { 13 | return "admin can access this endpoint"; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/security/config/PasswordEncoderConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.security.config; 2 | 3 | import org.springframework.context.annotation.Bean; 4 | import org.springframework.context.annotation.Configuration; 5 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 6 | import org.springframework.security.crypto.password.PasswordEncoder; 7 | 8 | @Configuration 9 | public class PasswordEncoderConfiguration { 10 | 11 | @Bean 12 | public PasswordEncoder passwordEncoder() { 13 | return new BCryptPasswordEncoder(); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/model/Privilege.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.model; 2 | 3 | import javax.persistence.Entity; 4 | import javax.persistence.GeneratedValue; 5 | import javax.persistence.Id; 6 | 7 | @Entity 8 | public class Privilege { 9 | 10 | @Id 11 | @GeneratedValue 12 | private long privilegeId; 13 | 14 | private String name; 15 | 16 | private String description; 17 | 18 | public long getPrivilegeId() { 19 | return privilegeId; 20 | } 21 | 22 | public void setPrivilegeId(long privilegeId) { 23 | this.privilegeId = privilegeId; 24 | } 25 | 26 | public String getName() { 27 | return name; 28 | } 29 | 30 | public void setName(String name) { 31 | this.name = name; 32 | } 33 | 34 | public String getDescription() { 35 | return description; 36 | } 37 | 38 | public void setDescription(String description) { 39 | this.description = description; 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /src/main/resources/data.sql: -------------------------------------------------------------------------------- 1 | INSERT INTO privilege (privilege_id, name, description) VALUES (1, 'PRIVILEGE_ADMIN_READ', 'description for privilege admin read'); 2 | INSERT INTO privilege (privilege_id, name, description) VALUES (2, 'PRIVILEGE_USER_READ', 'description for privilege user read'); 3 | 4 | INSERT INTO role (role_id, name, description) VALUES (1, 'ROLE_ADMIN', 'description for role admin'); 5 | INSERT INTO role (role_id, name, description) VALUES (2, 'ROLE_USER', 'description for role user'); 6 | 7 | INSERT INTO role_privileges (role_role_id, privileges_privilege_id) VALUES (1, 1); 8 | INSERT INTO role_privileges (role_role_id, privileges_privilege_id) VALUES (2, 2); 9 | 10 | INSERT INTO account (id, enabled, username, password) VALUES (1, true, 'admin', '$2a$10$MTFVrdqbHOi.CCUhkrkZnOBdrZEfk3gzIUyZBdQvLWvdF/0pnkEO2'); 11 | INSERT INTO account (id, enabled, username, password) VALUES (2, true, 'user', '$2a$10$6KDklkImZgGANWR8pDAwSexf6Bt4Z9I0nDiwdih9Q38HI4eAkWk0u'); 12 | 13 | INSERT INTO account_roles (account_id, roles_role_id) VALUES (1, 1); 14 | INSERT INTO account_roles (account_id, roles_role_id) VALUES (2, 2); -------------------------------------------------------------------------------- /src/main/java/com/zeldan/model/Role.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.model; 2 | 3 | import javax.persistence.Entity; 4 | import javax.persistence.GeneratedValue; 5 | import javax.persistence.Id; 6 | import javax.persistence.ManyToMany; 7 | import java.util.HashSet; 8 | import java.util.Set; 9 | 10 | import static javax.persistence.FetchType.LAZY; 11 | 12 | @Entity 13 | public class Role { 14 | 15 | @Id 16 | @GeneratedValue 17 | private Long roleId; 18 | 19 | private String name; 20 | 21 | private String description; 22 | 23 | @ManyToMany(fetch = LAZY) 24 | private Set privileges = new HashSet<>(0); 25 | 26 | public Long getRoleId() { 27 | return roleId; 28 | } 29 | 30 | public void setRoleId(Long roleId) { 31 | this.roleId = roleId; 32 | } 33 | 34 | public String getName() { 35 | return name; 36 | } 37 | 38 | public void setName(String name) { 39 | this.name = name; 40 | } 41 | 42 | public String getDescription() { 43 | return description; 44 | } 45 | 46 | public void setDescription(String description) { 47 | this.description = description; 48 | } 49 | 50 | public Set getPrivileges() { 51 | return privileges; 52 | } 53 | 54 | public void setPrivileges(Set privileges) { 55 | this.privileges = privileges; 56 | } 57 | 58 | } 59 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/model/Account.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.model; 2 | 3 | import javax.persistence.*; 4 | import java.util.Set; 5 | 6 | @Entity 7 | public class Account { 8 | 9 | @Id 10 | @GeneratedValue 11 | private Long id; 12 | 13 | @Column(unique = true) 14 | private String username; 15 | 16 | private String password; 17 | 18 | @ManyToMany(fetch = FetchType.LAZY) 19 | private Set roles; 20 | 21 | private boolean enabled = true; 22 | 23 | public Account() { 24 | 25 | } 26 | 27 | public Long getId() { 28 | return id; 29 | } 30 | 31 | public void setId(Long id) { 32 | this.id = id; 33 | } 34 | 35 | public String getUsername() { 36 | return username; 37 | } 38 | 39 | public void setUsername(String username) { 40 | this.username = username; 41 | } 42 | 43 | public String getPassword() { 44 | return password; 45 | } 46 | 47 | public void setPassword(String password) { 48 | this.password = password; 49 | } 50 | 51 | public Set getRoles() { 52 | return roles; 53 | } 54 | 55 | public void setRoles(Set roles) { 56 | this.roles = roles; 57 | } 58 | 59 | public boolean isEnabled() { 60 | return enabled; 61 | } 62 | 63 | public void setEnabled(boolean enabled) { 64 | this.enabled = enabled; 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/security/AccountAuthenticationProvider.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.security; 2 | 3 | import org.springframework.security.authentication.BadCredentialsException; 4 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 5 | import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider; 6 | import org.springframework.security.core.AuthenticationException; 7 | import org.springframework.security.core.userdetails.UserDetails; 8 | import org.springframework.security.crypto.password.PasswordEncoder; 9 | import org.springframework.stereotype.Component; 10 | 11 | @Component 12 | public class AccountAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { 13 | 14 | private final CustomUserDetailsService userDetailsService; 15 | 16 | private final PasswordEncoder passwordEncoder; 17 | 18 | public AccountAuthenticationProvider(CustomUserDetailsService userDetailsService, PasswordEncoder passwordEncoder) { 19 | this.userDetailsService = userDetailsService; 20 | this.passwordEncoder = passwordEncoder; 21 | } 22 | 23 | @Override 24 | protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken token) 25 | throws AuthenticationException { 26 | if (token.getCredentials() == null || userDetails.getPassword() == null) { 27 | throw new BadCredentialsException("Credentials may not be null."); 28 | } 29 | if (!passwordEncoder.matches((String) token.getCredentials(), userDetails.getPassword())) { 30 | throw new BadCredentialsException("Invalid credentials."); 31 | } 32 | } 33 | 34 | @Override 35 | protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException { 36 | return userDetailsService.loadUserByUsername(username); 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/security/config/WebSecurityConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.security.config; 2 | 3 | import com.zeldan.security.AccountAuthenticationProvider; 4 | import com.zeldan.security.CustomUserDetailsService; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.context.annotation.Configuration; 7 | import org.springframework.security.authentication.AuthenticationManager; 8 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 9 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 12 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; 13 | 14 | @Configuration 15 | @EnableWebSecurity 16 | @EnableGlobalMethodSecurity(prePostEnabled = true) 17 | public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { 18 | 19 | private static final String SIGNING_KEY = "s1f41234pwqdqkl4l12ghg9853123sd"; 20 | 21 | private final CustomUserDetailsService userDetailsService; 22 | 23 | private final AccountAuthenticationProvider accountAuthenticationProvider; 24 | 25 | public WebSecurityConfiguration(CustomUserDetailsService userDetailsService, AccountAuthenticationProvider accountAuthenticationProvider) { 26 | this.userDetailsService = userDetailsService; 27 | this.accountAuthenticationProvider = accountAuthenticationProvider; 28 | } 29 | 30 | @Override 31 | protected void configure(AuthenticationManagerBuilder auth) throws Exception { 32 | auth.userDetailsService(userDetailsService); 33 | auth.authenticationProvider(accountAuthenticationProvider); 34 | } 35 | 36 | @Override 37 | @Bean 38 | public AuthenticationManager authenticationManagerBean() throws Exception { 39 | return super.authenticationManagerBean(); 40 | } 41 | 42 | @Bean 43 | public JwtAccessTokenConverter jwtAccessTokenConverter() { 44 | JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); 45 | jwtAccessTokenConverter.setSigningKey(SIGNING_KEY); 46 | return jwtAccessTokenConverter; 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | com.zeldan 8 | com.zeldan 9 | 0.0.1-SNAPSHOT 10 | jar 11 | 12 | com.zeldan 13 | Demo project for Spring Boot OAuth 2 password flow 14 | 15 | 16 | org.springframework.boot 17 | spring-boot-starter-parent 18 | 2.1.7.RELEASE 19 | 20 | 21 | 22 | 23 | UTF-8 24 | UTF-8 25 | 1.8 26 | 27 | 28 | 29 | 30 | org.springframework.boot 31 | spring-boot-starter 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-starter-web 36 | 37 | 38 | org.springframework.boot 39 | spring-boot-starter-data-jpa 40 | 41 | 42 | org.springframework.boot 43 | spring-boot-starter-security 44 | 45 | 46 | org.springframework.security.oauth.boot 47 | spring-security-oauth2-autoconfigure 48 | 2.1.7.RELEASE 49 | 50 | 51 | org.hsqldb 52 | hsqldb 53 | 54 | 55 | org.postgresql 56 | postgresql 57 | 58 | 59 | mysql 60 | mysql-connector-java 61 | 62 | 63 | 64 | 65 | 66 | 67 | org.springframework.boot 68 | spring-boot-maven-plugin 69 | 70 | 71 | 72 | 73 | 74 | -------------------------------------------------------------------------------- /src/main/java/com/zeldan/security/CustomUserDetailsService.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.security; 2 | 3 | import com.zeldan.model.Account; 4 | import com.zeldan.model.Privilege; 5 | import com.zeldan.model.Role; 6 | import com.zeldan.repository.AccountRepository; 7 | import org.springframework.security.core.GrantedAuthority; 8 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 9 | import org.springframework.security.core.userdetails.User; 10 | import org.springframework.security.core.userdetails.UserDetails; 11 | import org.springframework.security.core.userdetails.UserDetailsService; 12 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 13 | import org.springframework.stereotype.Service; 14 | import org.springframework.transaction.annotation.Transactional; 15 | 16 | import java.util.Collection; 17 | import java.util.List; 18 | import java.util.Optional; 19 | import java.util.Set; 20 | 21 | import static java.util.stream.Collectors.toList; 22 | 23 | @Service 24 | @Transactional 25 | public class CustomUserDetailsService implements UserDetailsService { 26 | 27 | private final AccountRepository accountRepository; 28 | 29 | public CustomUserDetailsService(AccountRepository accountRepository) { 30 | this.accountRepository = accountRepository; 31 | } 32 | 33 | @Override 34 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 35 | Optional accountByUsername = accountRepository.findByUsername(username); 36 | if (!accountByUsername.isPresent()) { 37 | throw new UsernameNotFoundException("User " + username + " not found."); 38 | } 39 | Account account = accountByUsername.get(); 40 | if (account.getRoles() == null || account.getRoles().isEmpty()) { 41 | throw new UsernameNotFoundException("User not authorized."); 42 | } 43 | return new User(account.getUsername(), account.getPassword(), account.isEnabled(), true, true, true, getAuthorities(account.getRoles())); 44 | } 45 | 46 | private Collection getAuthorities(Collection roles) { 47 | return getGrantedAuthorities(getPrivileges(roles)); 48 | } 49 | 50 | private List getPrivileges(Collection roles) { 51 | List privileges = roles.stream() 52 | .map(Role::getPrivileges) 53 | .flatMap(Set::stream) 54 | .collect(toList()); 55 | return privileges.stream() 56 | .map(Privilege::getName) 57 | .collect(toList()); 58 | } 59 | 60 | private List getGrantedAuthorities(List privileges) { 61 | return privileges.stream() 62 | .map(SimpleGrantedAuthority::new) 63 | .collect(toList()); 64 | } 65 | 66 | } -------------------------------------------------------------------------------- /src/main/java/com/zeldan/security/config/OAuth2ServerConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.zeldan.security.config; 2 | 3 | import org.springframework.context.annotation.Configuration; 4 | import org.springframework.security.authentication.AuthenticationManager; 5 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 6 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 7 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 8 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 9 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 10 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 11 | import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; 12 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 13 | import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; 14 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; 15 | import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; 16 | 17 | @Configuration 18 | public class OAuth2ServerConfiguration { 19 | 20 | @Configuration 21 | @EnableResourceServer 22 | protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { 23 | 24 | private final JwtAccessTokenConverter jwtAccessTokenConverter; 25 | 26 | public ResourceServerConfiguration(JwtAccessTokenConverter jwtAccessTokenConverter) { 27 | this.jwtAccessTokenConverter = jwtAccessTokenConverter; 28 | } 29 | 30 | @Override 31 | public void configure(ResourceServerSecurityConfigurer resources) { 32 | resources 33 | .tokenStore(new JwtTokenStore(jwtAccessTokenConverter)); 34 | } 35 | 36 | @Override 37 | public void configure(HttpSecurity http) throws Exception { 38 | http 39 | .csrf().disable() 40 | .authorizeRequests() 41 | .anyRequest() 42 | .authenticated(); 43 | } 44 | } 45 | 46 | @Configuration 47 | @EnableAuthorizationServer 48 | protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { 49 | 50 | private final JwtAccessTokenConverter jwtAccessTokenConverter; 51 | 52 | private final BCryptPasswordEncoder passwordEncoder; 53 | 54 | private final AuthenticationManager authenticationManager; 55 | 56 | public AuthorizationServerConfiguration(JwtAccessTokenConverter jwtAccessTokenConverter, 57 | BCryptPasswordEncoder passwordEncoder, 58 | AuthenticationManager authenticationManager) { 59 | this.jwtAccessTokenConverter = jwtAccessTokenConverter; 60 | this.passwordEncoder = passwordEncoder; 61 | this.authenticationManager = authenticationManager; 62 | } 63 | 64 | @Override 65 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) { 66 | endpoints 67 | .tokenStore(new JwtTokenStore(jwtAccessTokenConverter)) 68 | .authenticationManager(authenticationManager) 69 | .accessTokenConverter(jwtAccessTokenConverter); 70 | } 71 | 72 | @Override 73 | public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 74 | clients 75 | .inMemory() 76 | .withClient("client") 77 | .secret(passwordEncoder.encode("secret")) 78 | .authorizedGrantTypes("password", "refresh_token") 79 | .scopes("read", "write"); 80 | } 81 | 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # spring-boot-oauth2-password-flow 2 | 3 | It is a Spring Boot application, that contains all necessary configurations to be able to try oauth2 authorization (password flow). 4 | It uses JWT token key for the authorization. 5 | 6 | There is a **hsql** embedded database in the application by default, and it contains two default users (they are uploaded by **resources/data.sql**) 7 | 8 | **admin / admin** 9 | - role: ROLE_ADMIN 10 | - privilege: PRIVILEGE_ADMIN_READ 11 | 12 | **user / user** 13 | - role: ROLE_USER 14 | - privilege: PRIVILEGE_USER_READ 15 | 16 | You can choose postgres or mysql instead of hsql, you have to change active spring profile to **postgres** or **mysql**. 17 | 18 | ## Try it 19 | 20 | 1. Init database (postgresql / mysql sql shell) 21 | ``` 22 | CREATE DATABASE zeldan; 23 | ``` 24 | 25 | 2. start the spring-boot app 26 | 27 | ```mvnw spring-boot:run ``` 28 | 29 | OR 30 | 31 | ```mvnw spring-boot:run -Dspring.profiles.active=postgres``` 32 | 33 | OR 34 | 35 | ```mvnw spring-boot:run -Dspring.profiles.active=mysql``` 36 | 37 | 3. **get access_token** for 38 | 39 | admin 40 | 41 | ``` 42 | curl -X POST -vu client:secret http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=admin&username=admin&grant_type=password&scope=read%20write&client_secret=secret&client_id=client" 43 | ``` 44 | 45 | user 46 | 47 | ``` 48 | curl -X POST -vu client:secret http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=user&username=user&grant_type=password&scope=read%20write&client_secret=secret&client_id=client" 49 | ``` 50 | 51 | It will return with the bearer access_token. An example: 52 | ``` 53 | { 54 | "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTE0NjYxMTYsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJQUklWSUxFR0VfVVNFUl9SRUFEIl0sImp0aSI6IjQ4MDVhZGQ3LWMzNTgtNDkzMC05ODkwLTEzNjNkNjJiZmQ0ZiIsImNsaWVudF9pZCI6ImNsaWVudCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.7nMeIVuskhkmHXxX6CC6RZf9A_aXxsaoTXev6av4h64", 55 | "token_type":"bearer", 56 | "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6IjQ4MDVhZGQ3LWMzNTgtNDkzMC05ODkwLTEzNjNkNjJiZmQ0ZiIsImV4cCI6MTQ5NDAxNDkxNiwiYXV0aG9yaXRpZXMiOlsiUFJJVklMRUdFX1VTRVJfUkVBRCJdLCJqdGkiOiI2MmU0MTU3Yy1hOWNiLTRlYjMtODg1Ni0wMmJhOWI1ZjQ3OWQiLCJjbGllbnRfaWQiOiJjbGllbnQifQ.1fexTQcFC80VkqbDo5zJfCzq0vbPPvJVPp8Nr3CwH68", 57 | "expires_in":43199, 58 | "scope":"read write", 59 | "jti":"4805add7-c358-4930-9890-1363d62bfd4f"} 60 | ``` 61 | From this, you need "access_token", you can check what it contains exactly via **jwt.io**. 62 | 63 | 4. add **Authorization** header, with Bearer 64 | 65 | ``` 66 | curl -H "Authorization: bearer " http://localhost:8080/user 67 | ``` 68 | 69 | OR 70 | 71 | ``` 72 | curl -H "Authorization: bearer " http://localhost:8080/admin 73 | ``` 74 | 75 | Of course the http://localhost:8080/admin endpoint is accessible only by admin, and the http://localhost:8080/user is accessible only by user. 76 | If you try to access the wrong endpoint with your user, then you will get an error: 77 | {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} 78 | 79 | > Recommendation: 80 | > Use **Postman** instead of curl commands. 81 | 82 | ## FAQ 83 | 84 | 1. How to add new user 85 | 86 | If you want to add a new user, then you have to add a new line in data.sql: 87 | 88 | ``` 89 | INSERT INTO account (id, enabled, username, password) VALUES (3, true, , ); 90 | ``` 91 | 92 | To generate encryptedPassword, you can use online bcrypt hash generator (e.g.: https://www.dailycred.com/article/bcrypt-calculator) or you can generate it with Spring Boot BCryptPasswordEncoder (https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html). 93 | 94 | After that you have to insert new user into account_roles, based on what role you want to add to the user (role 1 = admin, role 2 = user). 95 | 96 | ``` 97 | INSERT INTO account_roles (account_id, roles_role_id) VALUES (3, 1); 98 | ``` 99 | 100 | 101 | 102 | ## Technology Stack 103 | 104 | * Java 8 105 | * Spring boot 2.1.7 106 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | set MAVEN_CMD_LINE_ARGS=%* 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | 121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar"" 122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 123 | 124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% 125 | if ERRORLEVEL 1 goto error 126 | goto end 127 | 128 | :error 129 | set ERROR_CODE=1 130 | 131 | :end 132 | @endlocal & set ERROR_CODE=%ERROR_CODE% 133 | 134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 138 | :skipRcPost 139 | 140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 142 | 143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 144 | 145 | exit /B %ERROR_CODE% -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # 58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look 59 | # for the new JDKs provided by Oracle. 60 | # 61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then 62 | # 63 | # Apple JDKs 64 | # 65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 66 | fi 67 | 68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then 69 | # 70 | # Apple JDKs 71 | # 72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 73 | fi 74 | 75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then 76 | # 77 | # Oracle JDKs 78 | # 79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 80 | fi 81 | 82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then 83 | # 84 | # Apple JDKs 85 | # 86 | export JAVA_HOME=`/usr/libexec/java_home` 87 | fi 88 | ;; 89 | esac 90 | 91 | if [ -z "$JAVA_HOME" ] ; then 92 | if [ -r /etc/gentoo-release ] ; then 93 | JAVA_HOME=`java-config --jre-home` 94 | fi 95 | fi 96 | 97 | if [ -z "$M2_HOME" ] ; then 98 | ## resolve links - $0 may be a link to maven's home 99 | PRG="$0" 100 | 101 | # need this for relative symlinks 102 | while [ -h "$PRG" ] ; do 103 | ls=`ls -ld "$PRG"` 104 | link=`expr "$ls" : '.*-> $.*$$'` 105 | if expr "$link" : '/.*' > /dev/null; then 106 | PRG="$link" 107 | else 108 | PRG="`dirname "$PRG"`/$link" 109 | fi 110 | done 111 | 112 | saveddir=`pwd` 113 | 114 | M2_HOME=`dirname "$PRG"`/.. 115 | 116 | # make it fully qualified 117 | M2_HOME=`cd "$M2_HOME" && pwd` 118 | 119 | cd "$saveddir" 120 | # echo Using m2 at $M2_HOME 121 | fi 122 | 123 | # For Cygwin, ensure paths are in UNIX format before anything is touched 124 | if $cygwin ; then 125 | [ -n "$M2_HOME" ] && 126 | M2_HOME=`cygpath --unix "$M2_HOME"` 127 | [ -n "$JAVA_HOME" ] && 128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 129 | [ -n "$CLASSPATH" ] && 130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 131 | fi 132 | 133 | # For Migwn, ensure paths are in UNIX format before anything is touched 134 | if $mingw ; then 135 | [ -n "$M2_HOME" ] && 136 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 137 | [ -n "$JAVA_HOME" ] && 138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 139 | # TODO classpath? 140 | fi 141 | 142 | if [ -z "$JAVA_HOME" ]; then 143 | javaExecutable="`which javac`" 144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '$[^ ]*$'`" = "no" ]; then 145 | # readlink(1) is not available as standard on Solaris 10. 146 | readLink=`which readlink` 147 | if [ ! `expr "$readLink" : '$[^ ]*$'` = "no" ]; then 148 | if $darwin ; then 149 | javaHome="`dirname \"$javaExecutable\"`" 150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 151 | else 152 | javaExecutable="`readlink -f \"$javaExecutable\"`" 153 | fi 154 | javaHome="`dirname \"$javaExecutable\"`" 155 | javaHome=`expr "$javaHome" : '$.*$/bin'` 156 | JAVA_HOME="$javaHome" 157 | export JAVA_HOME 158 | fi 159 | fi 160 | fi 161 | 162 | if [ -z "$JAVACMD" ] ; then 163 | if [ -n "$JAVA_HOME" ] ; then 164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 165 | # IBM's JDK on AIX uses strange locations for the executables 166 | JAVACMD="$JAVA_HOME/jre/sh/java" 167 | else 168 | JAVACMD="$JAVA_HOME/bin/java" 169 | fi 170 | else 171 | JAVACMD="`which java`" 172 | fi 173 | fi 174 | 175 | if [ ! -x "$JAVACMD" ] ; then 176 | echo "Error: JAVA_HOME is not defined correctly." >&2 177 | echo " We cannot execute $JAVACMD" >&2 178 | exit 1 179 | fi 180 | 181 | if [ -z "$JAVA_HOME" ] ; then 182 | echo "Warning: JAVA_HOME environment variable is not set." 183 | fi 184 | 185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 186 | 187 | # For Cygwin, switch paths to Windows format before running java 188 | if $cygwin; then 189 | [ -n "$M2_HOME" ] && 190 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 191 | [ -n "$JAVA_HOME" ] && 192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 193 | [ -n "$CLASSPATH" ] && 194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 195 | fi 196 | 197 | # traverses directory structure from process work directory to filesystem root 198 | # first directory with .mvn subdirectory is considered project base directory 199 | find_maven_basedir() { 200 | local basedir=$(pwd) 201 | local wdir=$(pwd) 202 | while [ "$wdir" != '/' ] ; do 203 | if [ -d "$wdir"/.mvn ] ; then 204 | basedir=$wdir 205 | break 206 | fi 207 | wdir=$(cd "$wdir/.."; pwd) 208 | done 209 | echo "${basedir}" 210 | } 211 | 212 | # concatenates all lines of a file 213 | concat_lines() { 214 | if [ -f "$1" ]; then 215 | echo "$(tr -s '\n' ' ' < "$1")" 216 | fi 217 | } 218 | 219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} 220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 221 | 222 | # Provide a "standardized" way to retrieve the CLI args that will 223 | # work with both Windows and non-Windows executions. 224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 225 | export MAVEN_CMD_LINE_ARGS 226 | 227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 228 | 229 | exec "$JAVACMD" \ 230 | $MAVEN_OPTS \ 231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 233 | ${WRAPPER_LAUNCHER} "$@" 234 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------