forked from spring-attic/spring-security-oauth
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Dave Syer
committed
Jun 11, 2014
1 parent
4145668
commit 3249391
Showing
235 changed files
with
9,988 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ _site/ | |
samples/*/*/src/main/webapp/META-INF/ | ||
build/ | ||
target/ | ||
bin/ | ||
.classpath | ||
.project | ||
.DS_Store | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
This project contains a selection of minimal apps that are functional | ||
OAuth2 Authorization Servers (token issuer) and Resource Servers | ||
(protected API). (You could split the two roles across two | ||
applications if you preferred.) It uses | ||
[Spring Boot](https://github.com/spring-projects/spring-boot) to | ||
provide an embedded servlet container and for defaulting a load of | ||
configuration, so you should be up and running very quickly. There are | ||
integration tests proving that it works and also showing you how to | ||
access it with the Spring `RestTemplate` API. | ||
|
||
The apps are in subdirectories: | ||
|
||
* vanilla - a basic, no-frills Authorization Server and Resource Server | ||
|
||
* jwt - uses Json Web Tokens as the token format | ||
|
||
* mappings - changes the default values for the endpoint paths and the | ||
protected resource paths | ||
|
||
* approval - an auth server with granular approvals (per scope) | ||
|
||
* jdbc - uses JDBC stores for everything | ||
|
||
* form - an auth server that accepts form-based client authentication | ||
|
||
* multi - an auth server and multiple Resource Servers in one app | ||
|
||
* resource - a pure Resoure Server (needs to be paired with an auth | ||
server and share a token store) | ||
|
||
* client - a simple client app | ||
|
||
The client is wired to the other servers as long as they run on the | ||
default port of 8080. | ||
|
||
|
||
## Building and Running | ||
|
||
You need Java (1.7 or better) and Maven (3.0.5 or better): | ||
|
||
``` | ||
$ mvn test | ||
... | ||
<test run> | ||
``` | ||
|
||
Each app can be launched from the `main()` method in | ||
`Application.java`, either from an IDE, or from the command line using | ||
`mvn spring-boot:run`. Or you can build an executable JAR and run | ||
that: | ||
|
||
``` | ||
$ cd vanilla | ||
$ mvn package | ||
$ java -jar target/*.jar | ||
... | ||
<app starts and listens on port 8080> | ||
``` | ||
|
||
Tests run using the full HTTP protocol against an embedded server on a | ||
random port chosen by the operating system (so it should work | ||
everywhere). In contrast, when the app runs from the `main()` method, | ||
it listens on port 8080 by default. | ||
|
||
Here are some curl commands to use to get started: | ||
|
||
``` | ||
$ curl -H "Accept: application/json" my-client-with-secret:secret@localhost:8080/oauth/token -d grant_type=client_credentials | ||
{... "access_token": "b561ff06-4259-466e-92d8-781db1a51901", ...} | ||
$ TOKEN=b561ff06-4259-466e-92d8-781db1a5190 | ||
$ curl -H "Authorization: Bearer $TOKEN" localhost:8080/ | ||
Hello World | ||
``` | ||
|
||
## Running the Client App | ||
|
||
To test in a browser you can run one of the servers (see above) and | ||
the client on a different port (it runs on 8081 by default). | ||
|
||
``` | ||
$ cd client | ||
$ mvn package | ||
$ java -jar target/*.jar | ||
... | ||
<app starts and listens on port 8081> | ||
``` | ||
|
||
Go to http://localhost:8081/client and follow the authorization process (the | ||
username and password are `user` and `password`). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
This project shows what you can do with the minimum configuration to | ||
set up an Authorization Server and Resource Server. | ||
|
||
For the Authorization Server you need to `@EnableAuthorizationServer` | ||
and also configure at least one client registration | ||
(`OAuth2ClientDetails`). You can see this is the bulk of | ||
`Application.java`. | ||
|
||
An `AuthenticationManager` is created by Spring Boot (it has a single | ||
user, named "user", with password "password", per | ||
`application.yml`). It is needed in the Authorization Server to | ||
provide authentication for the Resource Owner Password grant type. | ||
|
||
For the Resource Server all that is needed is the | ||
`@EnableResourceServer` annotation. By default it protects all | ||
resources that are not explicitly ignored and not exposed by the | ||
`AuthorizationEndpoint` (if there is an Authorization Server in the | ||
same application). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<artifactId>spring-oauth2-tests-approval</artifactId> | ||
|
||
<name>spring-oauth2-tests-approval</name> | ||
<description>Demo project</description> | ||
|
||
<parent> | ||
<groupId>org.demo</groupId> | ||
<artifactId>spring-oauth2-tests-parent</artifactId> | ||
<version>2.0.2.RELEASE</version> | ||
</parent> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-web</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-actuator</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-security</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.security.oauth</groupId> | ||
<artifactId>spring-security-oauth2</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.demo</groupId> | ||
<artifactId>spring-oauth2-tests-common</artifactId> | ||
<version>${project.version}</version> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-maven-plugin</artifactId> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
|
||
</project> |
91 changes: 91 additions & 0 deletions
91
tests/annotation/approval/src/main/java/demo/Application.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
package demo; | ||
|
||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.SpringApplication; | ||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.ComponentScan; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.authentication.AuthenticationManager; | ||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; | ||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; | ||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; | ||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; | ||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; | ||
import org.springframework.security.oauth2.provider.approval.ApprovalStore; | ||
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore; | ||
import org.springframework.security.oauth2.provider.token.TokenStore; | ||
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore; | ||
import org.springframework.web.bind.annotation.RequestMapping; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
@Configuration | ||
@ComponentScan | ||
@EnableAutoConfiguration | ||
@EnableResourceServer | ||
@RestController | ||
public class Application { | ||
|
||
public static void main(String[] args) { | ||
SpringApplication.run(Application.class, args); | ||
} | ||
|
||
@RequestMapping("/") | ||
public String home() { | ||
return "Hello World"; | ||
} | ||
|
||
@Configuration | ||
@EnableAuthorizationServer | ||
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { | ||
|
||
@Autowired | ||
private AuthenticationManager authenticationManager; | ||
|
||
@Override | ||
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { | ||
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore()); | ||
} | ||
|
||
@Bean | ||
public ApprovalStore approvalStore() throws Exception { | ||
TokenApprovalStore store = new TokenApprovalStore(); | ||
store.setTokenStore(tokenStore()); | ||
return store; | ||
} | ||
|
||
@Bean | ||
public TokenStore tokenStore() { | ||
return new InMemoryTokenStore(); | ||
} | ||
|
||
@Override | ||
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { | ||
// @formatter:off | ||
clients.inMemory() | ||
.withClient("my-trusted-client") | ||
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit") | ||
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT") | ||
.scopes("read", "write", "trust") | ||
.resourceIds("oauth2-resource") | ||
.accessTokenValiditySeconds(60) | ||
.and() | ||
.withClient("my-client-with-registered-redirect") | ||
.authorizedGrantTypes("authorization_code") | ||
.authorities("ROLE_CLIENT") | ||
.scopes("read", "trust") | ||
.resourceIds("oauth2-resource") | ||
.redirectUris("http://anywhere?key=value") | ||
.and() | ||
.withClient("my-client-with-secret") | ||
.authorizedGrantTypes("client_credentials", "password") | ||
.authorities("ROLE_CLIENT") | ||
.scopes("read") | ||
.resourceIds("oauth2-resource") | ||
.secret("secret"); | ||
// @formatter:on | ||
} | ||
|
||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
spring: | ||
application: | ||
name: approval | ||
management: | ||
context_path: /admin | ||
security: | ||
user: | ||
password: password |
20 changes: 20 additions & 0 deletions
20
tests/annotation/approval/src/test/java/demo/ApplicationTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package demo; | ||
|
||
import org.junit.Test; | ||
import org.junit.runner.RunWith; | ||
import org.springframework.boot.test.SpringApplicationConfiguration; | ||
import org.springframework.test.context.ActiveProfiles; | ||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||
import org.springframework.test.context.web.WebAppConfiguration; | ||
|
||
@RunWith(SpringJUnit4ClassRunner.class) | ||
@SpringApplicationConfiguration(classes = Application.class) | ||
@WebAppConfiguration | ||
@ActiveProfiles("test") | ||
public class ApplicationTests { | ||
|
||
@Test | ||
public void contextLoads() { | ||
} | ||
|
||
} |
Oops, something went wrong.