Skip to content

Commit

Permalink
2.0.2.RELEASE updates
Browse files Browse the repository at this point in the history
  • Loading branch information
Dave Syer committed Jun 11, 2014
1 parent 4145668 commit 3249391
Show file tree
Hide file tree
Showing 235 changed files with 9,988 additions and 8 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ _site/
samples/*/*/src/main/webapp/META-INF/
build/
target/
bin/
.classpath
.project
.DS_Store
Expand Down
3 changes: 2 additions & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,13 @@
<name>OAuth for Spring Security</name>
<description>Parent Project for OAuth Support for Spring Security</description>
<packaging>pom</packaging>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
<url>http://static.springframework.org/spring-security/oauth</url>

<modules>
<module>spring-security-oauth</module>
<module>spring-security-oauth2</module>
<module>tests</module>
<module>samples</module>
</modules>

Expand Down
2 changes: 1 addition & 1 deletion samples/oauth/sparklr/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
<relativePath>../../..</relativePath>
</parent>

Expand Down
2 changes: 1 addition & 1 deletion samples/oauth/tonr/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
<relativePath>../../..</relativePath>
</parent>

Expand Down
2 changes: 1 addition & 1 deletion samples/oauth2/sparklr/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
<relativePath>../../..</relativePath>
</parent>

Expand Down
2 changes: 1 addition & 1 deletion samples/oauth2/tonr/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
<relativePath>../../..</relativePath>
</parent>

Expand Down
2 changes: 1 addition & 1 deletion samples/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
</parent>

<artifactId>spring-security-oauth-samples</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion spring-security-oauth/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
</parent>

<artifactId>spring-security-oauth</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion spring-security-oauth2/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth-parent</artifactId>
<version>2.0.2.BUILD-SNAPSHOT</version>
<version>2.0.2.RELEASE</version>
</parent>

<artifactId>spring-security-oauth2</artifactId>
Expand Down
89 changes: 89 additions & 0 deletions tests/annotation/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
This project contains a selection of minimal apps that are functional
OAuth2 Authorization Servers (token issuer) and Resource Servers
(protected API). (You could split the two roles across two
applications if you preferred.) It uses
[Spring Boot](https://github.com/spring-projects/spring-boot) to
provide an embedded servlet container and for defaulting a load of
configuration, so you should be up and running very quickly. There are
integration tests proving that it works and also showing you how to
access it with the Spring `RestTemplate` API.

The apps are in subdirectories:

* vanilla - a basic, no-frills Authorization Server and Resource Server

* jwt - uses Json Web Tokens as the token format

* mappings - changes the default values for the endpoint paths and the
protected resource paths

* approval - an auth server with granular approvals (per scope)

* jdbc - uses JDBC stores for everything

* form - an auth server that accepts form-based client authentication

* multi - an auth server and multiple Resource Servers in one app

* resource - a pure Resoure Server (needs to be paired with an auth
server and share a token store)

* client - a simple client app

The client is wired to the other servers as long as they run on the
default port of 8080.


## Building and Running

You need Java (1.7 or better) and Maven (3.0.5 or better):

```
$ mvn test
...
<test run>
```

Each app can be launched from the `main()` method in
`Application.java`, either from an IDE, or from the command line using
`mvn spring-boot:run`. Or you can build an executable JAR and run
that:

```
$ cd vanilla
$ mvn package
$ java -jar target/*.jar
...
<app starts and listens on port 8080>
```

Tests run using the full HTTP protocol against an embedded server on a
random port chosen by the operating system (so it should work
everywhere). In contrast, when the app runs from the `main()` method,
it listens on port 8080 by default.

Here are some curl commands to use to get started:

```
$ curl -H "Accept: application/json" my-client-with-secret:secret@localhost:8080/oauth/token -d grant_type=client_credentials
{... "access_token": "b561ff06-4259-466e-92d8-781db1a51901", ...}
$ TOKEN=b561ff06-4259-466e-92d8-781db1a5190
$ curl -H "Authorization: Bearer $TOKEN" localhost:8080/
Hello World
```

## Running the Client App

To test in a browser you can run one of the servers (see above) and
the client on a different port (it runs on 8081 by default).

```
$ cd client
$ mvn package
$ java -jar target/*.jar
...
<app starts and listens on port 8081>
```

Go to http://localhost:8081/client and follow the authorization process (the
username and password are `user` and `password`).
18 changes: 18 additions & 0 deletions tests/annotation/approval/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
This project shows what you can do with the minimum configuration to
set up an Authorization Server and Resource Server.

For the Authorization Server you need to `@EnableAuthorizationServer`
and also configure at least one client registration
(`OAuth2ClientDetails`). You can see this is the bulk of
`Application.java`.

An `AuthenticationManager` is created by Spring Boot (it has a single
user, named "user", with password "password", per
`application.yml`). It is needed in the Authorization Server to
provide authentication for the Resource Owner Password grant type.

For the Resource Server all that is needed is the
`@EnableResourceServer` annotation. By default it protects all
resources that are not explicitly ignored and not exposed by the
`AuthorizationEndpoint` (if there is an Authorization Server in the
same application).
50 changes: 50 additions & 0 deletions tests/annotation/approval/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<artifactId>spring-oauth2-tests-approval</artifactId>

<name>spring-oauth2-tests-approval</name>
<description>Demo project</description>

<parent>
<groupId>org.demo</groupId>
<artifactId>spring-oauth2-tests-parent</artifactId>
<version>2.0.2.RELEASE</version>
</parent>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.demo</groupId>
<artifactId>spring-oauth2-tests-common</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>

</project>
91 changes: 91 additions & 0 deletions tests/annotation/approval/src/main/java/demo/Application.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
package demo;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@Configuration
@ComponentScan
@EnableAutoConfiguration
@EnableResourceServer
@RestController
public class Application {

public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}

@RequestMapping("/")
public String home() {
return "Hello World";
}

@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore());
}

@Bean
public ApprovalStore approvalStore() throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore());
return store;
}

@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(60)
.and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT")
.scopes("read", "trust")
.resourceIds("oauth2-resource")
.redirectUris("http://anywhere?key=value")
.and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT")
.scopes("read")
.resourceIds("oauth2-resource")
.secret("secret");
// @formatter:on
}

}

}
8 changes: 8 additions & 0 deletions tests/annotation/approval/src/main/resources/application.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
spring:
application:
name: approval
management:
context_path: /admin
security:
user:
password: password
20 changes: 20 additions & 0 deletions tests/annotation/approval/src/test/java/demo/ApplicationTests.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package demo;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = Application.class)
@WebAppConfiguration
@ActiveProfiles("test")
public class ApplicationTests {

@Test
public void contextLoads() {
}

}
Loading

0 comments on commit 3249391

Please sign in to comment.