Add How-to: Implement Multitenancy
Closes gh-663
This commit is contained in:
55
docs/src/main/java/sample/multitenancy/DataSourceConfig.java
Normal file
55
docs/src/main/java/sample/multitenancy/DataSourceConfig.java
Normal file
@@ -0,0 +1,55 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package sample.multitenancy;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
|
||||
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
|
||||
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class DataSourceConfig {
|
||||
|
||||
@Bean("issuer1-data-source")
|
||||
public EmbeddedDatabase issuer1DataSource() {
|
||||
// @formatter:off
|
||||
return new EmbeddedDatabaseBuilder()
|
||||
.setName("issuer1-db") // <1>
|
||||
.setType(EmbeddedDatabaseType.H2)
|
||||
.setScriptEncoding("UTF-8")
|
||||
.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")
|
||||
.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-consent-schema.sql")
|
||||
.addScript("org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql")
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Bean("issuer2-data-source")
|
||||
public EmbeddedDatabase issuer2DataSource() {
|
||||
// @formatter:off
|
||||
return new EmbeddedDatabaseBuilder()
|
||||
.setName("issuer2-db") // <2>
|
||||
.setType(EmbeddedDatabaseType.H2)
|
||||
.setScriptEncoding("UTF-8")
|
||||
.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")
|
||||
.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-consent-schema.sql")
|
||||
.addScript("org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql")
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
}
|
||||
103
docs/src/main/java/sample/multitenancy/JWKSourceConfig.java
Normal file
103
docs/src/main/java/sample/multitenancy/JWKSourceConfig.java
Normal file
@@ -0,0 +1,103 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package sample.multitenancy;
|
||||
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import com.nimbusds.jose.KeySourceException;
|
||||
import com.nimbusds.jose.jwk.JWK;
|
||||
import com.nimbusds.jose.jwk.JWKSelector;
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.nimbusds.jose.jwk.source.JWKSource;
|
||||
import com.nimbusds.jose.proc.SecurityContext;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class JWKSourceConfig {
|
||||
|
||||
@Bean
|
||||
public JWKSource<SecurityContext> jwkSource() {
|
||||
Map<String, JWKSet> jwkSetMap = new HashMap<>();
|
||||
jwkSetMap.put("issuer1", new JWKSet(generateRSAJwk())); // <1>
|
||||
jwkSetMap.put("issuer2", new JWKSet(generateRSAJwk())); // <2>
|
||||
|
||||
return new DelegatingJWKSource(jwkSetMap);
|
||||
}
|
||||
|
||||
// @fold:on
|
||||
private static RSAKey generateRSAJwk() {
|
||||
KeyPair keyPair;
|
||||
try {
|
||||
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
|
||||
keyPairGenerator.initialize(2048);
|
||||
keyPair = keyPairGenerator.generateKeyPair();
|
||||
} catch (Exception ex) {
|
||||
throw new IllegalStateException(ex);
|
||||
}
|
||||
|
||||
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
|
||||
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
|
||||
// @formatter:off
|
||||
return new RSAKey.Builder(publicKey)
|
||||
.privateKey(privateKey)
|
||||
.keyID(UUID.randomUUID().toString())
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
// @fold:off
|
||||
|
||||
private static class DelegatingJWKSource implements JWKSource<SecurityContext> { // <3>
|
||||
private final Map<String, JWKSet> jwkSetMap;
|
||||
|
||||
private DelegatingJWKSource(Map<String, JWKSet> jwkSetMap) {
|
||||
this.jwkSetMap = jwkSetMap;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<JWK> get(JWKSelector jwkSelector, SecurityContext context) throws KeySourceException {
|
||||
JWKSet jwkSet = getJwkSet();
|
||||
return (jwkSet != null) ? jwkSelector.select(jwkSet) : Collections.emptyList();
|
||||
}
|
||||
|
||||
private JWKSet getJwkSet() {
|
||||
if (AuthorizationServerContextHolder.getContext() == null ||
|
||||
AuthorizationServerContextHolder.getContext().getIssuer() == null) {
|
||||
return null;
|
||||
}
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); // <4>
|
||||
for (Map.Entry<String, JWKSet> entry : this.jwkSetMap.entrySet()) {
|
||||
if (issuer.endsWith(entry.getKey())) {
|
||||
return entry.getValue();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,98 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package sample.multitenancy;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationConsentService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class OAuth2AuthorizationConsentServiceConfig {
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizationConsentService authorizationConsentService(
|
||||
@Qualifier("issuer1-data-source") DataSource issuer1DataSource,
|
||||
@Qualifier("issuer2-data-source") DataSource issuer2DataSource,
|
||||
RegisteredClientRepository registeredClientRepository) {
|
||||
|
||||
Map<String, OAuth2AuthorizationConsentService> authorizationConsentServiceMap = new HashMap<>();
|
||||
authorizationConsentServiceMap.put("issuer1", new JdbcOAuth2AuthorizationConsentService( // <1>
|
||||
new JdbcTemplate(issuer1DataSource), registeredClientRepository));
|
||||
authorizationConsentServiceMap.put("issuer2", new JdbcOAuth2AuthorizationConsentService( // <2>
|
||||
new JdbcTemplate(issuer2DataSource), registeredClientRepository));
|
||||
|
||||
return new DelegatingOAuth2AuthorizationConsentService(authorizationConsentServiceMap);
|
||||
}
|
||||
|
||||
private static class DelegatingOAuth2AuthorizationConsentService implements OAuth2AuthorizationConsentService { // <3>
|
||||
private final Map<String, OAuth2AuthorizationConsentService> authorizationConsentServiceMap;
|
||||
|
||||
private DelegatingOAuth2AuthorizationConsentService(Map<String, OAuth2AuthorizationConsentService> authorizationConsentServiceMap) {
|
||||
this.authorizationConsentServiceMap = authorizationConsentServiceMap;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void save(OAuth2AuthorizationConsent authorizationConsent) {
|
||||
OAuth2AuthorizationConsentService authorizationConsentService = getAuthorizationConsentService();
|
||||
if (authorizationConsentService != null) {
|
||||
authorizationConsentService.save(authorizationConsent);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void remove(OAuth2AuthorizationConsent authorizationConsent) {
|
||||
OAuth2AuthorizationConsentService authorizationConsentService = getAuthorizationConsentService();
|
||||
if (authorizationConsentService != null) {
|
||||
authorizationConsentService.remove(authorizationConsent);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuth2AuthorizationConsent findById(String registeredClientId, String principalName) {
|
||||
OAuth2AuthorizationConsentService authorizationConsentService = getAuthorizationConsentService();
|
||||
return (authorizationConsentService != null) ?
|
||||
authorizationConsentService.findById(registeredClientId, principalName) :
|
||||
null;
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationConsentService getAuthorizationConsentService() {
|
||||
if (AuthorizationServerContextHolder.getContext() == null ||
|
||||
AuthorizationServerContextHolder.getContext().getIssuer() == null) {
|
||||
return null;
|
||||
}
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); // <4>
|
||||
for (Map.Entry<String, OAuth2AuthorizationConsentService> entry : this.authorizationConsentServiceMap.entrySet()) {
|
||||
if (issuer.endsWith(entry.getKey())) {
|
||||
return entry.getValue();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package sample.multitenancy;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
||||
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class OAuth2AuthorizationServiceConfig {
|
||||
|
||||
@Bean
|
||||
public OAuth2AuthorizationService authorizationService(
|
||||
@Qualifier("issuer1-data-source") DataSource issuer1DataSource,
|
||||
@Qualifier("issuer2-data-source") DataSource issuer2DataSource,
|
||||
RegisteredClientRepository registeredClientRepository) {
|
||||
|
||||
Map<String, OAuth2AuthorizationService> authorizationServiceMap = new HashMap<>();
|
||||
authorizationServiceMap.put("issuer1", new JdbcOAuth2AuthorizationService( // <1>
|
||||
new JdbcTemplate(issuer1DataSource), registeredClientRepository));
|
||||
authorizationServiceMap.put("issuer2", new JdbcOAuth2AuthorizationService( // <2>
|
||||
new JdbcTemplate(issuer2DataSource), registeredClientRepository));
|
||||
|
||||
return new DelegatingOAuth2AuthorizationService(authorizationServiceMap);
|
||||
}
|
||||
|
||||
private static class DelegatingOAuth2AuthorizationService implements OAuth2AuthorizationService { // <3>
|
||||
private final Map<String, OAuth2AuthorizationService> authorizationServiceMap;
|
||||
|
||||
private DelegatingOAuth2AuthorizationService(Map<String, OAuth2AuthorizationService> authorizationServiceMap) {
|
||||
this.authorizationServiceMap = authorizationServiceMap;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void save(OAuth2Authorization authorization) {
|
||||
OAuth2AuthorizationService authorizationService = getAuthorizationService();
|
||||
if (authorizationService != null) {
|
||||
authorizationService.save(authorization);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void remove(OAuth2Authorization authorization) {
|
||||
OAuth2AuthorizationService authorizationService = getAuthorizationService();
|
||||
if (authorizationService != null) {
|
||||
authorizationService.remove(authorization);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuth2Authorization findById(String id) {
|
||||
OAuth2AuthorizationService authorizationService = getAuthorizationService();
|
||||
return (authorizationService != null) ?
|
||||
authorizationService.findById(id) :
|
||||
null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuth2Authorization findByToken(String token, OAuth2TokenType tokenType) {
|
||||
OAuth2AuthorizationService authorizationService = getAuthorizationService();
|
||||
return (authorizationService != null) ?
|
||||
authorizationService.findByToken(token, tokenType) :
|
||||
null;
|
||||
}
|
||||
|
||||
private OAuth2AuthorizationService getAuthorizationService() {
|
||||
if (AuthorizationServerContextHolder.getContext() == null ||
|
||||
AuthorizationServerContextHolder.getContext().getIssuer() == null) {
|
||||
return null;
|
||||
}
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); // <4>
|
||||
for (Map.Entry<String, OAuth2AuthorizationService> entry : this.authorizationServiceMap.entrySet()) {
|
||||
if (issuer.endsWith(entry.getKey())) {
|
||||
return entry.getValue();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,131 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package sample.multitenancy;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
||||
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class RegisteredClientRepositoryConfig {
|
||||
|
||||
@Bean
|
||||
public RegisteredClientRepository registeredClientRepository(
|
||||
@Qualifier("issuer1-data-source") DataSource issuer1DataSource,
|
||||
@Qualifier("issuer2-data-source") DataSource issuer2DataSource) {
|
||||
|
||||
JdbcRegisteredClientRepository issuer1RegisteredClientRepository =
|
||||
new JdbcRegisteredClientRepository(new JdbcTemplate(issuer1DataSource)); // <1>
|
||||
|
||||
// @fold:on
|
||||
// @formatter:off
|
||||
issuer1RegisteredClientRepository.save(
|
||||
RegisteredClient.withId(UUID.randomUUID().toString())
|
||||
.clientId("client-1")
|
||||
.clientSecret("{noop}secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
||||
.scope("scope-1")
|
||||
.build()
|
||||
);
|
||||
// @formatter:on
|
||||
// @fold:off
|
||||
|
||||
JdbcRegisteredClientRepository issuer2RegisteredClientRepository =
|
||||
new JdbcRegisteredClientRepository(new JdbcTemplate(issuer2DataSource)); // <2>
|
||||
|
||||
// @fold:on
|
||||
// @formatter:off
|
||||
issuer2RegisteredClientRepository.save(
|
||||
RegisteredClient.withId(UUID.randomUUID().toString())
|
||||
.clientId("client-2")
|
||||
.clientSecret("{noop}secret")
|
||||
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
|
||||
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
|
||||
.scope("scope-2")
|
||||
.build()
|
||||
);
|
||||
// @formatter:on
|
||||
// @fold:off
|
||||
|
||||
Map<String, RegisteredClientRepository> registeredClientRepositoryMap = new HashMap<>();
|
||||
registeredClientRepositoryMap.put("issuer1", issuer1RegisteredClientRepository);
|
||||
registeredClientRepositoryMap.put("issuer2", issuer2RegisteredClientRepository);
|
||||
|
||||
return new DelegatingRegisteredClientRepository(registeredClientRepositoryMap);
|
||||
}
|
||||
|
||||
private static class DelegatingRegisteredClientRepository implements RegisteredClientRepository { // <3>
|
||||
private final Map<String, RegisteredClientRepository> registeredClientRepositoryMap;
|
||||
|
||||
private DelegatingRegisteredClientRepository(Map<String, RegisteredClientRepository> registeredClientRepositoryMap) {
|
||||
this.registeredClientRepositoryMap = registeredClientRepositoryMap;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void save(RegisteredClient registeredClient) {
|
||||
RegisteredClientRepository registeredClientRepository = getRegisteredClientRepository();
|
||||
if (registeredClientRepository != null) {
|
||||
registeredClientRepository.save(registeredClient);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public RegisteredClient findById(String id) {
|
||||
RegisteredClientRepository registeredClientRepository = getRegisteredClientRepository();
|
||||
return (registeredClientRepository != null) ?
|
||||
registeredClientRepository.findById(id) :
|
||||
null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RegisteredClient findByClientId(String clientId) {
|
||||
RegisteredClientRepository registeredClientRepository = getRegisteredClientRepository();
|
||||
return (registeredClientRepository != null) ?
|
||||
registeredClientRepository.findByClientId(clientId) :
|
||||
null;
|
||||
}
|
||||
|
||||
private RegisteredClientRepository getRegisteredClientRepository() {
|
||||
if (AuthorizationServerContextHolder.getContext() == null ||
|
||||
AuthorizationServerContextHolder.getContext().getIssuer() == null) {
|
||||
return null;
|
||||
}
|
||||
String issuer = AuthorizationServerContextHolder.getContext().getIssuer(); // <4>
|
||||
for (Map.Entry<String, RegisteredClientRepository> entry : this.registeredClientRepositoryMap.entrySet()) {
|
||||
if (issuer.endsWith(entry.getKey())) {
|
||||
return entry.getValue();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
105
docs/src/test/java/sample/multitenancy/MultitenancyTests.java
Normal file
105
docs/src/test/java/sample/multitenancy/MultitenancyTests.java
Normal file
@@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package sample.multitenancy;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.data.jpa.JpaRepositoriesAutoConfiguration;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
/**
|
||||
* Tests for the guide How-to: Implement Multitenancy.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
@SpringBootTest(classes = {MultitenancyTests.AuthorizationServerConfig.class} )
|
||||
@AutoConfigureMockMvc
|
||||
public class MultitenancyTests {
|
||||
|
||||
@Autowired
|
||||
private MockMvc mvc;
|
||||
|
||||
@Test
|
||||
public void requestWhenTokenRequestForIssuer1ThenTokenResponse() throws Exception {
|
||||
// @formatter:off
|
||||
this.mvc.perform(post("/issuer1/oauth2/token")
|
||||
.with(httpBasic("client-1", "secret"))
|
||||
.param(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
|
||||
.param(OAuth2ParameterNames.SCOPE, "scope-1")
|
||||
.contentType(MediaType.APPLICATION_FORM_URLENCODED_VALUE))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.access_token").isNotEmpty());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenTokenRequestForIssuer1WithInvalidClientThenUnauthorized() throws Exception {
|
||||
// @formatter:off
|
||||
this.mvc.perform(post("/issuer1/oauth2/token")
|
||||
.with(httpBasic("client-2", "secret"))
|
||||
.param(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
|
||||
.param(OAuth2ParameterNames.SCOPE, "scope-2")
|
||||
.contentType(MediaType.APPLICATION_FORM_URLENCODED_VALUE))
|
||||
.andExpect(status().isUnauthorized());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenTokenRequestForIssuer2ThenTokenResponse() throws Exception {
|
||||
// @formatter:off
|
||||
this.mvc.perform(post("/issuer2/oauth2/token")
|
||||
.with(httpBasic("client-2", "secret"))
|
||||
.param(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
|
||||
.param(OAuth2ParameterNames.SCOPE, "scope-2")
|
||||
.contentType(MediaType.APPLICATION_FORM_URLENCODED_VALUE))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.access_token").isNotEmpty());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenTokenRequestForIssuer2WithInvalidClientThenUnauthorized() throws Exception {
|
||||
// @formatter:off
|
||||
this.mvc.perform(post("/issuer2/oauth2/token")
|
||||
.with(httpBasic("client-1", "secret"))
|
||||
.param(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
|
||||
.param(OAuth2ParameterNames.SCOPE, "scope-1")
|
||||
.contentType(MediaType.APPLICATION_FORM_URLENCODED_VALUE))
|
||||
.andExpect(status().isUnauthorized());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@EnableAutoConfiguration(exclude = JpaRepositoriesAutoConfiguration.class)
|
||||
@EnableWebSecurity
|
||||
@ComponentScan
|
||||
static class AuthorizationServerConfig {
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user