diff --git a/servlet/spring-boot/java/oauth2/authorization-server/README.adoc b/servlet/spring-boot/java/oauth2/authorization-server/README.adoc deleted file mode 100644 index 6d43ee6..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/README.adoc +++ /dev/null @@ -1,121 +0,0 @@ -= OAuth 2.0 Authorization Server Sample - -This sample demonstrates Authorization Server with the `authorization_code` and `client_credentials` grant types, as well as OpenID Connect 1.0. This authorization server is configured to generate JWT tokens signed with the `RS256` algorithm. - -* <> -* <> -* <> - -[[running-the-tests]] -== Running the tests - -To run the tests, do: - -```bash -./gradlew integrationTest -``` - -Or import the project into your IDE and run `OAuth2AuthorizationServerApplicationTests` from there. - -=== What is it doing? - -The tests are making requests to the token endpoint with the `client_credentials` grant type using the `client_secret_basic` authentication method, and subsequently verifying the access token from the response using the token introspection endpoint. - -The introspection endpoint response is used to verify the token (decode the JWT in this case), returning the payload including the requested scope. - -NOTE: Spring Security does not require the token introspection endpoint when configured to use the Bearer scheme with JWTs, this is simply used for demonstration purposes. - -[[running-the-app]] -== Running the app - -To run as a stand-alone application, do: - -```bash -./gradlew bootRun -``` - -Or import the project into your IDE and run `OAuth2AuthorizationServerApplication` from there. - -Once it is up and running, you can issue the following request: - -```bash -curl -X POST messaging-client:secret@localhost:9000/oauth2/token -d "grant_type=client_credentials" -d "scope=message:read" -``` - -This returns something like the following: - -```json -{ - "access_token": "eyJraWQiOiI4YWY4Zjc2Zi0zMTdkLTQxZmYtYWY5Yi1hZjg5NDg4ODM5YzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJtZXNzYWdpbmctY2xpZW50IiwiYXVkIjoibWVzc2FnaW5nLWNsaWVudCIsIm5iZiI6MTYyNzMzNDQ1MCwic2NvcGUiOlsibWVzc2FnZTpyZWFkIl0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo5MDAwIiwiZXhwIjoxNjI3MzM0NzUwLCJpYXQiOjE2MjczMzQ0NTAsImp0aSI6IjBiYjYwZjhkLWIzNjItNDk0MC05MGRmLWZhZDg4N2Q1Yzg1ZSJ9.O8dI67B_feRjOn6pJi5ctPJmUJCNpV77SC4OiWqmpa5UHvf4Ud6L6EFe9LKuPIRrEWi8rMdCdMBOPKQMXvxLoI3LMUPf7Yj973uvZN0E988MsKwhGwxyaa_Wam8wFlk8aQlN8SbW3cKdeH-nKloNMdwjfspovefX521mxouaMjmyXdIFrM5WZ15GZK69NIniACSatE-pc9TAjKYBDbC65jVt_zHEvDQbEkZulF2bjrGOZC8C3IbJWnlKgkcshrY44TtrGPyCp2gIS0TSUUsG00iSBBC8E8zPU-YdfaP8gB9_FwUwK9zfy_hU2Ykf2aU3eulpGDVLn2rCwFeK86Rw1w", - "expires_in": 299, - "scope": "message:read", - "token_type": "Bearer" -} -``` - -In order to make the same token introspection request as the tests, export the access token from the response: - -```bash -export TOKEN=... -``` - -Then issue the following request: - -```bash -curl -X POST messaging-client:secret@localhost:9000/oauth2/introspect -d "token=$TOKEN" -``` - -Which will return something like the following: - -```json -{ - "active": true, - "aud": [ - "messaging-client" - ], - "client_id": "messaging-client", - "exp": 1627334750, - "iat": 1627334450, - "iss": "http://localhost:9000", - "jti": "0bb60f8d-b362-4940-90df-fad887d5c85e", - "nbf": 1627334450, - "scope": "message:read", - "sub": "messaging-client", - "token_type": "Bearer" -} -``` - -[[testing-with-a-resource-server]] -== Testing with a resource server - -This sample can be used in conjunction with a resource server, such as the https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/java/oauth2/resource-server/hello-security[resource-server sample] in this project which is pre-configured to work with this authorization server sample out of the box. - -You can run that app similarly to the authorization server: - -```bash -./gradlew bootRun -``` - -Once it is up and running, you can issue the following request: - -```bash -curl -X POST messaging-client:secret@localhost:9000/oauth2/token -d "grant_type=client_credentials" -d "scope=message:read" -``` - -Then, export the access token from the response: - -```bash -export TOKEN=... -``` - -Then issue the following request: - -```bash -curl -H "Authorization: Bearer $TOKEN" localhost:8080 -``` - -Which will respond with the phrase: - -``` -Hello, messaging-client! -``` \ No newline at end of file diff --git a/servlet/spring-boot/java/oauth2/authorization-server/build.gradle b/servlet/spring-boot/java/oauth2/authorization-server/build.gradle deleted file mode 100644 index 5a1c7e0..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/build.gradle +++ /dev/null @@ -1,29 +0,0 @@ -plugins { - id 'org.springframework.boot' version '3.0.0-SNAPSHOT' - id 'io.spring.dependency-management' version '1.0.11.RELEASE' - id "nebula.integtest" version "8.2.0" - id 'java' -} - -repositories { - mavenCentral() - maven { url "https://repo.spring.io/milestone" } - maven { url "https://repo.spring.io/snapshot" } -} - -ext["micrometer.version"] = "1.10.0-SNAPSHOT" - -dependencies { - implementation 'org.springframework.boot:spring-boot-starter-web' - implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.0.0-M1' - - testImplementation 'org.springframework.boot:spring-boot-starter-test' - testImplementation 'org.springframework.security:spring-security-test' - - integTestImplementation 'net.sourceforge.htmlunit:htmlunit' -} - -tasks.withType(Test).configureEach { - useJUnitPlatform() - outputs.upToDateWhen { false } -} diff --git a/servlet/spring-boot/java/oauth2/authorization-server/gradle.properties b/servlet/spring-boot/java/oauth2/authorization-server/gradle.properties deleted file mode 100644 index ce1417e..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/gradle.properties +++ /dev/null @@ -1,2 +0,0 @@ -version=6.0.0-SNAPSHOT -spring-security.version=6.0.0-SNAPSHOT diff --git a/servlet/spring-boot/java/oauth2/authorization-server/gradle/wrapper/gradle-wrapper.jar b/servlet/spring-boot/java/oauth2/authorization-server/gradle/wrapper/gradle-wrapper.jar deleted file mode 100644 index 41d9927..0000000 Binary files a/servlet/spring-boot/java/oauth2/authorization-server/gradle/wrapper/gradle-wrapper.jar and /dev/null differ diff --git a/servlet/spring-boot/java/oauth2/authorization-server/gradle/wrapper/gradle-wrapper.properties b/servlet/spring-boot/java/oauth2/authorization-server/gradle/wrapper/gradle-wrapper.properties deleted file mode 100644 index e750102..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/gradle/wrapper/gradle-wrapper.properties +++ /dev/null @@ -1,5 +0,0 @@ -distributionBase=GRADLE_USER_HOME -distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip -zipStoreBase=GRADLE_USER_HOME -zipStorePath=wrapper/dists diff --git a/servlet/spring-boot/java/oauth2/authorization-server/gradlew b/servlet/spring-boot/java/oauth2/authorization-server/gradlew deleted file mode 100755 index fbd7c51..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/gradlew +++ /dev/null @@ -1,185 +0,0 @@ -#!/usr/bin/env sh - -# -# Copyright 2015 the original author or authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -############################################################################## -## -## Gradle start up script for UN*X -## -############################################################################## - -# Attempt to set APP_HOME -# Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi -done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null - -APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` - -# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' - -# Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" - -warn () { - echo "$*" -} - -die () { - echo - echo "$*" - echo - exit 1 -} - -# OS specific support (must be 'true' or 'false'). -cygwin=false -msys=false -darwin=false -nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; -esac - -CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar - - -# Determine the Java command to use to start the JVM. -if [ -n "$JAVA_HOME" ] ; then - if [ -x "$JAVA_HOME/jre/sh/java" ] ; then - # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" - else - JAVACMD="$JAVA_HOME/bin/java" - fi - if [ ! -x "$JAVACMD" ] ; then - die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME - -Please set the JAVA_HOME variable in your environment to match the -location of your Java installation." - fi -else - JAVACMD="java" - which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. - -Please set the JAVA_HOME variable in your environment to match the -location of your Java installation." -fi - -# Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi -fi - -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi - -# For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi - # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" - fi - i=`expr $i + 1` - done - case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac -fi - -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=`save "$@"` - -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" - -exec "$JAVACMD" "$@" diff --git a/servlet/spring-boot/java/oauth2/authorization-server/gradlew.bat b/servlet/spring-boot/java/oauth2/authorization-server/gradlew.bat deleted file mode 100644 index 5093609..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/gradlew.bat +++ /dev/null @@ -1,104 +0,0 @@ -@rem -@rem Copyright 2015 the original author or authors. -@rem -@rem Licensed under the Apache License, Version 2.0 (the "License"); -@rem you may not use this file except in compliance with the License. -@rem You may obtain a copy of the License at -@rem -@rem https://www.apache.org/licenses/LICENSE-2.0 -@rem -@rem Unless required by applicable law or agreed to in writing, software -@rem distributed under the License is distributed on an "AS IS" BASIS, -@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -@rem See the License for the specific language governing permissions and -@rem limitations under the License. -@rem - -@if "%DEBUG%" == "" @echo off -@rem ########################################################################## -@rem -@rem Gradle startup script for Windows -@rem -@rem ########################################################################## - -@rem Set local scope for the variables with windows NT shell -if "%OS%"=="Windows_NT" setlocal - -set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. -set APP_BASE_NAME=%~n0 -set APP_HOME=%DIRNAME% - -@rem Resolve any "." and ".." in APP_HOME to make it shorter. -for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi - -@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" - -@rem Find java.exe -if defined JAVA_HOME goto findJavaFromJavaHome - -set JAVA_EXE=java.exe -%JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto init - -echo. -echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. - -goto fail - -:findJavaFromJavaHome -set JAVA_HOME=%JAVA_HOME:"=% -set JAVA_EXE=%JAVA_HOME%/bin/java.exe - -if exist "%JAVA_EXE%" goto init - -echo. -echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. - -goto fail - -:init -@rem Get command-line arguments, handling Windows variants - -if not "%OS%" == "Windows_NT" goto win9xME_args - -:win9xME_args -@rem Slurp the command line arguments. -set CMD_LINE_ARGS= -set _SKIP=2 - -:win9xME_args_slurp -if "x%~1" == "x" goto execute - -set CMD_LINE_ARGS=%* - -:execute -@rem Setup the command line - -set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar - - -@rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% - -:end -@rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd - -:fail -rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of -rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 - -:mainEnd -if "%OS%"=="Windows_NT" endlocal - -:omega diff --git a/servlet/spring-boot/java/oauth2/authorization-server/settings.gradle b/servlet/spring-boot/java/oauth2/authorization-server/settings.gradle deleted file mode 100644 index 8b13789..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/settings.gradle +++ /dev/null @@ -1 +0,0 @@ - diff --git a/servlet/spring-boot/java/oauth2/authorization-server/src/integTest/java/example/OAuth2AuthorizationServerApplicationITests.java b/servlet/spring-boot/java/oauth2/authorization-server/src/integTest/java/example/OAuth2AuthorizationServerApplicationITests.java deleted file mode 100644 index c0d71cb..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/src/integTest/java/example/OAuth2AuthorizationServerApplicationITests.java +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package example; - -import java.util.Map; - -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.junit.jupiter.api.Test; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.http.HttpHeaders; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.MvcResult; -import org.springframework.test.web.servlet.request.RequestPostProcessor; - -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - -/** - * Integration tests for {@link OAuth2AuthorizationServerApplication}. - * - * @author Steve Riesenberg - */ -@SpringBootTest -@AutoConfigureMockMvc -@ActiveProfiles("test") -public class OAuth2AuthorizationServerApplicationITests { - - private static final String CLIENT_ID = "messaging-client"; - - private static final String CLIENT_SECRET = "secret"; - - private final ObjectMapper objectMapper = new ObjectMapper(); - - @Autowired - private MockMvc mockMvc; - - @Test - void performTokenRequestWhenValidClientCredentialsThenOk() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/token") - .param("grant_type", "client_credentials") - .param("scope", "message:read") - .with(basicAuth(CLIENT_ID, CLIENT_SECRET))) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.access_token").isString()) - .andExpect(jsonPath("$.expires_in").isNumber()) - .andExpect(jsonPath("$.scope").value("message:read")) - .andExpect(jsonPath("$.token_type").value("Bearer")); - // @formatter:on - } - - @Test - void performTokenRequestWhenMissingScopeThenOk() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/token") - .param("grant_type", "client_credentials") - .param("scope", "message:read message:write") - .with(basicAuth(CLIENT_ID, CLIENT_SECRET))) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.access_token").isString()) - .andExpect(jsonPath("$.expires_in").isNumber()) - .andExpect(jsonPath("$.scope").value("message:read message:write")) - .andExpect(jsonPath("$.token_type").value("Bearer")); - // @formatter:on - } - - @Test - void performTokenRequestWhenInvalidClientCredentialsThenUnauthorized() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/token") - .param("grant_type", "client_credentials") - .param("scope", "message:read") - .with(basicAuth("bad", "password"))) - .andExpect(status().isUnauthorized()) - .andExpect(jsonPath("$.error").value("invalid_client")); - // @formatter:on - } - - @Test - void performTokenRequestWhenMissingGrantTypeThenUnauthorized() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/token") - .with(basicAuth("bad", "password"))) - .andExpect(status().isUnauthorized()) - .andExpect(jsonPath("$.error").value("invalid_client")); - // @formatter:on - } - - @Test - void performTokenRequestWhenGrantTypeNotRegisteredThenBadRequest() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/token") - .param("grant_type", "client_credentials") - .with(basicAuth("login-client", "openid-connect"))) - .andExpect(status().isBadRequest()) - .andExpect(jsonPath("$.error").value("unauthorized_client")); - // @formatter:on - } - - @Test - void performIntrospectionRequestWhenValidTokenThenOk() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/introspect") - .param("token", getAccessToken()) - .with(basicAuth(CLIENT_ID, CLIENT_SECRET))) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.active").value("true")) - .andExpect(jsonPath("$.aud[0]").value(CLIENT_ID)) - .andExpect(jsonPath("$.client_id").value(CLIENT_ID)) - .andExpect(jsonPath("$.exp").isNumber()) - .andExpect(jsonPath("$.iat").isNumber()) - .andExpect(jsonPath("$.iss").value("http://localhost:9000")) - .andExpect(jsonPath("$.nbf").isNumber()) - .andExpect(jsonPath("$.scope").value("message:read")) - .andExpect(jsonPath("$.sub").value(CLIENT_ID)) - .andExpect(jsonPath("$.token_type").value("Bearer")); - // @formatter:on - } - - @Test - void performIntrospectionRequestWhenInvalidCredentialsThenUnauthorized() throws Exception { - // @formatter:off - this.mockMvc.perform(post("/oauth2/introspect") - .param("token", getAccessToken()) - .with(basicAuth("bad", "password"))) - .andExpect(status().isUnauthorized()) - .andExpect(jsonPath("$.error").value("invalid_client")); - // @formatter:on - } - - private String getAccessToken() throws Exception { - // @formatter:off - MvcResult mvcResult = this.mockMvc.perform(post("/oauth2/token") - .param("grant_type", "client_credentials") - .param("scope", "message:read") - .with(basicAuth(CLIENT_ID, CLIENT_SECRET))) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.access_token").exists()) - .andReturn(); - // @formatter:on - - String tokenResponseJson = mvcResult.getResponse().getContentAsString(); - Map tokenResponse = this.objectMapper.readValue(tokenResponseJson, new TypeReference<>() { - }); - - return tokenResponse.get("access_token").toString(); - } - - private static BasicAuthenticationRequestPostProcessor basicAuth(String username, String password) { - return new BasicAuthenticationRequestPostProcessor(username, password); - } - - private static final class BasicAuthenticationRequestPostProcessor implements RequestPostProcessor { - - private final String username; - - private final String password; - - private BasicAuthenticationRequestPostProcessor(String username, String password) { - this.username = username; - this.password = password; - } - - @Override - public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { - HttpHeaders headers = new HttpHeaders(); - headers.setBasicAuth(this.username, this.password); - request.addHeader("Authorization", headers.getFirst("Authorization")); - return request; - } - - } - -} diff --git a/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerApplication.java b/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerApplication.java deleted file mode 100644 index ac20ad3..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerApplication.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package example; - -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.SpringBootApplication; - -/** - * OAuth Authorization Server Application. - * - * @author Steve Riesenberg - */ -@SpringBootApplication -public class OAuth2AuthorizationServerApplication { - - public static void main(String[] args) { - SpringApplication.run(OAuth2AuthorizationServerApplication.class, args); - } - -} diff --git a/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerSecurityConfiguration.java b/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerSecurityConfiguration.java deleted file mode 100644 index 382fb4a..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerSecurityConfiguration.java +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package example; - -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.util.UUID; - -import com.nimbusds.jose.jwk.JWKSet; -import com.nimbusds.jose.jwk.RSAKey; -import com.nimbusds.jose.jwk.source.ImmutableJWKSet; -import com.nimbusds.jose.jwk.source.JWKSource; -import com.nimbusds.jose.proc.SecurityContext; - -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Role; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.oidc.OidcScopes; -import org.springframework.security.oauth2.jwt.JwtDecoder; -import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; -import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; -import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; -import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; -import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; -import org.springframework.security.oauth2.server.authorization.settings.ProviderSettings; -import org.springframework.security.provisioning.InMemoryUserDetailsManager; -import org.springframework.security.web.SecurityFilterChain; - -/** - * OAuth Authorization Server Configuration. - * - * @author Steve Riesenberg - */ -@Configuration -@EnableWebSecurity -public class OAuth2AuthorizationServerSecurityConfiguration { - - @Bean - @Order(1) - public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { - OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); - return http.formLogin(Customizer.withDefaults()).build(); - } - - @Bean - @Order(2) - public SecurityFilterChain standardSecurityFilterChain(HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeHttpRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .formLogin(Customizer.withDefaults()); - // @formatter:on - - return http.build(); - } - - @Bean - public RegisteredClientRepository registeredClientRepository() { - // @formatter:off - RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString()) - .clientId("login-client") - .clientSecret("{noop}openid-connect") - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) - .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) - .redirectUri("http://127.0.0.1:8080/login/oauth2/code/login-client") - .redirectUri("http://127.0.0.1:8080/authorized") - .scope(OidcScopes.OPENID) - .scope(OidcScopes.PROFILE) - .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()) - .build(); - RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) - .clientId("messaging-client") - .clientSecret("{noop}secret") - .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) - .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) - .scope("message:read") - .scope("message:write") - .build(); - // @formatter:on - - return new InMemoryRegisteredClientRepository(loginClient, registeredClient); - } - - @Bean - public JWKSource jwkSource(KeyPair keyPair) { - RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); - RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); - // @formatter:off - RSAKey rsaKey = new RSAKey.Builder(publicKey) - .privateKey(privateKey) - .keyID(UUID.randomUUID().toString()) - .build(); - // @formatter:on - JWKSet jwkSet = new JWKSet(rsaKey); - return new ImmutableJWKSet<>(jwkSet); - } - - @Bean - public JwtDecoder jwtDecoder(KeyPair keyPair) { - return NimbusJwtDecoder.withPublicKey((RSAPublicKey) keyPair.getPublic()).build(); - } - - @Bean - public ProviderSettings providerSettings() { - return ProviderSettings.builder().issuer("http://localhost:9000").build(); - } - - @Bean - public UserDetailsService userDetailsService() { - // @formatter:off - UserDetails userDetails = User.withDefaultPasswordEncoder() - .username("user") - .password("password") - .roles("USER") - .build(); - // @formatter:on - - return new InMemoryUserDetailsManager(userDetails); - } - - @Bean - @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - KeyPair generateRsaKey() { - KeyPair keyPair; - try { - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - keyPairGenerator.initialize(2048); - keyPair = keyPairGenerator.generateKeyPair(); - } - catch (Exception ex) { - throw new IllegalStateException(ex); - } - return keyPair; - } - -} diff --git a/servlet/spring-boot/java/oauth2/authorization-server/src/main/resources/application.yml b/servlet/spring-boot/java/oauth2/authorization-server/src/main/resources/application.yml deleted file mode 100644 index e346b3d..0000000 --- a/servlet/spring-boot/java/oauth2/authorization-server/src/main/resources/application.yml +++ /dev/null @@ -1,2 +0,0 @@ -server: - port: 9000 \ No newline at end of file