This is an automated email from the ASF dual-hosted git repository. liubao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit 8b8c29c50301dff98a6e195760b6722e4a9f3f47 Author: liubao <[email protected]> AuthorDate: Sat Jun 22 10:57:17 2019 +0800 [SCB-1322]refactor code to allow authentication filters customization and adapt spring security Authentication architecture --- .../server/PasswordTokenGranter.java | 16 +++--- .../server/RefreshTokenTokenGranter.java | 13 ++--- .../authentication/server/TokenEndpoint.java | 2 +- ...nst.java => AuthenticationServerConstants.java} | 6 ++- .../authentication/token/TokenConfiguration.java | 16 +++--- .../servicecomb/authentication/jwt/JWTHeader.java | 1 + .../token/AbstractOpenIDTokenStore.java | 10 ++-- .../token/InMemoryOpenIDTokenStore.java | 3 ++ .../util/{Constants.java => CommonConstants.java} | 4 +- .../authentication/edge/AuthHandler.java | 20 +++---- .../authentication/edge/AuthenticationFilter.java | 12 ++--- .../authentication/edge/EdgeConfiguration.java | 6 +-- .../authentication/edge/TokenEndpoint.java | 4 +- .../resource/AccessConfiguration.java | 0 .../resource/AccessConfigurationManager.java | 0 ...eptionExceptionToProducerResponseConverter.java | 0 .../authentication/resource/AuthFilter.java} | 27 ++-------- .../authentication/resource/AuthFiltersBean.java} | 34 ++++++------ .../resource/AuthenticationAuthFilter.java} | 55 +++++++------------ .../ConfigBasedAuthoriaztionAuthFilter.java | 61 ++++++++++++++++++++++ .../resource/ResourceAuthHandler.java} | 28 ++++------ .../resource/SimpleAuthentication.java | 4 -- ....exception.ExceptionToProducerResponseConverter | 0 .../src/main/resources/config/cse.handler.xml | 0 .../AuthenticationConfiguration.java | 12 ++--- .../authentication/AuthenticationTestCase.java | 6 +-- .../gateway/AuthenticationConfiguration.java | 10 ++-- .../resource/AuthenticationConfiguration.java | 10 ++-- 28 files changed, 192 insertions(+), 168 deletions(-) diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java index 6f893cd..45c8ca2 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java @@ -21,7 +21,7 @@ import java.util.Map; import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore; import org.apache.servicecomb.authentication.token.OpenIDToken; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.core.userdetails.UserDetails; @@ -34,21 +34,21 @@ import com.netflix.config.DynamicPropertyFactory; @Component public class PasswordTokenGranter implements TokenGranter { @Autowired - @Qualifier(Constants.BEAN_AUTH_USER_DETAILS_SERVICE) + @Qualifier(CommonConstants.BEAN_AUTH_USER_DETAILS_SERVICE) private UserDetailsService userDetailsService; @Autowired - @Qualifier(Constants.BEAN_AUTH_PASSWORD_ENCODER) + @Qualifier(CommonConstants.BEAN_AUTH_PASSWORD_ENCODER) private PasswordEncoder passwordEncoder; @Autowired - @Qualifier(Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) + @Qualifier(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) private AbstractOpenIDTokenStore openIDTokenStore; @Override public TokenResponse grant(Map<String, String> parameters) { - String username = parameters.get(TokenConst.PARAM_USERNAME); - String password = parameters.get(TokenConst.PARAM_PASSWORD); + String username = parameters.get(AuthenticationServerConstants.PARAM_USERNAME); + String password = parameters.get(AuthenticationServerConstants.PARAM_PASSWORD); UserDetails userDetails = userDetailsService.loadUserByUsername(username); if (passwordEncoder.matches(password, userDetails.getPassword())) { @@ -62,13 +62,13 @@ public class PasswordTokenGranter implements TokenGranter { @Override public String grantType() { - return TokenConst.GRANT_TYPE_PASSWORD; + return AuthenticationServerConstants.GRANT_TYPE_PASSWORD; } @Override public boolean enabled() { return DynamicPropertyFactory.getInstance() - .getBooleanProperty(Constants.CONFIG_GRANTER_PASSWORD_ENABLED, true) + .getBooleanProperty(AuthenticationServerConstants.CONFIG_GRANTER_PASSWORD_ENABLED, true) .get(); } diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java index 4b0f93f..77a9f98 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java @@ -22,7 +22,7 @@ import java.util.Map; import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore; import org.apache.servicecomb.authentication.token.OpenIDToken; import org.apache.servicecomb.authentication.token.Token; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.core.userdetails.UserDetails; @@ -34,34 +34,35 @@ import com.netflix.config.DynamicPropertyFactory; @Component public class RefreshTokenTokenGranter implements TokenGranter { @Autowired - @Qualifier(Constants.BEAN_AUTH_USER_DETAILS_SERVICE) + @Qualifier(CommonConstants.BEAN_AUTH_USER_DETAILS_SERVICE) private UserDetailsService userDetailsService; @Autowired - @Qualifier(Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) + @Qualifier(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) private AbstractOpenIDTokenStore openIDTokenStore; @Override public boolean enabled() { return DynamicPropertyFactory.getInstance() - .getBooleanProperty("servicecomb.authentication.granter.refreshToken.enabled", true) + .getBooleanProperty(AuthenticationServerConstants.CONFIG_GRANTER_REFRESH_TOKEN_ENABLED, true) .get(); } @Override public String grantType() { - return TokenConst.GRANT_TYPE_REFRESH_TOKEN; + return AuthenticationServerConstants.GRANT_TYPE_REFRESH_TOKEN; } @Override public TokenResponse grant(Map<String, String> parameters) { - String refreshTokenValue = parameters.get(TokenConst.PARAM_REFRESH_TOKEN); + String refreshTokenValue = parameters.get(AuthenticationServerConstants.PARAM_REFRESH_TOKEN); Token refreshToken = openIDTokenStore.readTokenByRefreshTokenValue(refreshTokenValue); if (refreshToken != null && !refreshToken.isExpired()) { UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.username()); OpenIDToken openIDToken = openIDTokenStore.createToken(userDetails); + openIDTokenStore.saveToken(openIDToken); return TokenResponse.fromOpenIDToken(openIDToken); } return null; diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java index fa2ca32..fb849c1 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java @@ -37,7 +37,7 @@ public class TokenEndpoint implements TokenService { @Override @PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED) public TokenResponse getToken(@RequestBody Map<String, String> parameters) { - String grantType = parameters.get(TokenConst.PARAM_GRANT_TYPE); + String grantType = parameters.get(AuthenticationServerConstants.PARAM_GRANT_TYPE); for (TokenGranter granter : granters) { if (granter.enabled()) { diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/AuthenticationServerConstants.java similarity index 81% rename from api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java rename to api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/AuthenticationServerConstants.java index 915a515..193e6d8 100644 --- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java +++ b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/AuthenticationServerConstants.java @@ -17,7 +17,7 @@ package org.apache.servicecomb.authentication.server; -public class TokenConst { +public class AuthenticationServerConstants { public static final String PARAM_GRANT_TYPE = "grant_type"; public static final String PARAM_USERNAME = "username"; @@ -31,4 +31,8 @@ public class TokenConst { public static final String GRANT_TYPE_PASSWORD = "password"; public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token"; + + public static final String CONFIG_GRANTER_PASSWORD_ENABLED = "servicecomb.authentication.granter.password.enabled"; + + public static final String CONFIG_GRANTER_REFRESH_TOKEN_ENABLED = "servicecomb.authentication.granter.refreshToken.enabled"; } diff --git a/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java b/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java index 94b1e21..8fd7375 100644 --- a/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java +++ b/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java @@ -17,7 +17,7 @@ package org.apache.servicecomb.authentication.token; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; @@ -28,17 +28,17 @@ import org.springframework.security.jwt.crypto.sign.SignerVerifier; @Configuration public class TokenConfiguration { - @Bean(name = {Constants.BEAN_AUTH_ACCESS_TOKEN_STORE, - Constants.BEAN_AUTH_REFRESH_TOKEN_STORE}) - @Order(Constants.BEAN_DEFAULT_ORDER) + @Bean(name = {CommonConstants.BEAN_AUTH_ACCESS_TOKEN_STORE, + CommonConstants.BEAN_AUTH_REFRESH_TOKEN_STORE}) + @Order(CommonConstants.BEAN_DEFAULT_ORDER) public SessionTokenStore sessionTokenStore() { return new SessionTokenStore(); } - @Bean(name = {Constants.BEAN_AUTH_ID_TOKEN_STORE}) - @Order(Constants.BEAN_DEFAULT_ORDER) - public JWTTokenStore jwtTokenStore(@Autowired @Qualifier(Constants.BEAN_AUTH_SIGNER) Signer signer, - @Autowired @Qualifier(Constants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) { + @Bean(name = {CommonConstants.BEAN_AUTH_ID_TOKEN_STORE}) + @Order(CommonConstants.BEAN_DEFAULT_ORDER) + public JWTTokenStore jwtTokenStore(@Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNER) Signer signer, + @Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) { return new JWTTokenStoreImpl(signer, signerVerifier); } } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java index 2cc797c..615d968 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java @@ -18,6 +18,7 @@ package org.apache.servicecomb.authentication.jwt; public class JWTHeader { + //see: https://tools.ietf.org/html/rfc7519 private String typ; private String alg; diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java index 9bc43cf..52eaa74 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java @@ -17,22 +17,22 @@ package org.apache.servicecomb.authentication.token; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.core.userdetails.UserDetails; public abstract class AbstractOpenIDTokenStore implements OpenIDTokenStore { @Autowired - @Qualifier(Constants.BEAN_AUTH_ACCESS_TOKEN_STORE) + @Qualifier(CommonConstants.BEAN_AUTH_ACCESS_TOKEN_STORE) private TokenStore<SessionToken> accessTokenStore; @Autowired - @Qualifier(Constants.BEAN_AUTH_REFRESH_TOKEN_STORE) + @Qualifier(CommonConstants.BEAN_AUTH_REFRESH_TOKEN_STORE) private TokenStore<SessionToken> refreshTokenStore; @Autowired - @Qualifier(Constants.BEAN_AUTH_ID_TOKEN_STORE) + @Qualifier(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE) private JWTTokenStore idTokenStore; @Override @@ -43,7 +43,7 @@ public abstract class AbstractOpenIDTokenStore implements OpenIDTokenStore { @Override public OpenIDToken createToken(UserDetails userDetails) { OpenIDToken token = new OpenIDToken(); - token.setTokenType(Constants.TOKEN_TYPE_BEARER); + token.setTokenType(CommonConstants.TOKEN_TYPE_BEARER); token.setAccessToken(accessTokenStore.createToken(userDetails)); token.setRefreshToken(refreshTokenStore.createToken(userDetails)); token.setIdToken(idTokenStore.createToken(userDetails)); diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java index 522e475..1a09f58 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java @@ -20,6 +20,9 @@ package org.apache.servicecomb.authentication.token; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +/** + * In memory store, only used for testing or samples only. DO NOT use it in product. + */ public class InMemoryOpenIDTokenStore extends AbstractOpenIDTokenStore { private static final Map<String, OpenIDToken> TOKENS = new ConcurrentHashMap<>(); diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/Constants.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java similarity index 93% rename from api/common/service/src/main/java/org/apache/servicecomb/authentication/util/Constants.java rename to api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java index 43c85b5..74e8fe6 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/Constants.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java @@ -17,7 +17,7 @@ package org.apache.servicecomb.authentication.util; -public final class Constants { +public final class CommonConstants { public static final String HTTP_HEADER_AUTHORIZATION = "Authorization"; public static final String CONTEXT_HEADER_AUTHORIZATION = "Authorization"; @@ -52,5 +52,5 @@ public final class Constants { public static final String BEAN_AUTH_USER_DETAILS_SERVICE = "authUserDetailsService"; - public static final String CONFIG_GRANTER_PASSWORD_ENABLED = "servicecomb.authentication.granter.password.enabled"; + public static final String BEAN_AUTH_AUTH_FILTER = "authAuthFilter"; } diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java index 850b733..1d1c165 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java @@ -21,7 +21,7 @@ import org.apache.servicecomb.authentication.token.JWTToken; import org.apache.servicecomb.authentication.token.JWTTokenStore; import org.apache.servicecomb.authentication.token.OpenIDToken; import org.apache.servicecomb.authentication.token.OpenIDTokenStore; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.apache.servicecomb.core.Handler; import org.apache.servicecomb.core.Invocation; import org.apache.servicecomb.foundation.common.utils.BeanUtils; @@ -31,15 +31,15 @@ import org.apache.servicecomb.swagger.invocation.exception.InvocationException; public class AuthHandler implements Handler { @Override public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception { - String token = invocation.getContext(Constants.CONTEXT_HEADER_AUTHORIZATION); - String tokenType = invocation.getContext(Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE); + String token = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION); + String tokenType = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE); if (token == null) { asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); return; } - if (Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) { - JWTTokenStore jwtTokenStore = BeanUtils.getBean(Constants.BEAN_AUTH_ID_TOKEN_STORE); + if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) { + JWTTokenStore jwtTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE); JWTToken jwtToken = jwtTokenStore.createTokenByValue(token); if (jwtToken == null || jwtToken.isExpired()) { asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); @@ -47,11 +47,11 @@ public class AuthHandler implements Handler { } // send id_token to services to apply state less validation - invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue()); + invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue()); invocation.next(asyncResponse); - } else if (Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) { - OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE); - + } else if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) { + // TODO: session based are not fully tested now, just code snippet + OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE); OpenIDToken tokenResonse = openIDTokenStore.readTokenByValue(token); if (tokenResonse == null || tokenResonse.isExpired()) { @@ -60,7 +60,7 @@ public class AuthHandler implements Handler { } // send id_token to services to apply state less validation - invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION, tokenResonse.getIdToken().getValue()); + invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokenResonse.getIdToken().getValue()); invocation.next(asyncResponse); } else { asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java index 6b5b8d7..8a31649 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java @@ -17,7 +17,7 @@ package org.apache.servicecomb.authentication.edge; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.apache.servicecomb.common.rest.filter.HttpServerFilter; import org.apache.servicecomb.core.Invocation; import org.apache.servicecomb.foundation.vertx.http.HttpServletRequestEx; @@ -34,14 +34,14 @@ public class AuthenticationFilter implements HttpServerFilter { public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) { // Now support bearer id tokens authentication // TODO : add support for Cookies session tokens. - String authentication = requestEx.getHeader(Constants.HTTP_HEADER_AUTHORIZATION); + String authentication = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION); if (authentication != null) { String[] tokens = authentication.split(" "); if (tokens.length == 2) { - if (tokens[0].equals(Constants.TOKEN_TYPE_BEARER)) { - invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]); - invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE, - Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN); + if (tokens[0].equals(CommonConstants.TOKEN_TYPE_BEARER)) { + invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]); + invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE, + CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN); } } } diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java index 502dc7e..4142c4f 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java @@ -17,15 +17,15 @@ package org.apache.servicecomb.authentication.edge; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; @Configuration public class EdgeConfiguration { - @Bean(name = {Constants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR}) - @Order(Constants.BEAN_DEFAULT_ORDER) + @Bean(name = {CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR}) + @Order(CommonConstants.BEAN_DEFAULT_ORDER) public EdgeTokenResponseProcessor edgeTokenResponseProcessor() { return new DumyEdgeTokenResponseProcessor(); } diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java index 87f7696..8718a0c 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java @@ -21,7 +21,7 @@ import java.util.Map; import java.util.concurrent.CompletableFuture; import org.apache.servicecomb.authentication.server.TokenResponse; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.apache.servicecomb.provider.pojo.RpcReference; import org.apache.servicecomb.provider.rest.common.RestSchema; import org.springframework.beans.factory.annotation.Autowired; @@ -39,7 +39,7 @@ public class TokenEndpoint implements TokenService { private AuthenticationServerTokenEndpoint authenticationSererTokenEndpoint; @Autowired - @Qualifier(Constants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR) + @Qualifier(CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR) private EdgeTokenResponseProcessor edgeTokenResponseProcessor; @Override diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java similarity index 100% copy from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java copy to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java similarity index 100% rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java similarity index 100% rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFilter.java similarity index 70% copy from api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java copy to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFilter.java index 2cc797c..22b2436 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java +++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFilter.java @@ -15,28 +15,11 @@ * limitations under the License. */ -package org.apache.servicecomb.authentication.jwt; - -public class JWTHeader { - private String typ; - - private String alg; - - public String getTyp() { - return typ; - } - - public void setTyp(String typ) { - this.typ = typ; - } - - public String getAlg() { - return alg; - } - - public void setAlg(String alg) { - this.alg = alg; - } +package org.apache.servicecomb.authentication.resource; +import org.apache.servicecomb.core.Invocation; +import org.apache.servicecomb.swagger.invocation.exception.InvocationException; +public interface AuthFilter { + void doFilter(Invocation invocation) throws InvocationException; } diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFiltersBean.java similarity index 61% rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFiltersBean.java index 8167612..6e01029 100644 --- a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java +++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFiltersBean.java @@ -17,21 +17,25 @@ package org.apache.servicecomb.authentication.resource; -import org.apache.servicecomb.config.inject.InjectProperties; -import org.apache.servicecomb.config.inject.InjectProperty; +import java.util.List; -@InjectProperties(prefix = "servicecomb.authencation.access") -public class AccessConfiguration { - @InjectProperty(keys = { - "needAuth.${schemaId}.${operationId}", - "needAuth.${schemaId}", - "needAuth"}, - defaultValue = "true") - public boolean needAuth; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; - @InjectProperty(keys = { - "roles.${schemaId}.${operationId}", - "roles.${schemaId}", - "roles"}) - public String roles; +@Component +public class AuthFiltersBean implements InitializingBean { + @Autowired + private List<AuthFilter> authFilters; + + private static List<AuthFilter> FILTERS; + + public static List<AuthFilter> getAuthFilters() { + return FILTERS; + } + + @Override + public void afterPropertiesSet() throws Exception { + FILTERS = authFilters; + } } diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationAuthFilter.java similarity index 62% rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationAuthFilter.java index 73f0b1a..468f881 100644 --- a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java +++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationAuthFilter.java @@ -20,76 +20,57 @@ package org.apache.servicecomb.authentication.resource; import java.util.HashSet; import java.util.Set; -import org.apache.commons.lang3.StringUtils; import org.apache.servicecomb.authentication.token.JWTToken; import org.apache.servicecomb.authentication.token.JWTTokenStore; -import org.apache.servicecomb.authentication.util.Constants; -import org.apache.servicecomb.core.Handler; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.apache.servicecomb.core.Invocation; import org.apache.servicecomb.foundation.common.utils.BeanUtils; -import org.apache.servicecomb.swagger.invocation.AsyncResponse; import org.apache.servicecomb.swagger.invocation.exception.InvocationException; +import org.springframework.core.annotation.Order; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextImpl; +import org.springframework.stereotype.Component; -public class ResourceAuthHandler implements Handler { +@Component +@Order(0) +public class AuthenticationAuthFilter implements AuthFilter { @Override - public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception { + public void doFilter(Invocation invocation) throws InvocationException { AccessConfiguration config = AccessConfigurationManager.getAccessConfiguration(invocation); // by pass authentication if (!config.needAuth) { - invocation.next(asyncResponse); + // TODO : shall we do authorization without authenticated? + createSecurityContext(new HashSet<>()); return; } - String idTokenValue = invocation.getContext(Constants.CONTEXT_HEADER_AUTHORIZATION); + String idTokenValue = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION); if (idTokenValue == null) { - asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); - return; + throw new InvocationException(403, "forbidden", "not authenticated"); } + // verify tokens - JWTTokenStore store = BeanUtils.getBean(Constants.BEAN_AUTH_ID_TOKEN_STORE); + JWTTokenStore store = BeanUtils.getBean(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE); JWTToken idToken = store.createTokenByValue(idTokenValue); if (idToken == null) { - asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); - return; - } - - // check roles - if (!StringUtils.isEmpty(config.roles)) { - String[] roles = config.roles.split(","); - if (roles.length > 0) { - boolean valid = false; - Set<String> authorities = idToken.getClaims().getAuthorities(); - for (String role : roles) { - if (authorities.contains(role)) { - valid = true; - break; - } - } - if (!valid) { - asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); - return; - } - } + throw new InvocationException(403, "forbidden", "not authenticated"); } - // pre method authentiation Set<GrantedAuthority> grantedAuthorities = new HashSet<>(idToken.getClaims().getAuthorities().size()); idToken.getClaims().getAuthorities().forEach(v -> grantedAuthorities.add(new SimpleGrantedAuthority(v))); + createSecurityContext(grantedAuthorities); + } + + private void createSecurityContext(Set<GrantedAuthority> grantedAuthorities) { SecurityContext sc = new SecurityContextImpl(); Authentication authentication = new SimpleAuthentication(true, grantedAuthorities); sc.setAuthentication(authentication); SecurityContextHolder.setContext(sc); - - // next - invocation.next(asyncResponse); } - } diff --git a/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ConfigBasedAuthoriaztionAuthFilter.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ConfigBasedAuthoriaztionAuthFilter.java new file mode 100644 index 0000000..e9a6086 --- /dev/null +++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ConfigBasedAuthoriaztionAuthFilter.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.authentication.resource; + +import java.util.Collection; +import java.util.HashSet; + +import org.apache.commons.lang3.StringUtils; +import org.apache.servicecomb.core.Invocation; +import org.apache.servicecomb.swagger.invocation.exception.InvocationException; +import org.springframework.core.annotation.Order; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; + +@Component +@Order(100) +public class ConfigBasedAuthoriaztionAuthFilter implements AuthFilter { + + @Override + public void doFilter(Invocation invocation) throws InvocationException { + AccessConfiguration config = AccessConfigurationManager.getAccessConfiguration(invocation); + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + // check roles + if (!StringUtils.isEmpty(config.roles)) { + String[] roles = config.roles.split(","); + if (roles.length > 0) { + boolean valid = false; + Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); + Collection<String> authoritiesNames = new HashSet<String>(); + authorities.forEach(a -> authoritiesNames.add(a.getAuthority())); + for (String role : roles) { + if (authoritiesNames.contains(role)) { + valid = true; + break; + } + } + if (!valid) { + throw new InvocationException(403, "forbidden", "not authenticated"); + } + } + } + } + +} diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java similarity index 62% copy from api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java copy to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java index 2cc797c..c47ae33 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java +++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java @@ -15,28 +15,18 @@ * limitations under the License. */ -package org.apache.servicecomb.authentication.jwt; +package org.apache.servicecomb.authentication.resource; -public class JWTHeader { - private String typ; +import org.apache.servicecomb.core.Handler; +import org.apache.servicecomb.core.Invocation; +import org.apache.servicecomb.swagger.invocation.AsyncResponse; - private String alg; +public class ResourceAuthHandler implements Handler { - public String getTyp() { - return typ; + @Override + public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception { + AuthFiltersBean.getAuthFilters().forEach(authFilter -> authFilter.doFilter(invocation)); + invocation.next(asyncResponse); } - public void setTyp(String typ) { - this.typ = typ; - } - - public String getAlg() { - return alg; - } - - public void setAlg(String alg) { - this.alg = alg; - } - - } diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java similarity index 99% rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java index a23404c..d1d192a 100644 --- a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java +++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java @@ -23,10 +23,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; public class SimpleAuthentication implements Authentication { - - /** - * - */ private static final long serialVersionUID = 6077733273349249822L; private boolean authenticated; diff --git a/api/resource-server/service/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter b/api/resource-server/endpoint/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter similarity index 100% rename from api/resource-server/service/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter rename to api/resource-server/endpoint/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter diff --git a/api/resource-server/service/src/main/resources/config/cse.handler.xml b/api/resource-server/endpoint/src/main/resources/config/cse.handler.xml similarity index 100% rename from api/resource-server/service/src/main/resources/config/cse.handler.xml rename to api/resource-server/endpoint/src/main/resources/config/cse.handler.xml diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java index 49639ff..169f28b 100644 --- a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java +++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java @@ -21,7 +21,7 @@ import java.util.Arrays; import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore; import org.apache.servicecomb.authentication.token.InMemoryOpenIDTokenStore; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; @@ -38,27 +38,27 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager; @Configuration public class AuthenticationConfiguration { - @Bean(name = Constants.BEAN_AUTH_PASSWORD_ENCODER) + @Bean(name = CommonConstants.BEAN_AUTH_PASSWORD_ENCODER) public PasswordEncoder authPasswordEncoder() { return new Pbkdf2PasswordEncoder(); } - @Bean(name = {Constants.BEAN_AUTH_SIGNER, Constants.BEAN_AUTH_SIGNATURE_VERIFIER}) + @Bean(name = {CommonConstants.BEAN_AUTH_SIGNER, CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER}) public SignerVerifier authSignerVerifier() { // If using RSA, need to configure authSigner and authSignatureVerifier separately. // If using MacSigner, need to protect the shared key by properly encryption. return new MacSigner("Please change this key."); } - @Bean(name = Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) + @Bean(name = CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) public AbstractOpenIDTokenStore openIDTokenStore() { // TODO: Use in memory store for testing. Need to implement JDBC or Redis SessionIDTokenStore in product. return new InMemoryOpenIDTokenStore(); } - @Bean(name = Constants.BEAN_AUTH_USER_DETAILS_SERVICE) + @Bean(name = CommonConstants.BEAN_AUTH_USER_DETAILS_SERVICE) public UserDetailsService authUserDetailsService( - @Autowired @Qualifier(Constants.BEAN_AUTH_PASSWORD_ENCODER) PasswordEncoder passwordEncoder) { + @Autowired @Qualifier(CommonConstants.BEAN_AUTH_PASSWORD_ENCODER) PasswordEncoder passwordEncoder) { // TODO: Use in memory UserDetails, need to implement JDBC or others in product InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); UserDetails uAdmin = new User("admin", passwordEncoder.encode("changeMyPassword"), diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java index eb13bf1..0b7601f 100644 --- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java +++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java @@ -18,7 +18,7 @@ package org.apache.servicecomb.authentication; import org.apache.servicecomb.authentication.server.TokenResponse; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -53,7 +53,7 @@ public class AuthenticationTestCase implements TestCase { BootEventListener.edgeServiceTokenEndpoint.postForObject("/", new HttpEntity<>(map, headers), TokenResponse.class); - TestMgr.check(Constants.TOKEN_TYPE_BEARER, token.getToken_type()); + TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type()); TestMgr.check(true, token.getId_token().length() > 10); return token.getId_token(); } @@ -71,7 +71,7 @@ public class AuthenticationTestCase implements TestCase { BootEventListener.edgeServiceTokenEndpoint.postForObject("/", new HttpEntity<>(map, headers), TokenResponse.class); - TestMgr.check(Constants.TOKEN_TYPE_BEARER, token.getToken_type()); + TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type()); TestMgr.check(true, token.getAccess_token().length() > 10); // refresh token diff --git a/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java b/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java index 62ab060..bd0b588 100644 --- a/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java +++ b/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java @@ -19,7 +19,7 @@ package org.apache.servicecomb.authentication.gateway; import org.apache.servicecomb.authentication.token.JWTTokenStore; import org.apache.servicecomb.authentication.token.JWTTokenStoreImpl; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; @@ -30,16 +30,16 @@ import org.springframework.security.jwt.crypto.sign.SignerVerifier; @Configuration public class AuthenticationConfiguration { - @Bean(name = {Constants.BEAN_AUTH_SIGNER, Constants.BEAN_AUTH_SIGNATURE_VERIFIER}) + @Bean(name = {CommonConstants.BEAN_AUTH_SIGNER, CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER}) public SignerVerifier authSignerVerifier() { // If using RSA, need to configure authSigner and authSignatureVerifier separately. // If using MacSigner, need to protect the shared key by properly encryption. return new MacSigner("Please change this key."); } - @Bean(name = Constants.BEAN_AUTH_ID_TOKEN_STORE) - public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(Constants.BEAN_AUTH_SIGNER) Signer signer, - @Autowired @Qualifier(Constants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) { + @Bean(name = CommonConstants.BEAN_AUTH_ID_TOKEN_STORE) + public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNER) Signer signer, + @Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) { return new JWTTokenStoreImpl(signer, signerVerifier); } diff --git a/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java b/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java index b1dcb00..77d857e 100644 --- a/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java +++ b/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java @@ -19,7 +19,7 @@ package org.apache.servicecomb.authentication.resource; import org.apache.servicecomb.authentication.token.JWTTokenStore; import org.apache.servicecomb.authentication.token.JWTTokenStoreImpl; -import org.apache.servicecomb.authentication.util.Constants; +import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; @@ -30,16 +30,16 @@ import org.springframework.security.jwt.crypto.sign.SignerVerifier; @Configuration public class AuthenticationConfiguration { - @Bean(name = {Constants.BEAN_AUTH_SIGNER, Constants.BEAN_AUTH_SIGNATURE_VERIFIER}) + @Bean(name = {CommonConstants.BEAN_AUTH_SIGNER, CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER}) public SignerVerifier authSignerVerifier() { // If using RSA, need to configure authSigner and authSignatureVerifier separately. // If using MacSigner, need to protect the shared key by properly encryption. return new MacSigner("Please change this key."); } - @Bean(name = Constants.BEAN_AUTH_ID_TOKEN_STORE) - public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(Constants.BEAN_AUTH_SIGNER) Signer signer, - @Autowired @Qualifier(Constants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) { + @Bean(name = CommonConstants.BEAN_AUTH_ID_TOKEN_STORE) + public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNER) Signer signer, + @Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) { return new JWTTokenStoreImpl(signer, signerVerifier); }
