This is an automated email from the ASF dual-hosted git repository. liubao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit 2f68b2e415485434c56e9b2249828d63e2b248c4 Author: liubao <[email protected]> AuthorDate: Wed Jul 10 09:45:51 2019 +0800 [SCB-1365]add database implementations for OpenIDStore --- .../authentication/server/GithubTokenGranter.java | 4 +- .../server/PasswordTokenGranter.java | 4 +- .../server/RefreshTokenTokenGranter.java | 6 +- .../server/ThirdPartyTokenGranter.java | 5 +- .../authentication/server/TokenEndpoint.java | 5 +- .../authentication/server/TokenGranter.java | 6 +- .../authentication/server/TokenService.java | 4 +- .../token/InMemoryOpenIDTokenStore.java | 5 -- .../servicecomb/authentication/token/JWTToken.java | 74 ++++++++++++++++++- .../authentication/token/JWTTokenImpl.java | 85 ---------------------- .../authentication/token/JWTTokenStoreImpl.java | 4 +- .../authentication/token/OpenIDToken.java | 19 ++++- .../authentication/token/OpenIDTokenStore.java | 2 - .../authentication/token/SessionToken.java | 70 +++++++++++++++++- .../authentication/token/SessionTokenImpl.java | 79 -------------------- .../authentication/token/SessionTokenStore.java | 2 +- .../servicecomb/authentication/token/Token.java | 10 ++- .../edge/AuthenticationServerTokenEndpoint.java | 4 +- .../edge/DumyEdgeTokenResponseProcessor.java | 30 -------- .../authentication/edge/EdgeConfiguration.java | 9 +-- .../edge/EdgeTokenResponseProcessor.java | 24 ------ .../authentication/edge/TokenEndpoint.java | 14 +--- .../authentication/edge}/TokenResponse.java | 2 +- .../authentication/edge/TokenService.java | 2 - .../AuthenticationConfiguration.java | 8 -- .../authentication/JDBCOpenIDTokenStore.java | 58 +++++++++++++++ .../authentication/user/TokenMapper.java | 17 +++-- .../META-INF/spring/authentication.server.bean.xml | 6 +- .../src/main/resources/config/TokenMapper.xml | 35 +++++++++ .../src/main/resources/config/mybatis-config.xml | 7 +- .../src/main/resources/sql/user.sql | 1 - samples/Client/pom.xml | 4 +- .../authentication/AuthenticationTestCase.java | 2 +- .../authentication/TokenExpireTestCase.java | 2 +- 34 files changed, 310 insertions(+), 299 deletions(-) diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java index 2840840..d8ed4ac 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java @@ -73,7 +73,7 @@ public class GithubTokenGranter implements ThirdPartyTokenGranter { } @Override - public TokenResponse grant(String code, String state, String login) { + public OpenIDToken grant(String code, String state, String login) { GithubAccessTokenResponse response = null; try { HttpHeaders headers = new HttpHeaders(); @@ -107,7 +107,7 @@ public class GithubTokenGranter implements ThirdPartyTokenGranter { response); openIDTokenStore.saveToken(openIDToken); - return TokenResponse.fromOpenIDToken(openIDToken); + return openIDToken; } catch (UsernameNotFoundException e) { return null; } diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java index bb32d48..5740bc0 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java @@ -48,7 +48,7 @@ public class PasswordTokenGranter implements TokenGranter { private AbstractOpenIDTokenStore openIDTokenStore; @Override - public TokenResponse grant(Map<String, String> parameters) { + public OpenIDToken grant(Map<String, String> parameters) { String username = parameters.get(AuthenticationServerConstants.PARAM_USERNAME); String password = parameters.get(AuthenticationServerConstants.PARAM_PASSWORD); @@ -61,7 +61,7 @@ public class PasswordTokenGranter implements TokenGranter { if (passwordEncoder.matches(password, userDetails.getPassword())) { OpenIDToken openIDToken = openIDTokenStore.createToken(userDetails); openIDTokenStore.saveToken(openIDToken); - return TokenResponse.fromOpenIDToken(openIDToken); + return openIDToken; } else { return null; } diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java index a18bd2d..9204dc3 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java @@ -55,7 +55,7 @@ public class RefreshTokenTokenGranter implements TokenGranter { } @Override - public TokenResponse grant(Map<String, String> parameters) { + public OpenIDToken grant(Map<String, String> parameters) { String refreshTokenValue = parameters.get(AuthenticationServerConstants.PARAM_REFRESH_TOKEN); if (StringUtils.isEmpty(refreshTokenValue)) { @@ -65,10 +65,10 @@ public class RefreshTokenTokenGranter implements TokenGranter { Token refreshToken = openIDTokenStore.readTokenByRefreshTokenValue(refreshTokenValue); if (refreshToken != null && !refreshToken.isExpired()) { - UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.username()); + UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.getUsername()); OpenIDToken openIDToken = openIDTokenStore.createToken(userDetails); openIDTokenStore.saveToken(openIDToken); - return TokenResponse.fromOpenIDToken(openIDToken); + return openIDToken; } return null; } diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java index 1ef4fc8..788d31b 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java @@ -20,6 +20,7 @@ package org.apache.servicecomb.authentication.server; import java.util.Map; import org.apache.commons.lang3.StringUtils; +import org.apache.servicecomb.authentication.token.OpenIDToken; public interface ThirdPartyTokenGranter extends TokenGranter { @@ -29,7 +30,7 @@ public interface ThirdPartyTokenGranter extends TokenGranter { } @Override - default TokenResponse grant(Map<String, String> parameters) { + default OpenIDToken grant(Map<String, String> parameters) { String provider = parameters.get(AuthenticationServerConstants.PARAM_PROVIDER); String code = parameters.get(AuthenticationServerConstants.PARAM_CODE); String state = parameters.get(AuthenticationServerConstants.PARAM_STATE); @@ -49,7 +50,7 @@ public interface ThirdPartyTokenGranter extends TokenGranter { String name(); - TokenResponse grant(String code, String state, String login); + OpenIDToken grant(String code, String state, String login); /** * In authorization code mode, need to get authentication provider information first. diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java index fb849c1..bd7f8d8 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java @@ -22,6 +22,7 @@ import java.util.Map; import javax.ws.rs.core.MediaType; +import org.apache.servicecomb.authentication.token.OpenIDToken; import org.apache.servicecomb.provider.rest.common.RestSchema; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; @@ -36,12 +37,12 @@ public class TokenEndpoint implements TokenService { @Override @PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED) - public TokenResponse getToken(@RequestBody Map<String, String> parameters) { + public OpenIDToken getToken(@RequestBody Map<String, String> parameters) { String grantType = parameters.get(AuthenticationServerConstants.PARAM_GRANT_TYPE); for (TokenGranter granter : granters) { if (granter.enabled()) { - TokenResponse token = granter.grant(grantType, parameters); + OpenIDToken token = granter.grant(grantType, parameters); if (token != null) { return token; } diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java index e5f600b..701958c 100644 --- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java +++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java @@ -19,6 +19,8 @@ package org.apache.servicecomb.authentication.server; import java.util.Map; +import org.apache.servicecomb.authentication.token.OpenIDToken; + /** * Token granter is used to grant access tokens. * @author Administrator @@ -29,12 +31,12 @@ public interface TokenGranter { String grantType(); - default TokenResponse grant(String grantType, Map<String, String> parameters) { + default OpenIDToken grant(String grantType, Map<String, String> parameters) { if (grantType().equals(grantType)) { return grant(parameters); } return null; } - TokenResponse grant(Map<String, String> parameters); + OpenIDToken grant(Map<String, String> parameters); } diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java index 8dbd197..140ef61 100644 --- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java +++ b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java @@ -19,6 +19,8 @@ package org.apache.servicecomb.authentication.server; import java.util.Map; +import org.apache.servicecomb.authentication.token.OpenIDToken; + public interface TokenService { - TokenResponse getToken(Map<String, String> parameters); + OpenIDToken getToken(Map<String, String> parameters); } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java index 1a09f58..341f8fd 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java @@ -41,11 +41,6 @@ public class InMemoryOpenIDTokenStore extends AbstractOpenIDTokenStore { } @Override - public OpenIDToken readTokenByIDTokenValue(String idTokenValue) { - return TOKENS_BY_ID_TOKEN_VALUE.get(idTokenValue); - } - - @Override public void saveToken(OpenIDToken token) { TOKENS.put(token.getValue(), token); TOKENS_BY_REFRESH_TOKEN_VALUE.put(token.getRefreshToken().getValue(), token); diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java index a4c6750..2ab1183 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java @@ -17,8 +17,78 @@ package org.apache.servicecomb.authentication.token; +import java.util.Map; + import org.apache.servicecomb.authentication.jwt.JWTClaims; +import org.apache.servicecomb.authentication.jwt.JsonParser; +import org.springframework.security.jwt.Jwt; +import org.springframework.security.jwt.JwtHelper; +import org.springframework.security.jwt.crypto.sign.Signer; + +import com.fasterxml.jackson.annotation.JsonIgnore; + + +public class JWTToken implements Token { + /** + * + */ + private static final long serialVersionUID = 8234764050908891544L; + + private JWTClaims claims; + + private String value; + + public JWTToken() { + + } + + public JWTToken(JWTClaims claims, Signer signer) { + this.claims = claims; + String content = JsonParser.unparse(claims); + Jwt jwtToken = JwtHelper.encode(content, signer); + this.value = jwtToken.getEncoded(); + } + + @Override + @JsonIgnore + public long getIssueAt() { + return this.claims.getIat(); + } + + @Override + @JsonIgnore + public long getExpiresIn() { + return this.claims.getExp(); + } + + @Override + @JsonIgnore + public long getNotBefore() { + return this.claims.getNbf(); + } + + @Override + public String getValue() { + return this.value; + } + + @Override + public Map<String, Object> getAdditionalInformation() { + return this.claims.getAdditionalInformation(); + } + + @Override + @JsonIgnore + public String getUsername() { + return this.claims.getSub(); + } + + public JWTClaims getClaims() { + return this.claims; + } -public interface JWTToken extends Token { - public JWTClaims getClaims(); + @Override + public void addAdditionalInformation(String key, Object value) { + this.claims.addAdditionalInformation(key, value); + } } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java deleted file mode 100644 index 1c8c133..0000000 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.servicecomb.authentication.token; - -import java.util.Map; - -import org.apache.servicecomb.authentication.jwt.JWTClaims; -import org.apache.servicecomb.authentication.jwt.JsonParser; -import org.springframework.security.jwt.Jwt; -import org.springframework.security.jwt.JwtHelper; -import org.springframework.security.jwt.crypto.sign.Signer; - -public class JWTTokenImpl implements JWTToken { - private JWTClaims claims; - - private boolean valueCalculated = false; - - private String value; - - private Signer signer; - - public JWTTokenImpl(JWTClaims claims, Signer signer) { - this.claims = claims; - this.signer = signer; - } - - @Override - public long getIssueAt() { - return this.claims.getIat(); - } - - @Override - public long getExpiresIn() { - return this.claims.getExp(); - } - - @Override - public long getNotBefore() { - return this.claims.getNbf(); - } - - @Override - public String getValue() { - if (!this.valueCalculated) { - String content = JsonParser.unparse(claims); - Jwt jwtToken = JwtHelper.encode(content, signer); - this.value = jwtToken.getEncoded(); - } - return this.value; - } - - @Override - public Map<String, Object> getAdditionalInformation() { - return this.claims.getAdditionalInformation(); - } - - @Override - public String username() { - return this.claims.getSub(); - } - - public JWTClaims getClaims() { - return this.claims; - } - - @Override - public void addAdditionalInformation(String key, Object value) { - this.claims.addAdditionalInformation(key, value); - } -} diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java index 5b74496..59dd6c7 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java @@ -52,7 +52,7 @@ public class JWTTokenStoreImpl implements JWTTokenStore { claims.setNbf(config.notBefore); // Maybe some other properties in future - return new JWTTokenImpl(claims, signer); + return new JWTToken(claims, signer); } public JWTToken createTokenByValue(String value) { @@ -64,6 +64,6 @@ public class JWTTokenStoreImpl implements JWTTokenStore { } catch (Exception e) { return null; } - return new JWTTokenImpl(claims, signer); + return new JWTToken(claims, signer); } } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java index d82b663..c6fc36f 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java @@ -20,7 +20,14 @@ package org.apache.servicecomb.authentication.token; import java.util.Map; import java.util.Set; +import com.fasterxml.jackson.annotation.JsonIgnore; + public class OpenIDToken implements Token { + /** + * + */ + private static final long serialVersionUID = 6252768307298115467L; + private String tokenType; private SessionToken accessToken; @@ -72,41 +79,49 @@ public class OpenIDToken implements Token { } @Override - public String username() { - return accessToken.username(); + @JsonIgnore + public String getUsername() { + return accessToken.getUsername(); } @Override + @JsonIgnore public boolean isExpired() { return accessToken.isExpired(); } @Override + @JsonIgnore public long getIssueAt() { return accessToken.getIssueAt(); } @Override + @JsonIgnore public long getExpiresIn() { return accessToken.getExpiresIn(); } @Override + @JsonIgnore public long getNotBefore() { return accessToken.getNotBefore(); } @Override + @JsonIgnore public String getValue() { return accessToken.getValue(); } @Override + @JsonIgnore public Map<String, Object> getAdditionalInformation() { return accessToken.getAdditionalInformation(); } @Override + @JsonIgnore public void addAdditionalInformation(String key, Object value) { accessToken.addAdditionalInformation(key, value); } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java index cd65ead..4fdf6a2 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java @@ -23,8 +23,6 @@ public interface OpenIDTokenStore extends TokenStore<OpenIDToken> { OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue); - OpenIDToken readTokenByIDTokenValue(String idTokenValue); - JWTToken createIDTokenByValue(String jwtTokenValue); void saveToken(OpenIDToken token); diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java index c39cec4..7050843 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java @@ -17,5 +17,73 @@ package org.apache.servicecomb.authentication.token; -public interface SessionToken extends Token { +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +public class SessionToken implements Token { + private static final long serialVersionUID = -7783398248936167939L; + + private String value; + + private long issueAt; + + private long expiresIn; + + private long notBefore; + + private String username; + + private Map<String, Object> additionalInformation; + + public SessionToken() { + + } + + public SessionToken(String username) { + this.value = UUID.randomUUID().toString(); + this.issueAt = System.currentTimeMillis(); + this.username = username; + TokenDynamicProperties config = TokenDynamicPropertiesManager.getTokenConfiguration(username); + this.expiresIn = config.expiresIn; + this.notBefore = config.notBefore; + } + + @Override + public long getIssueAt() { + return this.issueAt; + } + + @Override + public long getExpiresIn() { + return this.expiresIn; + } + + @Override + public long getNotBefore() { + return this.notBefore; + } + + @Override + public String getValue() { + return this.value; + } + + @Override + public Map<String, Object> getAdditionalInformation() { + return additionalInformation; + } + + @Override + public String getUsername() { + return this.username; + } + + @Override + public void addAdditionalInformation(String key, Object value) { + if (additionalInformation == null) { + additionalInformation = new HashMap<>(); + } + additionalInformation.put(key, value); + } } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java deleted file mode 100644 index d409ee9..0000000 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.servicecomb.authentication.token; - -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; - -public class SessionTokenImpl implements SessionToken { - private String value; - - private long issueAt; - - private String username; - - private TokenDynamicProperties config; - - private Map<String, Object> additionalInformation; - - public SessionTokenImpl(String username) { - this.value = UUID.randomUUID().toString(); - this.issueAt = System.currentTimeMillis(); - this.username = username; - this.config = TokenDynamicPropertiesManager.getTokenConfiguration(username); - } - - @Override - public long getIssueAt() { - return this.issueAt; - } - - @Override - public long getExpiresIn() { - return this.config.expiresIn; - } - - @Override - public long getNotBefore() { - return this.config.notBefore; - } - - @Override - public String getValue() { - return this.value; - } - - @Override - public Map<String, Object> getAdditionalInformation() { - return additionalInformation; - } - - @Override - public String username() { - return this.username; - } - - @Override - public void addAdditionalInformation(String key, Object value) { - if (additionalInformation == null) { - additionalInformation = new HashMap<>(); - } - additionalInformation.put(key, value); - } -} diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java index 59b23aa..631f3d7 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java @@ -23,7 +23,7 @@ public class SessionTokenStore implements TokenStore<SessionToken> { @Override public SessionToken createToken(UserDetails userDetails) { - return new SessionTokenImpl(userDetails.getUsername()); + return new SessionToken(userDetails.getUsername()); } } diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java index ca51f89..55b1423 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java +++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java @@ -17,11 +17,15 @@ package org.apache.servicecomb.authentication.token; +import java.io.Serializable; import java.util.Map; -public interface Token { - String username(); +import com.fasterxml.jackson.annotation.JsonIgnore; +public interface Token extends Serializable { + String getUsername(); + + @JsonIgnore default boolean isExpired() { return (System.currentTimeMillis() < getNotBefore()) || (System.currentTimeMillis() - getIssueAt() > getExpiresIn() * 1000); @@ -36,6 +40,6 @@ public interface Token { String getValue(); Map<String, Object> getAdditionalInformation(); - + void addAdditionalInformation(String key, Object value); } diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java index 50c29d3..18ad3af 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java @@ -20,12 +20,12 @@ package org.apache.servicecomb.authentication.edge; import java.util.Map; import java.util.concurrent.CompletableFuture; -import org.apache.servicecomb.authentication.server.TokenResponse; +import org.apache.servicecomb.authentication.token.OpenIDToken; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; public interface AuthenticationServerTokenEndpoint { @PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE) - public CompletableFuture<TokenResponse> getToken(@RequestBody Map<String, String> parameters); + public CompletableFuture<OpenIDToken> getToken(@RequestBody Map<String, String> parameters); } diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java deleted file mode 100644 index 97dd3c4..0000000 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.servicecomb.authentication.edge; - -import org.apache.servicecomb.authentication.server.TokenResponse; - -public class DumyEdgeTokenResponseProcessor implements EdgeTokenResponseProcessor { - public DumyEdgeTokenResponseProcessor() { - } - - @Override - public void process(TokenResponse tokenResponse) { - } - -} diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java index 4142c4f..bcb48a8 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java @@ -17,16 +17,9 @@ package org.apache.servicecomb.authentication.edge; -import org.apache.servicecomb.authentication.util.CommonConstants; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; @Configuration public class EdgeConfiguration { - @Bean(name = {CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR}) - @Order(CommonConstants.BEAN_DEFAULT_ORDER) - public EdgeTokenResponseProcessor edgeTokenResponseProcessor() { - return new DumyEdgeTokenResponseProcessor(); - } + } diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java deleted file mode 100644 index 09ea7b3..0000000 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.servicecomb.authentication.edge; - -import org.apache.servicecomb.authentication.server.TokenResponse; - -public interface EdgeTokenResponseProcessor { - void process(TokenResponse tokenResponse); -} diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java index 578f71a..ffafe1a 100644 --- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java +++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java @@ -20,12 +20,9 @@ package org.apache.servicecomb.authentication.edge; import java.util.Map; import java.util.concurrent.CompletableFuture; -import org.apache.servicecomb.authentication.server.TokenResponse; -import org.apache.servicecomb.authentication.util.CommonConstants; +import org.apache.servicecomb.authentication.token.OpenIDToken; import org.apache.servicecomb.provider.pojo.RpcReference; import org.apache.servicecomb.provider.rest.common.RestSchema; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -37,21 +34,16 @@ public class TokenEndpoint implements TokenService { @RpcReference(microserviceName = "authentication-server", schemaId = "TokenEndpoint") private AuthenticationServerTokenEndpoint authenticationSererTokenEndpoint; - @Autowired - @Qualifier(CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR) - private EdgeTokenResponseProcessor edgeTokenResponseProcessor; - @Override @PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE) public CompletableFuture<TokenResponse> getToken(@RequestBody Map<String, String> parameters) { CompletableFuture<TokenResponse> result = new CompletableFuture<>(); - CompletableFuture<TokenResponse> response = + CompletableFuture<OpenIDToken> response = authenticationSererTokenEndpoint.getToken(parameters); response.whenComplete((tokenResonse, ex) -> { if (!response.isCompletedExceptionally()) { - result.complete(tokenResonse); - edgeTokenResponseProcessor.process(tokenResonse); + result.complete(TokenResponse.fromOpenIDToken(tokenResonse)); } else { result.completeExceptionally(ex); } diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenResponse.java b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenResponse.java similarity index 98% rename from api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenResponse.java rename to api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenResponse.java index 32e7fb5..9fc7b67 100644 --- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenResponse.java +++ b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenResponse.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.servicecomb.authentication.server; +package org.apache.servicecomb.authentication.edge; import java.util.Map; import java.util.Set; diff --git a/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java index 5e12a45..e279986 100644 --- a/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java +++ b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java @@ -20,8 +20,6 @@ package org.apache.servicecomb.authentication.edge; import java.util.Map; import java.util.concurrent.CompletableFuture; -import org.apache.servicecomb.authentication.server.TokenResponse; - public interface TokenService { CompletableFuture<TokenResponse> getToken(Map<String, String> parameters); diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java index 0e4b462..854c940 100644 --- a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java +++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java @@ -17,8 +17,6 @@ package org.apache.servicecomb.authentication; -import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore; -import org.apache.servicecomb.authentication.token.InMemoryOpenIDTokenStore; import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -40,10 +38,4 @@ public class AuthenticationConfiguration { // If using MacSigner, need to protect the shared key by properly encryption. return new MacSigner("Please change this key."); } - - @Bean(name = CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) - public AbstractOpenIDTokenStore openIDTokenStore() { - // NOTICE: Use in memory store for testing. Need to implement JDBC or Redis SessionIDTokenStore in product. - return new InMemoryOpenIDTokenStore(); - } } diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java new file mode 100644 index 0000000..0163612 --- /dev/null +++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.authentication; + +import org.apache.servicecomb.authentication.jwt.JsonParser; +import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore; +import org.apache.servicecomb.authentication.token.OpenIDToken; +import org.apache.servicecomb.authentication.user.TokenMapper; +import org.apache.servicecomb.authentication.util.CommonConstants; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE) +public class JDBCOpenIDTokenStore extends AbstractOpenIDTokenStore { + @Autowired + private TokenMapper tokenMapper; + + @Override + public OpenIDToken readTokenByValue(String value) { + String tokenInfo = tokenMapper.getTokenInfoByAccessTokenId(value); + if (tokenInfo != null) { + return JsonParser.parse(tokenInfo, OpenIDToken.class); + } + return null; + } + + @Override + public OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue) { + String tokenInfo = tokenMapper.getTokenInfoByRefreshTokenId(refreshTokenValue); + if (tokenInfo != null) { + return JsonParser.parse(tokenInfo, OpenIDToken.class); + } + return null; + } + + @Override + public void saveToken(OpenIDToken token) { + tokenMapper.insertNewToken(token.getValue(), + token.getRefreshToken().getValue(), + JsonParser.unparse(token)); + } + +} diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/TokenMapper.java similarity index 58% copy from api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java copy to samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/TokenMapper.java index cd65ead..7ef3f22 100644 --- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java +++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/TokenMapper.java @@ -15,17 +15,18 @@ * limitations under the License. */ -package org.apache.servicecomb.authentication.token; +package org.apache.servicecomb.authentication.user; -public interface OpenIDTokenStore extends TokenStore<OpenIDToken> { +import org.apache.ibatis.annotations.Param; - OpenIDToken readTokenByValue(String value); +public interface TokenMapper { + public void insertNewToken(@Param("accessTokenId") String accessTokenId, + @Param("refreshTokenId") String refreshTokenId, + @Param("tokenInfo") String tokenInfo); - OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue); + public String getTokenInfoByAccessTokenId(@Param("accessTokenId") String accessTokenId); - OpenIDToken readTokenByIDTokenValue(String idTokenValue); - - JWTToken createIDTokenByValue(String jwtTokenValue); + public String getTokenInfoByRefreshTokenId(@Param("refreshTokenId") String refreshTokenId); - void saveToken(OpenIDToken token); + public String getTokenInfoByIdTokenId(@Param("idTokenId") String idTokenId); } diff --git a/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml b/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml index dac1cdf..08ebeb0 100644 --- a/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml +++ b/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml @@ -38,5 +38,9 @@ value="org.apache.servicecomb.authentication.user.UserMapper" /> <property name="sqlSessionFactory" ref="sqlSessionFactory" /> </bean> - + <bean id="tokenMapper" class="org.mybatis.spring.mapper.MapperFactoryBean"> + <property name="mapperInterface" + value="org.apache.servicecomb.authentication.user.TokenMapper" /> + <property name="sqlSessionFactory" ref="sqlSessionFactory" /> + </bean> </beans> \ No newline at end of file diff --git a/samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml b/samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml new file mode 100644 index 0000000..8d702f9 --- /dev/null +++ b/samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- ~ Licensed to the Apache Software Foundation (ASF) under one or more + ~ contributor license agreements. See the NOTICE file distributed with ~ + this work for additional information regarding copyright ownership. ~ The + ASF licenses this file to You under the Apache License, Version 2.0 ~ (the + "License"); you may not use this file except in compliance with ~ the License. + You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ ~ Unless required by applicable law or agreed to in writing, software ~ + distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the + License for the specific language governing permissions and ~ limitations + under the License. --> + +<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd";> +<mapper namespace="org.apache.servicecomb.authentication.user.TokenMapper"> + <insert id="insertNewToken"> + insert into + T_TOKENS(ACCESS_TOKEN_VALUE,REFRESH_TOKEN_VALUE,TOKEN) + values(#{accessTokenId},#{refreshTokenId},#{tokenInfo}) + </insert> + + <select id="getTokenInfoByAccessTokenId" parameterType="java.lang.String" + resultType="java.lang.String"> + select TOKEN + from T_TOKENS where ACCESS_TOKEN_VALUE = + #{accessTokenId} + </select> + + <select id="getTokenInfoByRefreshTokenId" parameterType="java.lang.String" + resultType="java.lang.String"> + select TOKEN + from T_TOKENS where REFRESH_TOKEN_VALUE = + #{refreshTokenId} + </select> +</mapper> \ No newline at end of file diff --git a/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml b/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml index 2bd7b68..9290b3f 100644 --- a/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml +++ b/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml @@ -15,7 +15,8 @@ PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd";> <configuration> - <mappers> - <mapper resource="config/UserMapper.xml"/> - </mappers> + <mappers> + <mapper resource="config/UserMapper.xml" /> + <mapper resource="config/TokenMapper.xml" /> + </mappers> </configuration> \ No newline at end of file diff --git a/samples/AuthenticationServer/src/main/resources/sql/user.sql b/samples/AuthenticationServer/src/main/resources/sql/user.sql index 223826d..b5dbfc7 100644 --- a/samples/AuthenticationServer/src/main/resources/sql/user.sql +++ b/samples/AuthenticationServer/src/main/resources/sql/user.sql @@ -73,7 +73,6 @@ CREATE TABLE `T_TOKENS` ( `ID` INTEGER(8) NOT NULL AUTO_INCREMENT, `ACCESS_TOKEN_VALUE` VARCHAR(256) NOT NULL, `REFRESH_TOKEN_VALUE` VARCHAR(256) NOT NULL, - `ID_TOKEN_VALUE` VARCHAR(256) NOT NULL, `TOKEN` TEXT NOT NULL, PRIMARY KEY (`ID`) ); diff --git a/samples/Client/pom.xml b/samples/Client/pom.xml index 5bbe9d8..b6b3220 100644 --- a/samples/Client/pom.xml +++ b/samples/Client/pom.xml @@ -33,7 +33,7 @@ <dependencies> <dependency> <groupId>org.apache.servicecomb.authentication</groupId> - <artifactId>authentication-server-api-service</artifactId> + <artifactId>authentication-edge-api-service</artifactId> <version>0.0.1-SNAPSHOT</version> </dependency> <dependency> @@ -64,7 +64,7 @@ <dependencies> <dependency> <groupId>org.apache.servicecomb.authentication</groupId> - <artifactId>authentication-server-api-service</artifactId> + <artifactId>authentication-edge-api-service</artifactId> </dependency> <dependency> <groupId>org.apache.servicecomb</groupId> diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java index 2b8fd5a..7acb34d 100644 --- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java +++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java @@ -17,7 +17,7 @@ package org.apache.servicecomb.authentication; -import org.apache.servicecomb.authentication.server.TokenResponse; +import org.apache.servicecomb.authentication.edge.TokenResponse; import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java index 00a557e..766aba0 100644 --- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java +++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java @@ -17,7 +17,7 @@ package org.apache.servicecomb.authentication; -import org.apache.servicecomb.authentication.server.TokenResponse; +import org.apache.servicecomb.authentication.edge.TokenResponse; import org.apache.servicecomb.authentication.util.CommonConstants; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders;
