This is an automated email from the ASF dual-hosted git repository. mabin pushed a commit to branch houserush-sample in repository https://gitbox.apache.org/repos/asf/servicecomb-samples.git
commit 3a458c2f13a88491b29f1f2794d495f84965a283 Author: liubao <[email protected]> AuthorDate: Wed May 8 17:49:16 2019 +0800 authentication: add tokens logic --- authentication/AuthenticationServer/pom.xml | 9 +++ .../AuthenticationConfiguration.java | 28 ++++++++ .../service/AuthenticationServiceImpl.java | 45 ++++++++---- .../servicecomb/authentication/user/Role.java | 5 ++ .../servicecomb/authentication/user/User.java | 11 +++ .../servicecomb/authentication/user/UserStore.java | 5 ++ .../servicecomb/authentication/api/Token.java | 76 +++++++++++++++++--- .../servicecomb/authentication/jwt/JWTClaims.java | 45 ++++++++++++ .../authentication/jwt/JWTClaimsCommon.java | 83 ++++++++++++++++++++++ .../servicecomb/authentication/jwt/JWTHeader.java | 25 +++++++ .../servicecomb/authentication/jwt/JsonParser.java | 23 ++++++ 11 files changed, 330 insertions(+), 25 deletions(-) diff --git a/authentication/AuthenticationServer/pom.xml b/authentication/AuthenticationServer/pom.xml index 0c7a295..baaac03 100644 --- a/authentication/AuthenticationServer/pom.xml +++ b/authentication/AuthenticationServer/pom.xml @@ -47,6 +47,11 @@ <version>0.0.1-SNAPSHOT</version> </dependency> <dependency> + <groupId>org.apache.servicecomb.authentication</groupId> + <artifactId>authentication-common-api-endpoint</artifactId> + <version>0.0.1-SNAPSHOT</version> + </dependency> + <dependency> <groupId>org.apache.servicecomb</groupId> <artifactId>java-chassis-dependencies</artifactId> <version>1.2.0</version> @@ -77,6 +82,10 @@ </dependency> <dependency> <groupId>org.apache.servicecomb.authentication</groupId> + <artifactId>authentication-common-api-endpoint</artifactId> + </dependency> + <dependency> + <groupId>org.apache.servicecomb.authentication</groupId> <artifactId>authentication-server-api-endpoint</artifactId> </dependency> <dependency> diff --git a/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java new file mode 100644 index 0000000..77a6342 --- /dev/null +++ b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java @@ -0,0 +1,28 @@ +package org.apache.servicecomb.authentication; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.crypto.password.PasswordEncoder; + +@Configuration +public class AuthenticationConfiguration { + @Bean(name = "authPasswordEncoder") + private PasswordEncoder authPasswordEncoder() { + return new PasswordEncoder() { + + @Override + public String encode(CharSequence rawPassword) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean matches(CharSequence rawPassword, String encodedPassword) { + // TODO Auto-generated method stub + return false; + } + + }; + } + +} diff --git a/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/service/AuthenticationServiceImpl.java b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/service/AuthenticationServiceImpl.java index be46f5c..a6e856a 100644 --- a/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/service/AuthenticationServiceImpl.java +++ b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/service/AuthenticationServiceImpl.java @@ -19,34 +19,49 @@ package org.apache.servicecomb.authentication.service; import org.apache.servicecomb.authentication.api.AuthenticationService; import org.apache.servicecomb.authentication.api.Token; +import org.apache.servicecomb.authentication.jwt.JWTClaims; +import org.apache.servicecomb.authentication.jwt.JsonParser; +import org.apache.servicecomb.authentication.user.User; +import org.apache.servicecomb.authentication.user.UserStore; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.jwt.Jwt; +import org.springframework.security.jwt.JwtHelper; +import org.springframework.security.jwt.crypto.sign.Signer; import org.springframework.stereotype.Service; @Service public class AuthenticationServiceImpl implements AuthenticationService { @Autowired - @Qualifier("userDetailsService") - private UserDetailsService userDetailsService; - + @Qualifier("authUserStore") + private UserStore userStore; + @Autowired - @Qualifier("passwordEncoder") + @Qualifier("authPasswordEncoder") private PasswordEncoder passwordEncoder; + @Autowired + @Qualifier("authSigner") + private Signer signer; + @Override public Token login(String userName, String password) { - UserDetails userDetails; - try { - userDetails = userDetailsService.loadUserByUsername(userName); - } catch (UsernameNotFoundException e) { - return null; - } - if(passwordEncoder.matches(password, userDetails.getPassword())) { - return null; + User user = userStore.loadUserByUsername(userName); + if (passwordEncoder.matches(password, user.getPassword())) { + JWTClaims claims = new JWTClaims(); + if (user.getRoles() != null) { + user.getRoles().forEach(role -> claims.addRole(role.getRoleName())); + } + claims.setScope("read"); + String content = JsonParser.unparse(claims); + Jwt accessToken = JwtHelper.encode(content, signer); + + Token token = new Token(); + token.setExpires_in(10 * 60); + token.setToken_type("bearer"); + token.setAccess_token(accessToken.getEncoded()); + return token; } else { return null; } diff --git a/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/Role.java b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/Role.java new file mode 100644 index 0000000..393cd3e --- /dev/null +++ b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/Role.java @@ -0,0 +1,5 @@ +package org.apache.servicecomb.authentication.user; + +public interface Role { + String getRoleName(); +} diff --git a/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/User.java b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/User.java new file mode 100644 index 0000000..b0ba017 --- /dev/null +++ b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/User.java @@ -0,0 +1,11 @@ +package org.apache.servicecomb.authentication.user; + +import java.util.Collection; + +public interface User { + Collection<Role> getRoles(); + + String getPassword(); + + String getUsername(); +} diff --git a/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/UserStore.java b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/UserStore.java new file mode 100644 index 0000000..5bd8459 --- /dev/null +++ b/authentication/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/UserStore.java @@ -0,0 +1,5 @@ +package org.apache.servicecomb.authentication.user; + +public interface UserStore { + User loadUserByUsername(String userName); +} diff --git a/authentication/api/AuthenticationServer/service/src/main/java/org/apache/servicecomb/authentication/api/Token.java b/authentication/api/AuthenticationServer/service/src/main/java/org/apache/servicecomb/authentication/api/Token.java index 732fe22..94ce237 100644 --- a/authentication/api/AuthenticationServer/service/src/main/java/org/apache/servicecomb/authentication/api/Token.java +++ b/authentication/api/AuthenticationServer/service/src/main/java/org/apache/servicecomb/authentication/api/Token.java @@ -17,24 +17,80 @@ package org.apache.servicecomb.authentication.api; +import java.util.Map; +import java.util.Set; + public class Token { - private String accessToken; + // Naming conventions https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-00#section-3.1 + private String token_type; + + private String access_token; + + private String refresh_token; + + private int expires_in; + + private Set<String> scope; + + // JWT id + private String jti; + + private Map<String, Object> additionalInformation; - private String refreshToken; + public String getToken_type() { + return token_type; + } + + public void setToken_type(String token_type) { + this.token_type = token_type; + } + + public String getAccess_token() { + return access_token; + } + + public void setAccess_token(String access_token) { + this.access_token = access_token; + } - public String getAccessToken() { - return accessToken; + public String getRefresh_token() { + return refresh_token; } - public void setAccessToken(String accessToken) { - this.accessToken = accessToken; + public void setRefresh_token(String refresh_token) { + this.refresh_token = refresh_token; } - public String getRefreshToken() { - return refreshToken; + public int getExpires_in() { + return expires_in; } - public void setRefreshToken(String refreshToken) { - this.refreshToken = refreshToken; + public void setExpires_in(int expires_in) { + this.expires_in = expires_in; } + + public Set<String> getScope() { + return scope; + } + + public void setScope(Set<String> scope) { + this.scope = scope; + } + + public String getJti() { + return jti; + } + + public void setJti(String jti) { + this.jti = jti; + } + + public Map<String, Object> getAdditionalInformation() { + return additionalInformation; + } + + public void setAdditionalInformation(Map<String, Object> additionalInformation) { + this.additionalInformation = additionalInformation; + } + } diff --git a/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTClaims.java b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTClaims.java new file mode 100644 index 0000000..569b4da --- /dev/null +++ b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTClaims.java @@ -0,0 +1,45 @@ +package org.apache.servicecomb.authentication.jwt; + +import java.util.Collections; +import java.util.Map; +import java.util.Set; + +public class JWTClaims extends JWTClaimsCommon { + protected Set<String> roles = Collections.emptySet(); + + protected Map<String, Object> additionalInformation = Collections.emptyMap(); + + /** + * The scope of the access token as described by <a + * href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3";>Section 3.3</a> + */ + protected String scope; + + public Set<String> getRoles() { + return roles; + } + + public void setRoles(Set<String> roles) { + this.roles = roles; + } + + public Map<String, Object> getAdditionalInformation() { + return additionalInformation; + } + + public void setAdditionalInformation(Map<String, Object> additionalInformation) { + this.additionalInformation = additionalInformation; + } + + public String getScope() { + return scope; + } + + public void setScope(String scope) { + this.scope = scope; + } + + public void addRole(String role) { + this.roles.add(role); + } +} diff --git a/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTClaimsCommon.java b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTClaimsCommon.java new file mode 100644 index 0000000..3b71a5c --- /dev/null +++ b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTClaimsCommon.java @@ -0,0 +1,83 @@ +package org.apache.servicecomb.authentication.jwt; + +public class JWTClaimsCommon { + // see: https://tools.ietf.org/html/rfc7519 + // (Issuer) Claim + protected String iss; + + // (Subject) Claim + protected String sub; + + // (Audience) Claim + protected String aud; + + // (Expiration Time) Claim + protected long exp; + + // (Not Before) Claim + protected long nbf; + + // (Issued At) Claim + protected long iat; + + // (JWT ID) Claim + protected String jti; + + public String getIss() { + return iss; + } + + public void setIss(String iss) { + this.iss = iss; + } + + public String getSub() { + return sub; + } + + public void setSub(String sub) { + this.sub = sub; + } + + public String getAud() { + return aud; + } + + public void setAud(String aud) { + this.aud = aud; + } + + public long getExp() { + return exp; + } + + public void setExp(long exp) { + this.exp = exp; + } + + public long getNbf() { + return nbf; + } + + public void setNbf(long nbf) { + this.nbf = nbf; + } + + public long getIat() { + return iat; + } + + public void setIat(long iat) { + this.iat = iat; + } + + public String getJti() { + return jti; + } + + public void setJti(String jti) { + this.jti = jti; + } + + +} diff --git a/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java new file mode 100644 index 0000000..b4b1ae7 --- /dev/null +++ b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java @@ -0,0 +1,25 @@ +package org.apache.servicecomb.authentication.jwt; + +public class JWTHeader { + private String typ; + + private String alg; + + public String getTyp() { + return typ; + } + + public void setTyp(String typ) { + this.typ = typ; + } + + public String getAlg() { + return alg; + } + + public void setAlg(String alg) { + this.alg = alg; + } + + +} diff --git a/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JsonParser.java b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JsonParser.java new file mode 100644 index 0000000..37e54d7 --- /dev/null +++ b/authentication/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JsonParser.java @@ -0,0 +1,23 @@ +package org.apache.servicecomb.authentication.jwt; + +import com.fasterxml.jackson.databind.ObjectMapper; + +public class JsonParser { + private static final ObjectMapper MAPPER = new ObjectMapper(); + + public static <T> T parse(String json, Class<T> clazz) { + try { + return MAPPER.readValue(json, clazz); + } catch (Exception e) { + throw new IllegalArgumentException("Cannot parse json", e); + } + } + + public static <T> String unparse(T obj) { + try { + return MAPPER.writeValueAsString(obj); + } catch (Exception e) { + throw new IllegalArgumentException("Cannot unparse json", e); + } + } +}
