From e822fbbd5b2905695548fd5f5723abd621bdfb1a Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Thu, 23 Apr 2020 16:45:34 -0400 Subject: [PATCH] Stub out authorization_code grant implementation Fixes gh-65 --- build.gradle | 3 +- core/spring-authorization-server-core.gradle | 19 ++++++ .../authorization/OAuth2Authorization.java | 31 ++++++++++ .../OAuth2AuthorizationService.java | 27 +++++++++ .../server/authorization/TokenType.java | 57 ++++++++++++++++++ .../OAuth2AccessTokenAuthenticationToken.java | 52 ++++++++++++++++ ...thorizationCodeAuthenticationProvider.java | 42 +++++++++++++ ...2AuthorizationCodeAuthenticationToken.java | 60 +++++++++++++++++++ .../OAuth2ClientAuthenticationProvider.java | 38 ++++++++++++ .../OAuth2ClientAuthenticationToken.java | 54 +++++++++++++++++ .../client/RegisteredClient.java | 39 ++++++++++++ .../client/RegisteredClientRepository.java | 27 +++++++++ .../OAuth2AuthorizationEndpointFilter.java | 47 +++++++++++++++ .../web/OAuth2ClientAuthenticationFilter.java | 40 +++++++++++++ .../web/OAuth2TokenEndpointFilter.java | 44 ++++++++++++++ gradle/dependency-management.gradle | 7 +++ 16 files changed, 586 insertions(+), 1 deletion(-) create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationService.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/TokenType.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AccessTokenAuthenticationToken.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationProvider.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationToken.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClient.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClientRepository.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2ClientAuthenticationFilter.java create mode 100644 core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java diff --git a/build.gradle b/build.gradle index de09a73..5a903ed 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,8 @@ buildscript { apply plugin: 'io.spring.convention.root' -group = 'org.springframework.experimental' +group = 'org.springframework.security.experimental' +description = 'Spring Authorization Server' version = '0.0.1-SNAPSHOT' repositories { diff --git a/core/spring-authorization-server-core.gradle b/core/spring-authorization-server-core.gradle index 56dcd79..e4235be 100644 --- a/core/spring-authorization-server-core.gradle +++ b/core/spring-authorization-server-core.gradle @@ -1 +1,20 @@ apply plugin: 'io.spring.convention.spring-module' + +dependencies { + compile 'org.springframework.security:spring-security-core' + compile 'org.springframework.security:spring-security-web' + compile 'org.springframework.security:spring-security-oauth2-core' + compile springCoreDependency + compile 'com.nimbusds:oauth2-oidc-sdk' + compile 'com.fasterxml.jackson.core:jackson-databind' + + optional 'com.nimbusds:nimbus-jose-jwt' + optional 'org.springframework.security:spring-security-oauth2-jose' + + testCompile 'junit:junit' + testCompile 'org.assertj:assertj-core' + testCompile 'org.mockito:mockito-core' + testCompile 'com.squareup.okhttp3:mockwebserver' + + provided 'javax.servlet:javax.servlet-api' +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java new file mode 100644 index 0000000..e49d53a --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java @@ -0,0 +1,31 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization; + +import org.springframework.security.oauth2.core.OAuth2AccessToken; + +import java.util.Map; + +/** + * @author Joe Grandja + */ +public class OAuth2Authorization { + private String registeredClientId; + private String principalName; + private OAuth2AccessToken accessToken; + private Map attributes; + +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationService.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationService.java new file mode 100644 index 0000000..6724c4b --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationService.java @@ -0,0 +1,27 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization; + +/** + * @author Joe Grandja + */ +public interface OAuth2AuthorizationService { + + void save(OAuth2Authorization authorization); + + OAuth2Authorization findByTokenAndTokenType(String token, TokenType tokenType); + +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/TokenType.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/TokenType.java new file mode 100644 index 0000000..19b8096 --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/TokenType.java @@ -0,0 +1,57 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization; + +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.util.Assert; + +import java.io.Serializable; + +/** + * @author Joe Grandja + */ +public final class TokenType implements Serializable { + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + public static final TokenType ACCESS_TOKEN = new TokenType("access_token"); + public static final TokenType AUTHORIZATION_CODE = new TokenType("authorization_code"); + private final String value; + + public TokenType(String value) { + Assert.hasText(value, "value cannot be empty"); + this.value = value; + } + + public String getValue() { + return this.value; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null || this.getClass() != obj.getClass()) { + return false; + } + TokenType that = (TokenType) obj; + return this.getValue().equals(that.getValue()); + } + + @Override + public int hashCode() { + return this.getValue().hashCode(); + } +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AccessTokenAuthenticationToken.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AccessTokenAuthenticationToken.java new file mode 100644 index 0000000..0c19b6b --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AccessTokenAuthenticationToken.java @@ -0,0 +1,52 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.authentication; + +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; + +import java.util.Collections; + +/** + * @author Joe Grandja + */ +public class OAuth2AccessTokenAuthenticationToken extends AbstractAuthenticationToken { + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + private RegisteredClient registeredClient; + private Authentication clientPrincipal; + private OAuth2AccessToken accessToken; + + public OAuth2AccessTokenAuthenticationToken(RegisteredClient registeredClient, + Authentication clientPrincipal, OAuth2AccessToken accessToken) { + super(Collections.emptyList()); + this.registeredClient = registeredClient; + this.clientPrincipal = clientPrincipal; + this.accessToken = accessToken; + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getPrincipal() { + return null; + } +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java new file mode 100644 index 0000000..0dd3382 --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java @@ -0,0 +1,42 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.authentication; + +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.crypto.keygen.StringKeyGenerator; +import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; + +/** + * @author Joe Grandja + */ +public class OAuth2AuthorizationCodeAuthenticationProvider implements AuthenticationProvider { + private RegisteredClientRepository registeredClientRepository; + private OAuth2AuthorizationService authorizationService; + private StringKeyGenerator accessTokenGenerator; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + return authentication; + } + + @Override + public boolean supports(Class authentication) { + return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication); + } +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java new file mode 100644 index 0000000..d6a1779 --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java @@ -0,0 +1,60 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.authentication; + +import org.springframework.lang.Nullable; +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.SpringSecurityCoreVersion; + +import java.util.Collections; + +/** + * @author Joe Grandja + */ +public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenticationToken { + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + private String code; + private Authentication clientPrincipal; + private String clientId; + private String redirectUri; + + public OAuth2AuthorizationCodeAuthenticationToken(String code, + Authentication clientPrincipal, @Nullable String redirectUri) { + super(Collections.emptyList()); + this.code = code; + this.redirectUri = redirectUri; + this.clientPrincipal = clientPrincipal; + } + + public OAuth2AuthorizationCodeAuthenticationToken(String code, + String clientId, @Nullable String redirectUri) { + super(Collections.emptyList()); + this.code = code; + this.redirectUri = redirectUri; + this.clientId = clientId; + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getPrincipal() { + return null; + } +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationProvider.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationProvider.java new file mode 100644 index 0000000..c3bdcc5 --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationProvider.java @@ -0,0 +1,38 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.authentication; + +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; + +/** + * @author Joe Grandja + */ +public class OAuth2ClientAuthenticationProvider implements AuthenticationProvider { + private RegisteredClientRepository registeredClientRepository; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + return authentication; + } + + @Override + public boolean supports(Class authentication) { + return OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication); + } +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationToken.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationToken.java new file mode 100644 index 0000000..a371840 --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientAuthenticationToken.java @@ -0,0 +1,54 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.authentication; + +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; + +import java.util.Collections; + +/** + * @author Joe Grandja + */ +public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken { + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + private String clientId; + private String clientSecret; + private RegisteredClient registeredClient; + + public OAuth2ClientAuthenticationToken(String clientId, String clientSecret) { + super(Collections.emptyList()); + this.clientId = clientId; + this.clientSecret = clientSecret; + } + + public OAuth2ClientAuthenticationToken(RegisteredClient registeredClient) { + super(Collections.emptyList()); + this.registeredClient = registeredClient; + setAuthenticated(true); + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getPrincipal() { + return null; + } +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClient.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClient.java new file mode 100644 index 0000000..807a396 --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClient.java @@ -0,0 +1,39 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.client; + +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.security.oauth2.core.ClientAuthenticationMethod; + +import java.io.Serializable; +import java.util.Collections; +import java.util.Set; + +/** + * @author Joe Grandja + */ +public class RegisteredClient implements Serializable { + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + private String id; + private String clientId; + private String clientSecret; + private Set clientAuthenticationMethods = Collections.emptySet(); + private Set authorizationGrantTypes = Collections.emptySet(); + private Set redirectUris = Collections.emptySet(); + private Set scopes = Collections.emptySet(); + +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClientRepository.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClientRepository.java new file mode 100644 index 0000000..9e37d6b --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/client/RegisteredClientRepository.java @@ -0,0 +1,27 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.client; + +/** + * @author Joe Grandja + */ +public interface RegisteredClientRepository { + + RegisteredClient findById(String id); + + RegisteredClient findByClientId(String clientId); + +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java new file mode 100644 index 0000000..c8a143c --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationEndpointFilter.java @@ -0,0 +1,47 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.web; + +import org.springframework.core.convert.converter.Converter; +import org.springframework.security.crypto.keygen.StringKeyGenerator; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author Joe Grandja + */ +public class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilter { + private Converter authorizationRequestConverter; + private RegisteredClientRepository registeredClientRepository; + private OAuth2AuthorizationService authorizationService; + private StringKeyGenerator codeGenerator; + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + + } + +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2ClientAuthenticationFilter.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2ClientAuthenticationFilter.java new file mode 100644 index 0000000..1738b1a --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2ClientAuthenticationFilter.java @@ -0,0 +1,40 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.web; + +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author Joe Grandja + */ +public class OAuth2ClientAuthenticationFilter extends OncePerRequestFilter { + private AuthenticationManager authenticationManager; + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + + } + +} diff --git a/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java new file mode 100644 index 0000000..7b2765a --- /dev/null +++ b/core/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenEndpointFilter.java @@ -0,0 +1,44 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.oauth2.server.authorization.web; + +import org.springframework.core.convert.converter.Converter; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author Joe Grandja + */ +public class OAuth2TokenEndpointFilter extends OncePerRequestFilter { + private Converter authorizationGrantConverter; + private AuthenticationManager authenticationManager; + private OAuth2AuthorizationService authorizationService; + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + + } +} diff --git a/gradle/dependency-management.gradle b/gradle/dependency-management.gradle index 188db8e..b182633 100644 --- a/gradle/dependency-management.gradle +++ b/gradle/dependency-management.gradle @@ -1,11 +1,18 @@ dependencyManagement { imports { mavenBom 'org.springframework:spring-framework-bom:latest.release' + mavenBom 'org.springframework.security:spring-security-bom:latest.release' } dependencies { + dependency "com.nimbusds:oauth2-oidc-sdk:latest.release" + dependency "com.nimbusds:nimbus-jose-jwt:latest.release" + dependency "com.fasterxml.jackson.core:jackson-databind:2.+" + dependency "javax.servlet:javax.servlet-api:4.+" dependency 'junit:junit:latest.release' dependency 'org.assertj:assertj-core:latest.release' dependency 'org.mockito:mockito-core:latest.release' + dependency "com.squareup.okhttp3:mockwebserver:3.+" + dependency "com.squareup.okhttp3:okhttp:3.+" } }