You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2019/06/22 03:22:58 UTC
[servicecomb-fence] 10/12: [SCB-1322]refactor code to allow
authentication filters customization and adapt spring security
Authentication architecture
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit 8b8c29c50301dff98a6e195760b6722e4a9f3f47
Author: liubao <bi...@qq.com>
AuthorDate: Sat Jun 22 10:57:17 2019 +0800
[SCB-1322]refactor code to allow authentication filters customization and adapt spring security Authentication architecture
---
.../server/PasswordTokenGranter.java | 16 +++---
.../server/RefreshTokenTokenGranter.java | 13 ++---
.../authentication/server/TokenEndpoint.java | 2 +-
...nst.java => AuthenticationServerConstants.java} | 6 ++-
.../authentication/token/TokenConfiguration.java | 16 +++---
.../servicecomb/authentication/jwt/JWTHeader.java | 1 +
.../token/AbstractOpenIDTokenStore.java | 10 ++--
.../token/InMemoryOpenIDTokenStore.java | 3 ++
.../util/{Constants.java => CommonConstants.java} | 4 +-
.../authentication/edge/AuthHandler.java | 20 +++----
.../authentication/edge/AuthenticationFilter.java | 12 ++---
.../authentication/edge/EdgeConfiguration.java | 6 +--
.../authentication/edge/TokenEndpoint.java | 4 +-
.../resource/AccessConfiguration.java | 0
.../resource/AccessConfigurationManager.java | 0
...eptionExceptionToProducerResponseConverter.java | 0
.../authentication/resource/AuthFilter.java} | 27 ++--------
.../authentication/resource/AuthFiltersBean.java} | 34 ++++++------
.../resource/AuthenticationAuthFilter.java} | 55 +++++++------------
.../ConfigBasedAuthoriaztionAuthFilter.java | 61 ++++++++++++++++++++++
.../resource/ResourceAuthHandler.java} | 28 ++++------
.../resource/SimpleAuthentication.java | 4 --
....exception.ExceptionToProducerResponseConverter | 0
.../src/main/resources/config/cse.handler.xml | 0
.../AuthenticationConfiguration.java | 12 ++---
.../authentication/AuthenticationTestCase.java | 6 +--
.../gateway/AuthenticationConfiguration.java | 10 ++--
.../resource/AuthenticationConfiguration.java | 10 ++--
28 files changed, 192 insertions(+), 168 deletions(-)
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java
index 6f893cd..45c8ca2 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java
@@ -21,7 +21,7 @@ import java.util.Map;
import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
import org.apache.servicecomb.authentication.token.OpenIDToken;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.userdetails.UserDetails;
@@ -34,21 +34,21 @@ import com.netflix.config.DynamicPropertyFactory;
@Component
public class PasswordTokenGranter implements TokenGranter {
@Autowired
- @Qualifier(Constants.BEAN_AUTH_USER_DETAILS_SERVICE)
+ @Qualifier(CommonConstants.BEAN_AUTH_USER_DETAILS_SERVICE)
private UserDetailsService userDetailsService;
@Autowired
- @Qualifier(Constants.BEAN_AUTH_PASSWORD_ENCODER)
+ @Qualifier(CommonConstants.BEAN_AUTH_PASSWORD_ENCODER)
private PasswordEncoder passwordEncoder;
@Autowired
- @Qualifier(Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
+ @Qualifier(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
private AbstractOpenIDTokenStore openIDTokenStore;
@Override
public TokenResponse grant(Map<String, String> parameters) {
- String username = parameters.get(TokenConst.PARAM_USERNAME);
- String password = parameters.get(TokenConst.PARAM_PASSWORD);
+ String username = parameters.get(AuthenticationServerConstants.PARAM_USERNAME);
+ String password = parameters.get(AuthenticationServerConstants.PARAM_PASSWORD);
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (passwordEncoder.matches(password, userDetails.getPassword())) {
@@ -62,13 +62,13 @@ public class PasswordTokenGranter implements TokenGranter {
@Override
public String grantType() {
- return TokenConst.GRANT_TYPE_PASSWORD;
+ return AuthenticationServerConstants.GRANT_TYPE_PASSWORD;
}
@Override
public boolean enabled() {
return DynamicPropertyFactory.getInstance()
- .getBooleanProperty(Constants.CONFIG_GRANTER_PASSWORD_ENABLED, true)
+ .getBooleanProperty(AuthenticationServerConstants.CONFIG_GRANTER_PASSWORD_ENABLED, true)
.get();
}
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
index 4b0f93f..77a9f98 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
@@ -22,7 +22,7 @@ import java.util.Map;
import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.apache.servicecomb.authentication.token.Token;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.userdetails.UserDetails;
@@ -34,34 +34,35 @@ import com.netflix.config.DynamicPropertyFactory;
@Component
public class RefreshTokenTokenGranter implements TokenGranter {
@Autowired
- @Qualifier(Constants.BEAN_AUTH_USER_DETAILS_SERVICE)
+ @Qualifier(CommonConstants.BEAN_AUTH_USER_DETAILS_SERVICE)
private UserDetailsService userDetailsService;
@Autowired
- @Qualifier(Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
+ @Qualifier(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
private AbstractOpenIDTokenStore openIDTokenStore;
@Override
public boolean enabled() {
return DynamicPropertyFactory.getInstance()
- .getBooleanProperty("servicecomb.authentication.granter.refreshToken.enabled", true)
+ .getBooleanProperty(AuthenticationServerConstants.CONFIG_GRANTER_REFRESH_TOKEN_ENABLED, true)
.get();
}
@Override
public String grantType() {
- return TokenConst.GRANT_TYPE_REFRESH_TOKEN;
+ return AuthenticationServerConstants.GRANT_TYPE_REFRESH_TOKEN;
}
@Override
public TokenResponse grant(Map<String, String> parameters) {
- String refreshTokenValue = parameters.get(TokenConst.PARAM_REFRESH_TOKEN);
+ String refreshTokenValue = parameters.get(AuthenticationServerConstants.PARAM_REFRESH_TOKEN);
Token refreshToken = openIDTokenStore.readTokenByRefreshTokenValue(refreshTokenValue);
if (refreshToken != null && !refreshToken.isExpired()) {
UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.username());
OpenIDToken openIDToken = openIDTokenStore.createToken(userDetails);
+ openIDTokenStore.saveToken(openIDToken);
return TokenResponse.fromOpenIDToken(openIDToken);
}
return null;
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
index fa2ca32..fb849c1 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
@@ -37,7 +37,7 @@ public class TokenEndpoint implements TokenService {
@Override
@PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED)
public TokenResponse getToken(@RequestBody Map<String, String> parameters) {
- String grantType = parameters.get(TokenConst.PARAM_GRANT_TYPE);
+ String grantType = parameters.get(AuthenticationServerConstants.PARAM_GRANT_TYPE);
for (TokenGranter granter : granters) {
if (granter.enabled()) {
diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/AuthenticationServerConstants.java
similarity index 81%
rename from api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java
rename to api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/AuthenticationServerConstants.java
index 915a515..193e6d8 100644
--- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java
+++ b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/AuthenticationServerConstants.java
@@ -17,7 +17,7 @@
package org.apache.servicecomb.authentication.server;
-public class TokenConst {
+public class AuthenticationServerConstants {
public static final String PARAM_GRANT_TYPE = "grant_type";
public static final String PARAM_USERNAME = "username";
@@ -31,4 +31,8 @@ public class TokenConst {
public static final String GRANT_TYPE_PASSWORD = "password";
public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
+
+ public static final String CONFIG_GRANTER_PASSWORD_ENABLED = "servicecomb.authentication.granter.password.enabled";
+
+ public static final String CONFIG_GRANTER_REFRESH_TOKEN_ENABLED = "servicecomb.authentication.granter.refreshToken.enabled";
}
diff --git a/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java b/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java
index 94b1e21..8fd7375 100644
--- a/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java
+++ b/api/common/endpoint/src/main/java/org/apache/servicecomb/authentication/token/TokenConfiguration.java
@@ -17,7 +17,7 @@
package org.apache.servicecomb.authentication.token;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
@@ -28,17 +28,17 @@ import org.springframework.security.jwt.crypto.sign.SignerVerifier;
@Configuration
public class TokenConfiguration {
- @Bean(name = {Constants.BEAN_AUTH_ACCESS_TOKEN_STORE,
- Constants.BEAN_AUTH_REFRESH_TOKEN_STORE})
- @Order(Constants.BEAN_DEFAULT_ORDER)
+ @Bean(name = {CommonConstants.BEAN_AUTH_ACCESS_TOKEN_STORE,
+ CommonConstants.BEAN_AUTH_REFRESH_TOKEN_STORE})
+ @Order(CommonConstants.BEAN_DEFAULT_ORDER)
public SessionTokenStore sessionTokenStore() {
return new SessionTokenStore();
}
- @Bean(name = {Constants.BEAN_AUTH_ID_TOKEN_STORE})
- @Order(Constants.BEAN_DEFAULT_ORDER)
- public JWTTokenStore jwtTokenStore(@Autowired @Qualifier(Constants.BEAN_AUTH_SIGNER) Signer signer,
- @Autowired @Qualifier(Constants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) {
+ @Bean(name = {CommonConstants.BEAN_AUTH_ID_TOKEN_STORE})
+ @Order(CommonConstants.BEAN_DEFAULT_ORDER)
+ public JWTTokenStore jwtTokenStore(@Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNER) Signer signer,
+ @Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) {
return new JWTTokenStoreImpl(signer, signerVerifier);
}
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
index 2cc797c..615d968 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
@@ -18,6 +18,7 @@
package org.apache.servicecomb.authentication.jwt;
public class JWTHeader {
+ //see: https://tools.ietf.org/html/rfc7519
private String typ;
private String alg;
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java
index 9bc43cf..52eaa74 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/AbstractOpenIDTokenStore.java
@@ -17,22 +17,22 @@
package org.apache.servicecomb.authentication.token;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.userdetails.UserDetails;
public abstract class AbstractOpenIDTokenStore implements OpenIDTokenStore {
@Autowired
- @Qualifier(Constants.BEAN_AUTH_ACCESS_TOKEN_STORE)
+ @Qualifier(CommonConstants.BEAN_AUTH_ACCESS_TOKEN_STORE)
private TokenStore<SessionToken> accessTokenStore;
@Autowired
- @Qualifier(Constants.BEAN_AUTH_REFRESH_TOKEN_STORE)
+ @Qualifier(CommonConstants.BEAN_AUTH_REFRESH_TOKEN_STORE)
private TokenStore<SessionToken> refreshTokenStore;
@Autowired
- @Qualifier(Constants.BEAN_AUTH_ID_TOKEN_STORE)
+ @Qualifier(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE)
private JWTTokenStore idTokenStore;
@Override
@@ -43,7 +43,7 @@ public abstract class AbstractOpenIDTokenStore implements OpenIDTokenStore {
@Override
public OpenIDToken createToken(UserDetails userDetails) {
OpenIDToken token = new OpenIDToken();
- token.setTokenType(Constants.TOKEN_TYPE_BEARER);
+ token.setTokenType(CommonConstants.TOKEN_TYPE_BEARER);
token.setAccessToken(accessTokenStore.createToken(userDetails));
token.setRefreshToken(refreshTokenStore.createToken(userDetails));
token.setIdToken(idTokenStore.createToken(userDetails));
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
index 522e475..1a09f58 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
@@ -20,6 +20,9 @@ package org.apache.servicecomb.authentication.token;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+/**
+ * In memory store, only used for testing or samples only. DO NOT use it in product.
+ */
public class InMemoryOpenIDTokenStore extends AbstractOpenIDTokenStore {
private static final Map<String, OpenIDToken> TOKENS = new ConcurrentHashMap<>();
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/Constants.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
similarity index 93%
rename from api/common/service/src/main/java/org/apache/servicecomb/authentication/util/Constants.java
rename to api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
index 43c85b5..74e8fe6 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/Constants.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
@@ -17,7 +17,7 @@
package org.apache.servicecomb.authentication.util;
-public final class Constants {
+public final class CommonConstants {
public static final String HTTP_HEADER_AUTHORIZATION = "Authorization";
public static final String CONTEXT_HEADER_AUTHORIZATION = "Authorization";
@@ -52,5 +52,5 @@ public final class Constants {
public static final String BEAN_AUTH_USER_DETAILS_SERVICE = "authUserDetailsService";
- public static final String CONFIG_GRANTER_PASSWORD_ENABLED = "servicecomb.authentication.granter.password.enabled";
+ public static final String BEAN_AUTH_AUTH_FILTER = "authAuthFilter";
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
index 850b733..1d1c165 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
@@ -21,7 +21,7 @@ import org.apache.servicecomb.authentication.token.JWTToken;
import org.apache.servicecomb.authentication.token.JWTTokenStore;
import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.apache.servicecomb.authentication.token.OpenIDTokenStore;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.apache.servicecomb.core.Handler;
import org.apache.servicecomb.core.Invocation;
import org.apache.servicecomb.foundation.common.utils.BeanUtils;
@@ -31,15 +31,15 @@ import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
public class AuthHandler implements Handler {
@Override
public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception {
- String token = invocation.getContext(Constants.CONTEXT_HEADER_AUTHORIZATION);
- String tokenType = invocation.getContext(Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE);
+ String token = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION);
+ String tokenType = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE);
if (token == null) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
return;
}
- if (Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
- JWTTokenStore jwtTokenStore = BeanUtils.getBean(Constants.BEAN_AUTH_ID_TOKEN_STORE);
+ if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
+ JWTTokenStore jwtTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE);
JWTToken jwtToken = jwtTokenStore.createTokenByValue(token);
if (jwtToken == null || jwtToken.isExpired()) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
@@ -47,11 +47,11 @@ public class AuthHandler implements Handler {
}
// send id_token to services to apply state less validation
- invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue());
+ invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue());
invocation.next(asyncResponse);
- } else if (Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) {
- OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
-
+ } else if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) {
+ // TODO: session based are not fully tested now, just code snippet
+ OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
OpenIDToken tokenResonse = openIDTokenStore.readTokenByValue(token);
if (tokenResonse == null || tokenResonse.isExpired()) {
@@ -60,7 +60,7 @@ public class AuthHandler implements Handler {
}
// send id_token to services to apply state less validation
- invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION, tokenResonse.getIdToken().getValue());
+ invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokenResonse.getIdToken().getValue());
invocation.next(asyncResponse);
} else {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
index 6b5b8d7..8a31649 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
@@ -17,7 +17,7 @@
package org.apache.servicecomb.authentication.edge;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.apache.servicecomb.common.rest.filter.HttpServerFilter;
import org.apache.servicecomb.core.Invocation;
import org.apache.servicecomb.foundation.vertx.http.HttpServletRequestEx;
@@ -34,14 +34,14 @@ public class AuthenticationFilter implements HttpServerFilter {
public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) {
// Now support bearer id tokens authentication
// TODO : add support for Cookies session tokens.
- String authentication = requestEx.getHeader(Constants.HTTP_HEADER_AUTHORIZATION);
+ String authentication = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION);
if (authentication != null) {
String[] tokens = authentication.split(" ");
if (tokens.length == 2) {
- if (tokens[0].equals(Constants.TOKEN_TYPE_BEARER)) {
- invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]);
- invocation.addContext(Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE,
- Constants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN);
+ if (tokens[0].equals(CommonConstants.TOKEN_TYPE_BEARER)) {
+ invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]);
+ invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE,
+ CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN);
}
}
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java
index 502dc7e..4142c4f 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java
@@ -17,15 +17,15 @@
package org.apache.servicecomb.authentication.edge;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
@Configuration
public class EdgeConfiguration {
- @Bean(name = {Constants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR})
- @Order(Constants.BEAN_DEFAULT_ORDER)
+ @Bean(name = {CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR})
+ @Order(CommonConstants.BEAN_DEFAULT_ORDER)
public EdgeTokenResponseProcessor edgeTokenResponseProcessor() {
return new DumyEdgeTokenResponseProcessor();
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
index 87f7696..8718a0c 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
@@ -21,7 +21,7 @@ import java.util.Map;
import java.util.concurrent.CompletableFuture;
import org.apache.servicecomb.authentication.server.TokenResponse;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.apache.servicecomb.provider.pojo.RpcReference;
import org.apache.servicecomb.provider.rest.common.RestSchema;
import org.springframework.beans.factory.annotation.Autowired;
@@ -39,7 +39,7 @@ public class TokenEndpoint implements TokenService {
private AuthenticationServerTokenEndpoint authenticationSererTokenEndpoint;
@Autowired
- @Qualifier(Constants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR)
+ @Qualifier(CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR)
private EdgeTokenResponseProcessor edgeTokenResponseProcessor;
@Override
diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java
similarity index 100%
copy from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java
copy to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java
diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java
similarity index 100%
rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java
rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfigurationManager.java
diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java
similarity index 100%
rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java
rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AccessDeniedExceptionExceptionToProducerResponseConverter.java
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFilter.java
similarity index 70%
copy from api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
copy to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFilter.java
index 2cc797c..22b2436 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
+++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFilter.java
@@ -15,28 +15,11 @@
* limitations under the License.
*/
-package org.apache.servicecomb.authentication.jwt;
-
-public class JWTHeader {
- private String typ;
-
- private String alg;
-
- public String getTyp() {
- return typ;
- }
-
- public void setTyp(String typ) {
- this.typ = typ;
- }
-
- public String getAlg() {
- return alg;
- }
-
- public void setAlg(String alg) {
- this.alg = alg;
- }
+package org.apache.servicecomb.authentication.resource;
+import org.apache.servicecomb.core.Invocation;
+import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
+public interface AuthFilter {
+ void doFilter(Invocation invocation) throws InvocationException;
}
diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFiltersBean.java
similarity index 61%
rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java
rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFiltersBean.java
index 8167612..6e01029 100644
--- a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/AccessConfiguration.java
+++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthFiltersBean.java
@@ -17,21 +17,25 @@
package org.apache.servicecomb.authentication.resource;
-import org.apache.servicecomb.config.inject.InjectProperties;
-import org.apache.servicecomb.config.inject.InjectProperty;
+import java.util.List;
-@InjectProperties(prefix = "servicecomb.authencation.access")
-public class AccessConfiguration {
- @InjectProperty(keys = {
- "needAuth.${schemaId}.${operationId}",
- "needAuth.${schemaId}",
- "needAuth"},
- defaultValue = "true")
- public boolean needAuth;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
- @InjectProperty(keys = {
- "roles.${schemaId}.${operationId}",
- "roles.${schemaId}",
- "roles"})
- public String roles;
+@Component
+public class AuthFiltersBean implements InitializingBean {
+ @Autowired
+ private List<AuthFilter> authFilters;
+
+ private static List<AuthFilter> FILTERS;
+
+ public static List<AuthFilter> getAuthFilters() {
+ return FILTERS;
+ }
+
+ @Override
+ public void afterPropertiesSet() throws Exception {
+ FILTERS = authFilters;
+ }
}
diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationAuthFilter.java
similarity index 62%
rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java
rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationAuthFilter.java
index 73f0b1a..468f881 100644
--- a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java
+++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationAuthFilter.java
@@ -20,76 +20,57 @@ package org.apache.servicecomb.authentication.resource;
import java.util.HashSet;
import java.util.Set;
-import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.authentication.token.JWTToken;
import org.apache.servicecomb.authentication.token.JWTTokenStore;
-import org.apache.servicecomb.authentication.util.Constants;
-import org.apache.servicecomb.core.Handler;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.apache.servicecomb.core.Invocation;
import org.apache.servicecomb.foundation.common.utils.BeanUtils;
-import org.apache.servicecomb.swagger.invocation.AsyncResponse;
import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
+import org.springframework.core.annotation.Order;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.stereotype.Component;
-public class ResourceAuthHandler implements Handler {
+@Component
+@Order(0)
+public class AuthenticationAuthFilter implements AuthFilter {
@Override
- public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception {
+ public void doFilter(Invocation invocation) throws InvocationException {
AccessConfiguration config = AccessConfigurationManager.getAccessConfiguration(invocation);
// by pass authentication
if (!config.needAuth) {
- invocation.next(asyncResponse);
+ // TODO : shall we do authorization without authenticated?
+ createSecurityContext(new HashSet<>());
return;
}
- String idTokenValue = invocation.getContext(Constants.CONTEXT_HEADER_AUTHORIZATION);
+ String idTokenValue = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION);
if (idTokenValue == null) {
- asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
- return;
+ throw new InvocationException(403, "forbidden", "not authenticated");
}
+
// verify tokens
- JWTTokenStore store = BeanUtils.getBean(Constants.BEAN_AUTH_ID_TOKEN_STORE);
+ JWTTokenStore store = BeanUtils.getBean(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE);
JWTToken idToken = store.createTokenByValue(idTokenValue);
if (idToken == null) {
- asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
- return;
- }
-
- // check roles
- if (!StringUtils.isEmpty(config.roles)) {
- String[] roles = config.roles.split(",");
- if (roles.length > 0) {
- boolean valid = false;
- Set<String> authorities = idToken.getClaims().getAuthorities();
- for (String role : roles) {
- if (authorities.contains(role)) {
- valid = true;
- break;
- }
- }
- if (!valid) {
- asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
- return;
- }
- }
+ throw new InvocationException(403, "forbidden", "not authenticated");
}
- // pre method authentiation
Set<GrantedAuthority> grantedAuthorities = new HashSet<>(idToken.getClaims().getAuthorities().size());
idToken.getClaims().getAuthorities().forEach(v -> grantedAuthorities.add(new SimpleGrantedAuthority(v)));
+ createSecurityContext(grantedAuthorities);
+ }
+
+ private void createSecurityContext(Set<GrantedAuthority> grantedAuthorities) {
SecurityContext sc = new SecurityContextImpl();
Authentication authentication = new SimpleAuthentication(true, grantedAuthorities);
sc.setAuthentication(authentication);
SecurityContextHolder.setContext(sc);
-
- // next
- invocation.next(asyncResponse);
}
-
}
diff --git a/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ConfigBasedAuthoriaztionAuthFilter.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ConfigBasedAuthoriaztionAuthFilter.java
new file mode 100644
index 0000000..e9a6086
--- /dev/null
+++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ConfigBasedAuthoriaztionAuthFilter.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.servicecomb.authentication.resource;
+
+import java.util.Collection;
+import java.util.HashSet;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.servicecomb.core.Invocation;
+import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+@Component
+@Order(100)
+public class ConfigBasedAuthoriaztionAuthFilter implements AuthFilter {
+
+ @Override
+ public void doFilter(Invocation invocation) throws InvocationException {
+ AccessConfiguration config = AccessConfigurationManager.getAccessConfiguration(invocation);
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ // check roles
+ if (!StringUtils.isEmpty(config.roles)) {
+ String[] roles = config.roles.split(",");
+ if (roles.length > 0) {
+ boolean valid = false;
+ Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+ Collection<String> authoritiesNames = new HashSet<String>();
+ authorities.forEach(a -> authoritiesNames.add(a.getAuthority()));
+ for (String role : roles) {
+ if (authoritiesNames.contains(role)) {
+ valid = true;
+ break;
+ }
+ }
+ if (!valid) {
+ throw new InvocationException(403, "forbidden", "not authenticated");
+ }
+ }
+ }
+ }
+
+}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java
similarity index 62%
copy from api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
copy to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java
index 2cc797c..c47ae33 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/jwt/JWTHeader.java
+++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java
@@ -15,28 +15,18 @@
* limitations under the License.
*/
-package org.apache.servicecomb.authentication.jwt;
+package org.apache.servicecomb.authentication.resource;
-public class JWTHeader {
- private String typ;
+import org.apache.servicecomb.core.Handler;
+import org.apache.servicecomb.core.Invocation;
+import org.apache.servicecomb.swagger.invocation.AsyncResponse;
- private String alg;
+public class ResourceAuthHandler implements Handler {
- public String getTyp() {
- return typ;
+ @Override
+ public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception {
+ AuthFiltersBean.getAuthFilters().forEach(authFilter -> authFilter.doFilter(invocation));
+ invocation.next(asyncResponse);
}
- public void setTyp(String typ) {
- this.typ = typ;
- }
-
- public String getAlg() {
- return alg;
- }
-
- public void setAlg(String alg) {
- this.alg = alg;
- }
-
-
}
diff --git a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java
similarity index 99%
rename from api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java
rename to api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java
index a23404c..d1d192a 100644
--- a/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java
+++ b/api/resource-server/endpoint/src/main/java/org/apache/servicecomb/authentication/resource/SimpleAuthentication.java
@@ -23,10 +23,6 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
public class SimpleAuthentication implements Authentication {
-
- /**
- *
- */
private static final long serialVersionUID = 6077733273349249822L;
private boolean authenticated;
diff --git a/api/resource-server/service/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter b/api/resource-server/endpoint/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter
similarity index 100%
rename from api/resource-server/service/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter
rename to api/resource-server/endpoint/src/main/resources/META-INF/services/org.apache.servicecomb.swagger.invocation.exception.ExceptionToProducerResponseConverter
diff --git a/api/resource-server/service/src/main/resources/config/cse.handler.xml b/api/resource-server/endpoint/src/main/resources/config/cse.handler.xml
similarity index 100%
rename from api/resource-server/service/src/main/resources/config/cse.handler.xml
rename to api/resource-server/endpoint/src/main/resources/config/cse.handler.xml
diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java
index 49639ff..169f28b 100644
--- a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java
+++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java
@@ -21,7 +21,7 @@ import java.util.Arrays;
import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
import org.apache.servicecomb.authentication.token.InMemoryOpenIDTokenStore;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
@@ -38,27 +38,27 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
public class AuthenticationConfiguration {
- @Bean(name = Constants.BEAN_AUTH_PASSWORD_ENCODER)
+ @Bean(name = CommonConstants.BEAN_AUTH_PASSWORD_ENCODER)
public PasswordEncoder authPasswordEncoder() {
return new Pbkdf2PasswordEncoder();
}
- @Bean(name = {Constants.BEAN_AUTH_SIGNER, Constants.BEAN_AUTH_SIGNATURE_VERIFIER})
+ @Bean(name = {CommonConstants.BEAN_AUTH_SIGNER, CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER})
public SignerVerifier authSignerVerifier() {
// If using RSA, need to configure authSigner and authSignatureVerifier separately.
// If using MacSigner, need to protect the shared key by properly encryption.
return new MacSigner("Please change this key.");
}
- @Bean(name = Constants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
+ @Bean(name = CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
public AbstractOpenIDTokenStore openIDTokenStore() {
// TODO: Use in memory store for testing. Need to implement JDBC or Redis SessionIDTokenStore in product.
return new InMemoryOpenIDTokenStore();
}
- @Bean(name = Constants.BEAN_AUTH_USER_DETAILS_SERVICE)
+ @Bean(name = CommonConstants.BEAN_AUTH_USER_DETAILS_SERVICE)
public UserDetailsService authUserDetailsService(
- @Autowired @Qualifier(Constants.BEAN_AUTH_PASSWORD_ENCODER) PasswordEncoder passwordEncoder) {
+ @Autowired @Qualifier(CommonConstants.BEAN_AUTH_PASSWORD_ENCODER) PasswordEncoder passwordEncoder) {
// TODO: Use in memory UserDetails, need to implement JDBC or others in product
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
UserDetails uAdmin = new User("admin", passwordEncoder.encode("changeMyPassword"),
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
index eb13bf1..0b7601f 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
@@ -18,7 +18,7 @@
package org.apache.servicecomb.authentication;
import org.apache.servicecomb.authentication.server.TokenResponse;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
@@ -53,7 +53,7 @@ public class AuthenticationTestCase implements TestCase {
BootEventListener.edgeServiceTokenEndpoint.postForObject("/",
new HttpEntity<>(map, headers),
TokenResponse.class);
- TestMgr.check(Constants.TOKEN_TYPE_BEARER, token.getToken_type());
+ TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type());
TestMgr.check(true, token.getId_token().length() > 10);
return token.getId_token();
}
@@ -71,7 +71,7 @@ public class AuthenticationTestCase implements TestCase {
BootEventListener.edgeServiceTokenEndpoint.postForObject("/",
new HttpEntity<>(map, headers),
TokenResponse.class);
- TestMgr.check(Constants.TOKEN_TYPE_BEARER, token.getToken_type());
+ TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type());
TestMgr.check(true, token.getAccess_token().length() > 10);
// refresh token
diff --git a/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java b/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java
index 62ab060..bd0b588 100644
--- a/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java
+++ b/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java
@@ -19,7 +19,7 @@ package org.apache.servicecomb.authentication.gateway;
import org.apache.servicecomb.authentication.token.JWTTokenStore;
import org.apache.servicecomb.authentication.token.JWTTokenStoreImpl;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
@@ -30,16 +30,16 @@ import org.springframework.security.jwt.crypto.sign.SignerVerifier;
@Configuration
public class AuthenticationConfiguration {
- @Bean(name = {Constants.BEAN_AUTH_SIGNER, Constants.BEAN_AUTH_SIGNATURE_VERIFIER})
+ @Bean(name = {CommonConstants.BEAN_AUTH_SIGNER, CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER})
public SignerVerifier authSignerVerifier() {
// If using RSA, need to configure authSigner and authSignatureVerifier separately.
// If using MacSigner, need to protect the shared key by properly encryption.
return new MacSigner("Please change this key.");
}
- @Bean(name = Constants.BEAN_AUTH_ID_TOKEN_STORE)
- public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(Constants.BEAN_AUTH_SIGNER) Signer signer,
- @Autowired @Qualifier(Constants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) {
+ @Bean(name = CommonConstants.BEAN_AUTH_ID_TOKEN_STORE)
+ public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNER) Signer signer,
+ @Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) {
return new JWTTokenStoreImpl(signer, signerVerifier);
}
diff --git a/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java b/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java
index b1dcb00..77d857e 100644
--- a/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java
+++ b/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java
@@ -19,7 +19,7 @@ package org.apache.servicecomb.authentication.resource;
import org.apache.servicecomb.authentication.token.JWTTokenStore;
import org.apache.servicecomb.authentication.token.JWTTokenStoreImpl;
-import org.apache.servicecomb.authentication.util.Constants;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
@@ -30,16 +30,16 @@ import org.springframework.security.jwt.crypto.sign.SignerVerifier;
@Configuration
public class AuthenticationConfiguration {
- @Bean(name = {Constants.BEAN_AUTH_SIGNER, Constants.BEAN_AUTH_SIGNATURE_VERIFIER})
+ @Bean(name = {CommonConstants.BEAN_AUTH_SIGNER, CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER})
public SignerVerifier authSignerVerifier() {
// If using RSA, need to configure authSigner and authSignatureVerifier separately.
// If using MacSigner, need to protect the shared key by properly encryption.
return new MacSigner("Please change this key.");
}
- @Bean(name = Constants.BEAN_AUTH_ID_TOKEN_STORE)
- public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(Constants.BEAN_AUTH_SIGNER) Signer signer,
- @Autowired @Qualifier(Constants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) {
+ @Bean(name = CommonConstants.BEAN_AUTH_ID_TOKEN_STORE)
+ public JWTTokenStore authIDTokenStore(@Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNER) Signer signer,
+ @Autowired @Qualifier(CommonConstants.BEAN_AUTH_SIGNATURE_VERIFIER) SignerVerifier signerVerifier) {
return new JWTTokenStoreImpl(signer, signerVerifier);
}