You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2019/07/12 01:35:29 UTC
[servicecomb-fence] branch master updated (0ca8990 -> cb6d5b0)
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git.
from 0ca8990 [SCB-1364]add database implementations for UserDetailsService
new 2f68b2e [SCB-1365]add database implementations for OpenIDStore
new 01d23ad [SCB-1365]implements OpenIDStore for edge service
new cb6d5b0 [SCB-1365]demonstrates access token & id token authentication
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../authentication/server/GithubTokenGranter.java | 4 +-
.../server/PasswordTokenGranter.java | 4 +-
.../server/RefreshTokenTokenGranter.java | 8 +-
.../server/ThirdPartyTokenGranter.java | 5 +-
.../authentication/server/TokenEndpoint.java | 27 ++++++-
.../authentication/server/TokenGranter.java | 6 +-
.../authentication/server/TokenService.java | 6 +-
.../token/InMemoryOpenIDTokenStore.java | 14 ++--
.../servicecomb/authentication/token/JWTToken.java | 74 ++++++++++++++++++-
.../authentication/token/JWTTokenImpl.java | 85 ----------------------
.../authentication/token/JWTTokenStoreImpl.java | 4 +-
.../authentication/token/OpenIDToken.java | 19 ++++-
.../authentication/token/OpenIDTokenStore.java | 8 +-
.../authentication/token/SessionToken.java | 70 +++++++++++++++++-
.../authentication/token/SessionTokenImpl.java | 79 --------------------
.../authentication/token/SessionTokenStore.java | 2 +-
.../servicecomb/authentication/token/Token.java | 10 ++-
.../authentication/util/CommonConstants.java | 16 ++--
api/edge-service/endpoint/pom.xml | 5 ++
.../authentication/edge/AuthHandler.java | 38 ++++++----
.../authentication/edge/AuthenticationFilter.java | 5 +-
.../edge/AuthenticationServerTokenEndpoint.java | 8 +-
.../edge/DumyEdgeTokenResponseProcessor.java | 30 --------
.../authentication/edge/EdgeConfiguration.java | 9 +--
.../authentication/edge/EdgeOpenIDTokenStore.java | 54 ++++++++++++++
.../edge/EdgeTokenResponseProcessor.java | 24 ------
.../authentication/edge/TokenEndpoint.java | 16 +---
.../authentication/edge}/TokenResponse.java | 2 +-
.../authentication/edge/TokenService.java | 2 -
.../AuthenticationConfiguration.java | 8 --
.../authentication/JDBCOpenIDTokenStore.java | 63 ++++++++++++++++
.../user/{UserMapper.java => TokenMapper.java} | 14 +++-
.../META-INF/spring/authentication.server.bean.xml | 6 +-
.../src/main/resources/config/TokenMapper.xml | 35 +++++++++
.../src/main/resources/config/mybatis-config.xml | 7 +-
.../src/main/resources/sql/user.sql | 1 -
samples/Client/pom.xml | 4 +-
.../authentication/AuthenticationTestCase.java | 46 ++++++++----
.../authentication/TokenExpireTestCase.java | 24 ++++--
39 files changed, 494 insertions(+), 348 deletions(-)
delete mode 100644 api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java
delete mode 100644 api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java
delete mode 100644 api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java
create mode 100644 api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeOpenIDTokenStore.java
delete mode 100644 api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java
rename api/{authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server => edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge}/TokenResponse.java (98%)
create mode 100644 samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
copy samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/{UserMapper.java => TokenMapper.java} (62%)
create mode 100644 samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml
[servicecomb-fence] 02/03: [SCB-1365]implements OpenIDStore for
edge service
Posted by li...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit 01d23ade21287b2ac9f2d1c53fa65f8c543165d2
Author: liubao <bi...@qq.com>
AuthorDate: Thu Jul 11 10:09:57 2019 +0800
[SCB-1365]implements OpenIDStore for edge service
---
.../server/RefreshTokenTokenGranter.java | 2 +-
.../authentication/server/TokenEndpoint.java | 24 ++++++++++++-
.../authentication/server/TokenService.java | 4 ++-
.../token/InMemoryOpenIDTokenStore.java | 9 +++--
.../authentication/token/OpenIDTokenStore.java | 6 ++--
.../authentication/util/CommonConstants.java | 10 +++---
api/edge-service/endpoint/pom.xml | 5 +++
.../authentication/edge/AuthHandler.java | 34 ++++++++++--------
.../edge/AuthenticationServerTokenEndpoint.java | 6 +++-
.../authentication/edge/EdgeOpenIDTokenStore.java | 40 ++++++++++------------
.../authentication/edge/TokenEndpoint.java | 2 +-
.../authentication/JDBCOpenIDTokenStore.java | 13 ++++---
12 files changed, 101 insertions(+), 54 deletions(-)
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
index 9204dc3..998bb51 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
@@ -62,7 +62,7 @@ public class RefreshTokenTokenGranter implements TokenGranter {
return null;
}
- Token refreshToken = openIDTokenStore.readTokenByRefreshTokenValue(refreshTokenValue);
+ Token refreshToken = openIDTokenStore.readTokenByRefreshToken(refreshTokenValue);
if (refreshToken != null && !refreshToken.isExpired()) {
UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.getUsername());
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
index bd7f8d8..ee8bbb7 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
@@ -19,15 +19,22 @@ package org.apache.servicecomb.authentication.server;
import java.util.List;
import java.util.Map;
+import java.util.concurrent.CompletableFuture;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response.Status;
import org.apache.servicecomb.authentication.token.OpenIDToken;
+import org.apache.servicecomb.authentication.token.OpenIDTokenStore;
+import org.apache.servicecomb.authentication.util.CommonConstants;
import org.apache.servicecomb.provider.rest.common.RestSchema;
+import org.apache.servicecomb.swagger.invocation.exception.InvocationException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
@RestSchema(schemaId = "TokenEndpoint")
@RequestMapping(path = "/v1/token")
@@ -35,9 +42,13 @@ public class TokenEndpoint implements TokenService {
@Autowired
private List<TokenGranter> granters;
+ @Autowired
+ @Qualifier(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
+ private OpenIDTokenStore store;
+
@Override
@PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED)
- public OpenIDToken getToken(@RequestBody Map<String, String> parameters) {
+ public OpenIDToken grantToken(@RequestBody Map<String, String> parameters) {
String grantType = parameters.get(AuthenticationServerConstants.PARAM_GRANT_TYPE);
for (TokenGranter granter : granters) {
@@ -52,4 +63,15 @@ public class TokenEndpoint implements TokenService {
return null;
}
+ @Override
+ @PostMapping(path = "/query")
+ public OpenIDToken queryToken(@RequestParam("access_token") String accessToken) {
+ CompletableFuture<OpenIDToken> result = store.readTokenByAccessToken(accessToken);
+ try {
+ return result.get();
+ } catch (Exception e) {
+ throw new InvocationException(Status.INTERNAL_SERVER_ERROR, "internal unexpected error.");
+ }
+ }
+
}
diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java
index 140ef61..2ae3d0f 100644
--- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java
+++ b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java
@@ -22,5 +22,7 @@ import java.util.Map;
import org.apache.servicecomb.authentication.token.OpenIDToken;
public interface TokenService {
- OpenIDToken getToken(Map<String, String> parameters);
+ OpenIDToken grantToken(Map<String, String> parameters);
+
+ OpenIDToken queryToken(String accessToken);
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
index 341f8fd..0458f29 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
@@ -18,6 +18,7 @@
package org.apache.servicecomb.authentication.token;
import java.util.Map;
+import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
/**
@@ -31,12 +32,14 @@ public class InMemoryOpenIDTokenStore extends AbstractOpenIDTokenStore {
private static final Map<String, OpenIDToken> TOKENS_BY_ID_TOKEN_VALUE = new ConcurrentHashMap<>();
@Override
- public OpenIDToken readTokenByValue(String value) {
- return TOKENS.get(value);
+ public CompletableFuture<OpenIDToken> readTokenByAccessToken(String value) {
+ CompletableFuture<OpenIDToken> result = new CompletableFuture<>();
+ result.complete(TOKENS.get(value));
+ return result;
}
@Override
- public OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue) {
+ public OpenIDToken readTokenByRefreshToken(String refreshTokenValue) {
return TOKENS_BY_REFRESH_TOKEN_VALUE.get(refreshTokenValue);
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
index 4fdf6a2..e767ddd 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
@@ -17,11 +17,13 @@
package org.apache.servicecomb.authentication.token;
+import java.util.concurrent.CompletableFuture;
+
public interface OpenIDTokenStore extends TokenStore<OpenIDToken> {
- OpenIDToken readTokenByValue(String value);
+ CompletableFuture<OpenIDToken> readTokenByAccessToken(String accessToken);
- OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue);
+ OpenIDToken readTokenByRefreshToken(String refreshToken);
JWTToken createIDTokenByValue(String jwtTokenValue);
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
index c866e7e..03ee62e 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
@@ -18,16 +18,18 @@
package org.apache.servicecomb.authentication.util;
public final class CommonConstants {
+ public static final String ACCESS_CONTROL_INTERNAL = "INTERNAL";
+
public static final String HTTP_HEADER_AUTHORIZATION = "Authorization";
public static final String CONTEXT_HEADER_AUTHORIZATION = "Authorization";
public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE";
-
+
public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN";
-
+
public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN = "SESSION_TOKEN";
-
+
public static final String CONTEXT_HEADER_CLAIMS = "Claims";
public static final String TOKEN_TYPE_BEARER = "Bearer";
@@ -49,6 +51,6 @@ public final class CommonConstants {
public static final String BEAN_AUTH_ID_TOKEN_STORE = "authIDTokenStore";
public static final String BEAN_AUTH_OPEN_ID_TOKEN_STORE = "authOpenIDTokenStore";
-
+
public static final String BEAN_AUTH_USER_DETAILS_SERVICE = "authUserDetailsService";
}
diff --git a/api/edge-service/endpoint/pom.xml b/api/edge-service/endpoint/pom.xml
index 66c4a87..553a17c 100644
--- a/api/edge-service/endpoint/pom.xml
+++ b/api/edge-service/endpoint/pom.xml
@@ -26,6 +26,11 @@
<dependencies>
<dependency>
<groupId>org.apache.servicecomb.authentication</groupId>
+ <artifactId>authentication-common-api-endpoint</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.servicecomb.authentication</groupId>
<artifactId>authentication-edge-api-service</artifactId>
<version>${project.parent.version}</version>
</dependency>
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
index a4b0849..e99e90c 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
@@ -17,8 +17,9 @@
package org.apache.servicecomb.authentication.edge;
+import java.util.concurrent.CompletableFuture;
+
import org.apache.servicecomb.authentication.token.JWTToken;
-import org.apache.servicecomb.authentication.token.JWTTokenStore;
import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.apache.servicecomb.authentication.token.OpenIDTokenStore;
import org.apache.servicecomb.authentication.util.CommonConstants;
@@ -38,9 +39,10 @@ public class AuthHandler implements Handler {
return;
}
+ OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
+
if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
- JWTTokenStore jwtTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE);
- JWTToken jwtToken = jwtTokenStore.createTokenByValue(token);
+ JWTToken jwtToken = openIDTokenStore.createIDTokenByValue(token);
if (jwtToken == null || jwtToken.isExpired()) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "token expired or not valid."));
return;
@@ -50,18 +52,22 @@ public class AuthHandler implements Handler {
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue());
invocation.next(asyncResponse);
} else if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) {
- // TODO: session based are not fully tested now, just code snippet
- OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
+ CompletableFuture<OpenIDToken> openIDTokenFuture = openIDTokenStore.readTokenByAccessToken(token);
+ openIDTokenFuture.whenComplete((res, ex) -> {
+ if (openIDTokenFuture.isCompletedExceptionally() || res == null || res.isExpired()) {
+ asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
+ return;
+ }
- OpenIDToken tokenResonse = openIDTokenStore.readTokenByValue(token);
- if (tokenResonse == null || tokenResonse.isExpired()) {
- asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
- return;
- }
-
- // send id_token to services to apply state less validation
- invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokenResonse.getIdToken().getValue());
- invocation.next(asyncResponse);
+ // send id_token to services to apply state less validation
+ invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, res.getIdToken().getValue());
+ try {
+ invocation.next(asyncResponse);
+ } catch (Exception e) {
+ asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
+ return;
+ }
+ });
} else {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
return;
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java
index 18ad3af..9a29c34 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java
@@ -24,8 +24,12 @@ import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
public interface AuthenticationServerTokenEndpoint {
@PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
- public CompletableFuture<OpenIDToken> getToken(@RequestBody Map<String, String> parameters);
+ public CompletableFuture<OpenIDToken> grantToken(@RequestBody Map<String, String> parameters);
+
+ @PostMapping(path = "/query")
+ public CompletableFuture<OpenIDToken> queryToken(@RequestParam("access_token") String accessToken);
}
diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeOpenIDTokenStore.java
similarity index 55%
copy from samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
copy to api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeOpenIDTokenStore.java
index 0163612..8d6348f 100644
--- a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeOpenIDTokenStore.java
@@ -15,44 +15,40 @@
* limitations under the License.
*/
-package org.apache.servicecomb.authentication;
+package org.apache.servicecomb.authentication.edge;
+
+import java.util.concurrent.CompletableFuture;
-import org.apache.servicecomb.authentication.jwt.JsonParser;
import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
import org.apache.servicecomb.authentication.token.OpenIDToken;
-import org.apache.servicecomb.authentication.user.TokenMapper;
import org.apache.servicecomb.authentication.util.CommonConstants;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.apache.servicecomb.provider.pojo.RpcReference;
+import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
@Component(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
-public class JDBCOpenIDTokenStore extends AbstractOpenIDTokenStore {
- @Autowired
- private TokenMapper tokenMapper;
+public class EdgeOpenIDTokenStore extends AbstractOpenIDTokenStore {
+ @RpcReference(microserviceName = "authentication-server", schemaId = "TokenEndpoint")
+ private AuthenticationServerTokenEndpoint tokenEndpoint;
+
+ @Override
+ public OpenIDToken createToken(UserDetails userDetails) {
+ throw new UnsupportedOperationException();
+ }
@Override
- public OpenIDToken readTokenByValue(String value) {
- String tokenInfo = tokenMapper.getTokenInfoByAccessTokenId(value);
- if (tokenInfo != null) {
- return JsonParser.parse(tokenInfo, OpenIDToken.class);
- }
- return null;
+ public CompletableFuture<OpenIDToken> readTokenByAccessToken(String accessToken) {
+ return tokenEndpoint.queryToken(accessToken);
}
@Override
- public OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue) {
- String tokenInfo = tokenMapper.getTokenInfoByRefreshTokenId(refreshTokenValue);
- if (tokenInfo != null) {
- return JsonParser.parse(tokenInfo, OpenIDToken.class);
- }
- return null;
+ public OpenIDToken readTokenByRefreshToken(String refreshToken) {
+ throw new UnsupportedOperationException();
}
@Override
public void saveToken(OpenIDToken token) {
- tokenMapper.insertNewToken(token.getValue(),
- token.getRefreshToken().getValue(),
- JsonParser.unparse(token));
+ throw new UnsupportedOperationException();
}
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
index ffafe1a..c454f48 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
@@ -40,7 +40,7 @@ public class TokenEndpoint implements TokenService {
CompletableFuture<TokenResponse> result = new CompletableFuture<>();
CompletableFuture<OpenIDToken> response =
- authenticationSererTokenEndpoint.getToken(parameters);
+ authenticationSererTokenEndpoint.grantToken(parameters);
response.whenComplete((tokenResonse, ex) -> {
if (!response.isCompletedExceptionally()) {
result.complete(TokenResponse.fromOpenIDToken(tokenResonse));
diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
index 0163612..8382fb1 100644
--- a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
+++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
@@ -17,6 +17,8 @@
package org.apache.servicecomb.authentication;
+import java.util.concurrent.CompletableFuture;
+
import org.apache.servicecomb.authentication.jwt.JsonParser;
import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
import org.apache.servicecomb.authentication.token.OpenIDToken;
@@ -31,16 +33,19 @@ public class JDBCOpenIDTokenStore extends AbstractOpenIDTokenStore {
private TokenMapper tokenMapper;
@Override
- public OpenIDToken readTokenByValue(String value) {
+ public CompletableFuture<OpenIDToken> readTokenByAccessToken(String value) {
+ CompletableFuture<OpenIDToken> result = new CompletableFuture<>();
+
String tokenInfo = tokenMapper.getTokenInfoByAccessTokenId(value);
if (tokenInfo != null) {
- return JsonParser.parse(tokenInfo, OpenIDToken.class);
+ result.complete(JsonParser.parse(tokenInfo, OpenIDToken.class));
}
- return null;
+ result.complete(null);
+ return result;
}
@Override
- public OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue) {
+ public OpenIDToken readTokenByRefreshToken(String refreshTokenValue) {
String tokenInfo = tokenMapper.getTokenInfoByRefreshTokenId(refreshTokenValue);
if (tokenInfo != null) {
return JsonParser.parse(tokenInfo, OpenIDToken.class);
[servicecomb-fence] 01/03: [SCB-1365]add database implementations
for OpenIDStore
Posted by li...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit 2f68b2e415485434c56e9b2249828d63e2b248c4
Author: liubao <bi...@qq.com>
AuthorDate: Wed Jul 10 09:45:51 2019 +0800
[SCB-1365]add database implementations for OpenIDStore
---
.../authentication/server/GithubTokenGranter.java | 4 +-
.../server/PasswordTokenGranter.java | 4 +-
.../server/RefreshTokenTokenGranter.java | 6 +-
.../server/ThirdPartyTokenGranter.java | 5 +-
.../authentication/server/TokenEndpoint.java | 5 +-
.../authentication/server/TokenGranter.java | 6 +-
.../authentication/server/TokenService.java | 4 +-
.../token/InMemoryOpenIDTokenStore.java | 5 --
.../servicecomb/authentication/token/JWTToken.java | 74 ++++++++++++++++++-
.../authentication/token/JWTTokenImpl.java | 85 ----------------------
.../authentication/token/JWTTokenStoreImpl.java | 4 +-
.../authentication/token/OpenIDToken.java | 19 ++++-
.../authentication/token/OpenIDTokenStore.java | 2 -
.../authentication/token/SessionToken.java | 70 +++++++++++++++++-
.../authentication/token/SessionTokenImpl.java | 79 --------------------
.../authentication/token/SessionTokenStore.java | 2 +-
.../servicecomb/authentication/token/Token.java | 10 ++-
.../edge/AuthenticationServerTokenEndpoint.java | 4 +-
.../edge/DumyEdgeTokenResponseProcessor.java | 30 --------
.../authentication/edge/EdgeConfiguration.java | 9 +--
.../edge/EdgeTokenResponseProcessor.java | 24 ------
.../authentication/edge/TokenEndpoint.java | 14 +---
.../authentication/edge}/TokenResponse.java | 2 +-
.../authentication/edge/TokenService.java | 2 -
.../AuthenticationConfiguration.java | 8 --
.../authentication/JDBCOpenIDTokenStore.java | 58 +++++++++++++++
.../authentication/user/TokenMapper.java | 17 +++--
.../META-INF/spring/authentication.server.bean.xml | 6 +-
.../src/main/resources/config/TokenMapper.xml | 35 +++++++++
.../src/main/resources/config/mybatis-config.xml | 7 +-
.../src/main/resources/sql/user.sql | 1 -
samples/Client/pom.xml | 4 +-
.../authentication/AuthenticationTestCase.java | 2 +-
.../authentication/TokenExpireTestCase.java | 2 +-
34 files changed, 310 insertions(+), 299 deletions(-)
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java
index 2840840..d8ed4ac 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/GithubTokenGranter.java
@@ -73,7 +73,7 @@ public class GithubTokenGranter implements ThirdPartyTokenGranter {
}
@Override
- public TokenResponse grant(String code, String state, String login) {
+ public OpenIDToken grant(String code, String state, String login) {
GithubAccessTokenResponse response = null;
try {
HttpHeaders headers = new HttpHeaders();
@@ -107,7 +107,7 @@ public class GithubTokenGranter implements ThirdPartyTokenGranter {
response);
openIDTokenStore.saveToken(openIDToken);
- return TokenResponse.fromOpenIDToken(openIDToken);
+ return openIDToken;
} catch (UsernameNotFoundException e) {
return null;
}
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java
index bb32d48..5740bc0 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java
@@ -48,7 +48,7 @@ public class PasswordTokenGranter implements TokenGranter {
private AbstractOpenIDTokenStore openIDTokenStore;
@Override
- public TokenResponse grant(Map<String, String> parameters) {
+ public OpenIDToken grant(Map<String, String> parameters) {
String username = parameters.get(AuthenticationServerConstants.PARAM_USERNAME);
String password = parameters.get(AuthenticationServerConstants.PARAM_PASSWORD);
@@ -61,7 +61,7 @@ public class PasswordTokenGranter implements TokenGranter {
if (passwordEncoder.matches(password, userDetails.getPassword())) {
OpenIDToken openIDToken = openIDTokenStore.createToken(userDetails);
openIDTokenStore.saveToken(openIDToken);
- return TokenResponse.fromOpenIDToken(openIDToken);
+ return openIDToken;
} else {
return null;
}
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
index a18bd2d..9204dc3 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java
@@ -55,7 +55,7 @@ public class RefreshTokenTokenGranter implements TokenGranter {
}
@Override
- public TokenResponse grant(Map<String, String> parameters) {
+ public OpenIDToken grant(Map<String, String> parameters) {
String refreshTokenValue = parameters.get(AuthenticationServerConstants.PARAM_REFRESH_TOKEN);
if (StringUtils.isEmpty(refreshTokenValue)) {
@@ -65,10 +65,10 @@ public class RefreshTokenTokenGranter implements TokenGranter {
Token refreshToken = openIDTokenStore.readTokenByRefreshTokenValue(refreshTokenValue);
if (refreshToken != null && !refreshToken.isExpired()) {
- UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.username());
+ UserDetails userDetails = userDetailsService.loadUserByUsername(refreshToken.getUsername());
OpenIDToken openIDToken = openIDTokenStore.createToken(userDetails);
openIDTokenStore.saveToken(openIDToken);
- return TokenResponse.fromOpenIDToken(openIDToken);
+ return openIDToken;
}
return null;
}
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java
index 1ef4fc8..788d31b 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/ThirdPartyTokenGranter.java
@@ -20,6 +20,7 @@ package org.apache.servicecomb.authentication.server;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
public interface ThirdPartyTokenGranter extends TokenGranter {
@@ -29,7 +30,7 @@ public interface ThirdPartyTokenGranter extends TokenGranter {
}
@Override
- default TokenResponse grant(Map<String, String> parameters) {
+ default OpenIDToken grant(Map<String, String> parameters) {
String provider = parameters.get(AuthenticationServerConstants.PARAM_PROVIDER);
String code = parameters.get(AuthenticationServerConstants.PARAM_CODE);
String state = parameters.get(AuthenticationServerConstants.PARAM_STATE);
@@ -49,7 +50,7 @@ public interface ThirdPartyTokenGranter extends TokenGranter {
String name();
- TokenResponse grant(String code, String state, String login);
+ OpenIDToken grant(String code, String state, String login);
/**
* In authorization code mode, need to get authentication provider information first.
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
index fb849c1..bd7f8d8 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java
@@ -22,6 +22,7 @@ import java.util.Map;
import javax.ws.rs.core.MediaType;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.apache.servicecomb.provider.rest.common.RestSchema;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
@@ -36,12 +37,12 @@ public class TokenEndpoint implements TokenService {
@Override
@PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED)
- public TokenResponse getToken(@RequestBody Map<String, String> parameters) {
+ public OpenIDToken getToken(@RequestBody Map<String, String> parameters) {
String grantType = parameters.get(AuthenticationServerConstants.PARAM_GRANT_TYPE);
for (TokenGranter granter : granters) {
if (granter.enabled()) {
- TokenResponse token = granter.grant(grantType, parameters);
+ OpenIDToken token = granter.grant(grantType, parameters);
if (token != null) {
return token;
}
diff --git a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java
index e5f600b..701958c 100644
--- a/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java
+++ b/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java
@@ -19,6 +19,8 @@ package org.apache.servicecomb.authentication.server;
import java.util.Map;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
+
/**
* Token granter is used to grant access tokens.
* @author Administrator
@@ -29,12 +31,12 @@ public interface TokenGranter {
String grantType();
- default TokenResponse grant(String grantType, Map<String, String> parameters) {
+ default OpenIDToken grant(String grantType, Map<String, String> parameters) {
if (grantType().equals(grantType)) {
return grant(parameters);
}
return null;
}
- TokenResponse grant(Map<String, String> parameters);
+ OpenIDToken grant(Map<String, String> parameters);
}
diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java
index 8dbd197..140ef61 100644
--- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java
+++ b/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenService.java
@@ -19,6 +19,8 @@ package org.apache.servicecomb.authentication.server;
import java.util.Map;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
+
public interface TokenService {
- TokenResponse getToken(Map<String, String> parameters);
+ OpenIDToken getToken(Map<String, String> parameters);
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
index 1a09f58..341f8fd 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/InMemoryOpenIDTokenStore.java
@@ -41,11 +41,6 @@ public class InMemoryOpenIDTokenStore extends AbstractOpenIDTokenStore {
}
@Override
- public OpenIDToken readTokenByIDTokenValue(String idTokenValue) {
- return TOKENS_BY_ID_TOKEN_VALUE.get(idTokenValue);
- }
-
- @Override
public void saveToken(OpenIDToken token) {
TOKENS.put(token.getValue(), token);
TOKENS_BY_REFRESH_TOKEN_VALUE.put(token.getRefreshToken().getValue(), token);
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java
index a4c6750..2ab1183 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTToken.java
@@ -17,8 +17,78 @@
package org.apache.servicecomb.authentication.token;
+import java.util.Map;
+
import org.apache.servicecomb.authentication.jwt.JWTClaims;
+import org.apache.servicecomb.authentication.jwt.JsonParser;
+import org.springframework.security.jwt.Jwt;
+import org.springframework.security.jwt.JwtHelper;
+import org.springframework.security.jwt.crypto.sign.Signer;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+
+public class JWTToken implements Token {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 8234764050908891544L;
+
+ private JWTClaims claims;
+
+ private String value;
+
+ public JWTToken() {
+
+ }
+
+ public JWTToken(JWTClaims claims, Signer signer) {
+ this.claims = claims;
+ String content = JsonParser.unparse(claims);
+ Jwt jwtToken = JwtHelper.encode(content, signer);
+ this.value = jwtToken.getEncoded();
+ }
+
+ @Override
+ @JsonIgnore
+ public long getIssueAt() {
+ return this.claims.getIat();
+ }
+
+ @Override
+ @JsonIgnore
+ public long getExpiresIn() {
+ return this.claims.getExp();
+ }
+
+ @Override
+ @JsonIgnore
+ public long getNotBefore() {
+ return this.claims.getNbf();
+ }
+
+ @Override
+ public String getValue() {
+ return this.value;
+ }
+
+ @Override
+ public Map<String, Object> getAdditionalInformation() {
+ return this.claims.getAdditionalInformation();
+ }
+
+ @Override
+ @JsonIgnore
+ public String getUsername() {
+ return this.claims.getSub();
+ }
+
+ public JWTClaims getClaims() {
+ return this.claims;
+ }
-public interface JWTToken extends Token {
- public JWTClaims getClaims();
+ @Override
+ public void addAdditionalInformation(String key, Object value) {
+ this.claims.addAdditionalInformation(key, value);
+ }
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java
deleted file mode 100644
index 1c8c133..0000000
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenImpl.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.servicecomb.authentication.token;
-
-import java.util.Map;
-
-import org.apache.servicecomb.authentication.jwt.JWTClaims;
-import org.apache.servicecomb.authentication.jwt.JsonParser;
-import org.springframework.security.jwt.Jwt;
-import org.springframework.security.jwt.JwtHelper;
-import org.springframework.security.jwt.crypto.sign.Signer;
-
-public class JWTTokenImpl implements JWTToken {
- private JWTClaims claims;
-
- private boolean valueCalculated = false;
-
- private String value;
-
- private Signer signer;
-
- public JWTTokenImpl(JWTClaims claims, Signer signer) {
- this.claims = claims;
- this.signer = signer;
- }
-
- @Override
- public long getIssueAt() {
- return this.claims.getIat();
- }
-
- @Override
- public long getExpiresIn() {
- return this.claims.getExp();
- }
-
- @Override
- public long getNotBefore() {
- return this.claims.getNbf();
- }
-
- @Override
- public String getValue() {
- if (!this.valueCalculated) {
- String content = JsonParser.unparse(claims);
- Jwt jwtToken = JwtHelper.encode(content, signer);
- this.value = jwtToken.getEncoded();
- }
- return this.value;
- }
-
- @Override
- public Map<String, Object> getAdditionalInformation() {
- return this.claims.getAdditionalInformation();
- }
-
- @Override
- public String username() {
- return this.claims.getSub();
- }
-
- public JWTClaims getClaims() {
- return this.claims;
- }
-
- @Override
- public void addAdditionalInformation(String key, Object value) {
- this.claims.addAdditionalInformation(key, value);
- }
-}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java
index 5b74496..59dd6c7 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/JWTTokenStoreImpl.java
@@ -52,7 +52,7 @@ public class JWTTokenStoreImpl implements JWTTokenStore {
claims.setNbf(config.notBefore);
// Maybe some other properties in future
- return new JWTTokenImpl(claims, signer);
+ return new JWTToken(claims, signer);
}
public JWTToken createTokenByValue(String value) {
@@ -64,6 +64,6 @@ public class JWTTokenStoreImpl implements JWTTokenStore {
} catch (Exception e) {
return null;
}
- return new JWTTokenImpl(claims, signer);
+ return new JWTToken(claims, signer);
}
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java
index d82b663..c6fc36f 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDToken.java
@@ -20,7 +20,14 @@ package org.apache.servicecomb.authentication.token;
import java.util.Map;
import java.util.Set;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
public class OpenIDToken implements Token {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 6252768307298115467L;
+
private String tokenType;
private SessionToken accessToken;
@@ -72,41 +79,49 @@ public class OpenIDToken implements Token {
}
@Override
- public String username() {
- return accessToken.username();
+ @JsonIgnore
+ public String getUsername() {
+ return accessToken.getUsername();
}
@Override
+ @JsonIgnore
public boolean isExpired() {
return accessToken.isExpired();
}
@Override
+ @JsonIgnore
public long getIssueAt() {
return accessToken.getIssueAt();
}
@Override
+ @JsonIgnore
public long getExpiresIn() {
return accessToken.getExpiresIn();
}
@Override
+ @JsonIgnore
public long getNotBefore() {
return accessToken.getNotBefore();
}
@Override
+ @JsonIgnore
public String getValue() {
return accessToken.getValue();
}
@Override
+ @JsonIgnore
public Map<String, Object> getAdditionalInformation() {
return accessToken.getAdditionalInformation();
}
@Override
+ @JsonIgnore
public void addAdditionalInformation(String key, Object value) {
accessToken.addAdditionalInformation(key, value);
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
index cd65ead..4fdf6a2 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
@@ -23,8 +23,6 @@ public interface OpenIDTokenStore extends TokenStore<OpenIDToken> {
OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue);
- OpenIDToken readTokenByIDTokenValue(String idTokenValue);
-
JWTToken createIDTokenByValue(String jwtTokenValue);
void saveToken(OpenIDToken token);
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java
index c39cec4..7050843 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionToken.java
@@ -17,5 +17,73 @@
package org.apache.servicecomb.authentication.token;
-public interface SessionToken extends Token {
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+public class SessionToken implements Token {
+ private static final long serialVersionUID = -7783398248936167939L;
+
+ private String value;
+
+ private long issueAt;
+
+ private long expiresIn;
+
+ private long notBefore;
+
+ private String username;
+
+ private Map<String, Object> additionalInformation;
+
+ public SessionToken() {
+
+ }
+
+ public SessionToken(String username) {
+ this.value = UUID.randomUUID().toString();
+ this.issueAt = System.currentTimeMillis();
+ this.username = username;
+ TokenDynamicProperties config = TokenDynamicPropertiesManager.getTokenConfiguration(username);
+ this.expiresIn = config.expiresIn;
+ this.notBefore = config.notBefore;
+ }
+
+ @Override
+ public long getIssueAt() {
+ return this.issueAt;
+ }
+
+ @Override
+ public long getExpiresIn() {
+ return this.expiresIn;
+ }
+
+ @Override
+ public long getNotBefore() {
+ return this.notBefore;
+ }
+
+ @Override
+ public String getValue() {
+ return this.value;
+ }
+
+ @Override
+ public Map<String, Object> getAdditionalInformation() {
+ return additionalInformation;
+ }
+
+ @Override
+ public String getUsername() {
+ return this.username;
+ }
+
+ @Override
+ public void addAdditionalInformation(String key, Object value) {
+ if (additionalInformation == null) {
+ additionalInformation = new HashMap<>();
+ }
+ additionalInformation.put(key, value);
+ }
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java
deleted file mode 100644
index d409ee9..0000000
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenImpl.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.servicecomb.authentication.token;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-public class SessionTokenImpl implements SessionToken {
- private String value;
-
- private long issueAt;
-
- private String username;
-
- private TokenDynamicProperties config;
-
- private Map<String, Object> additionalInformation;
-
- public SessionTokenImpl(String username) {
- this.value = UUID.randomUUID().toString();
- this.issueAt = System.currentTimeMillis();
- this.username = username;
- this.config = TokenDynamicPropertiesManager.getTokenConfiguration(username);
- }
-
- @Override
- public long getIssueAt() {
- return this.issueAt;
- }
-
- @Override
- public long getExpiresIn() {
- return this.config.expiresIn;
- }
-
- @Override
- public long getNotBefore() {
- return this.config.notBefore;
- }
-
- @Override
- public String getValue() {
- return this.value;
- }
-
- @Override
- public Map<String, Object> getAdditionalInformation() {
- return additionalInformation;
- }
-
- @Override
- public String username() {
- return this.username;
- }
-
- @Override
- public void addAdditionalInformation(String key, Object value) {
- if (additionalInformation == null) {
- additionalInformation = new HashMap<>();
- }
- additionalInformation.put(key, value);
- }
-}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java
index 59b23aa..631f3d7 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/SessionTokenStore.java
@@ -23,7 +23,7 @@ public class SessionTokenStore implements TokenStore<SessionToken> {
@Override
public SessionToken createToken(UserDetails userDetails) {
- return new SessionTokenImpl(userDetails.getUsername());
+ return new SessionToken(userDetails.getUsername());
}
}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java
index ca51f89..55b1423 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/Token.java
@@ -17,11 +17,15 @@
package org.apache.servicecomb.authentication.token;
+import java.io.Serializable;
import java.util.Map;
-public interface Token {
- String username();
+import com.fasterxml.jackson.annotation.JsonIgnore;
+public interface Token extends Serializable {
+ String getUsername();
+
+ @JsonIgnore
default boolean isExpired() {
return (System.currentTimeMillis() < getNotBefore()) ||
(System.currentTimeMillis() - getIssueAt() > getExpiresIn() * 1000);
@@ -36,6 +40,6 @@ public interface Token {
String getValue();
Map<String, Object> getAdditionalInformation();
-
+
void addAdditionalInformation(String key, Object value);
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java
index 50c29d3..18ad3af 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationServerTokenEndpoint.java
@@ -20,12 +20,12 @@ package org.apache.servicecomb.authentication.edge;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
-import org.apache.servicecomb.authentication.server.TokenResponse;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
public interface AuthenticationServerTokenEndpoint {
@PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
- public CompletableFuture<TokenResponse> getToken(@RequestBody Map<String, String> parameters);
+ public CompletableFuture<OpenIDToken> getToken(@RequestBody Map<String, String> parameters);
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java
deleted file mode 100644
index 97dd3c4..0000000
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/DumyEdgeTokenResponseProcessor.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.servicecomb.authentication.edge;
-
-import org.apache.servicecomb.authentication.server.TokenResponse;
-
-public class DumyEdgeTokenResponseProcessor implements EdgeTokenResponseProcessor {
- public DumyEdgeTokenResponseProcessor() {
- }
-
- @Override
- public void process(TokenResponse tokenResponse) {
- }
-
-}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java
index 4142c4f..bcb48a8 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeConfiguration.java
@@ -17,16 +17,9 @@
package org.apache.servicecomb.authentication.edge;
-import org.apache.servicecomb.authentication.util.CommonConstants;
-import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
@Configuration
public class EdgeConfiguration {
- @Bean(name = {CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR})
- @Order(CommonConstants.BEAN_DEFAULT_ORDER)
- public EdgeTokenResponseProcessor edgeTokenResponseProcessor() {
- return new DumyEdgeTokenResponseProcessor();
- }
+
}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java
deleted file mode 100644
index 09ea7b3..0000000
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/EdgeTokenResponseProcessor.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.servicecomb.authentication.edge;
-
-import org.apache.servicecomb.authentication.server.TokenResponse;
-
-public interface EdgeTokenResponseProcessor {
- void process(TokenResponse tokenResponse);
-}
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
index 578f71a..ffafe1a 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/TokenEndpoint.java
@@ -20,12 +20,9 @@ package org.apache.servicecomb.authentication.edge;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
-import org.apache.servicecomb.authentication.server.TokenResponse;
-import org.apache.servicecomb.authentication.util.CommonConstants;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
import org.apache.servicecomb.provider.pojo.RpcReference;
import org.apache.servicecomb.provider.rest.common.RestSchema;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -37,21 +34,16 @@ public class TokenEndpoint implements TokenService {
@RpcReference(microserviceName = "authentication-server", schemaId = "TokenEndpoint")
private AuthenticationServerTokenEndpoint authenticationSererTokenEndpoint;
- @Autowired
- @Qualifier(CommonConstants.BEAN_AUTH_EDGE_TOKEN_RESPONSE_PROCESSOR)
- private EdgeTokenResponseProcessor edgeTokenResponseProcessor;
-
@Override
@PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public CompletableFuture<TokenResponse> getToken(@RequestBody Map<String, String> parameters) {
CompletableFuture<TokenResponse> result = new CompletableFuture<>();
- CompletableFuture<TokenResponse> response =
+ CompletableFuture<OpenIDToken> response =
authenticationSererTokenEndpoint.getToken(parameters);
response.whenComplete((tokenResonse, ex) -> {
if (!response.isCompletedExceptionally()) {
- result.complete(tokenResonse);
- edgeTokenResponseProcessor.process(tokenResonse);
+ result.complete(TokenResponse.fromOpenIDToken(tokenResonse));
} else {
result.completeExceptionally(ex);
}
diff --git a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenResponse.java b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenResponse.java
similarity index 98%
rename from api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenResponse.java
rename to api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenResponse.java
index 32e7fb5..9fc7b67 100644
--- a/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenResponse.java
+++ b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenResponse.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.servicecomb.authentication.server;
+package org.apache.servicecomb.authentication.edge;
import java.util.Map;
import java.util.Set;
diff --git a/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java
index 5e12a45..e279986 100644
--- a/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java
+++ b/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/TokenService.java
@@ -20,8 +20,6 @@ package org.apache.servicecomb.authentication.edge;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
-import org.apache.servicecomb.authentication.server.TokenResponse;
-
public interface TokenService {
CompletableFuture<TokenResponse> getToken(Map<String, String> parameters);
diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java
index 0e4b462..854c940 100644
--- a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java
+++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java
@@ -17,8 +17,6 @@
package org.apache.servicecomb.authentication;
-import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
-import org.apache.servicecomb.authentication.token.InMemoryOpenIDTokenStore;
import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -40,10 +38,4 @@ public class AuthenticationConfiguration {
// If using MacSigner, need to protect the shared key by properly encryption.
return new MacSigner("Please change this key.");
}
-
- @Bean(name = CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
- public AbstractOpenIDTokenStore openIDTokenStore() {
- // NOTICE: Use in memory store for testing. Need to implement JDBC or Redis SessionIDTokenStore in product.
- return new InMemoryOpenIDTokenStore();
- }
}
diff --git a/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
new file mode 100644
index 0000000..0163612
--- /dev/null
+++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/JDBCOpenIDTokenStore.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.servicecomb.authentication;
+
+import org.apache.servicecomb.authentication.jwt.JsonParser;
+import org.apache.servicecomb.authentication.token.AbstractOpenIDTokenStore;
+import org.apache.servicecomb.authentication.token.OpenIDToken;
+import org.apache.servicecomb.authentication.user.TokenMapper;
+import org.apache.servicecomb.authentication.util.CommonConstants;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE)
+public class JDBCOpenIDTokenStore extends AbstractOpenIDTokenStore {
+ @Autowired
+ private TokenMapper tokenMapper;
+
+ @Override
+ public OpenIDToken readTokenByValue(String value) {
+ String tokenInfo = tokenMapper.getTokenInfoByAccessTokenId(value);
+ if (tokenInfo != null) {
+ return JsonParser.parse(tokenInfo, OpenIDToken.class);
+ }
+ return null;
+ }
+
+ @Override
+ public OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue) {
+ String tokenInfo = tokenMapper.getTokenInfoByRefreshTokenId(refreshTokenValue);
+ if (tokenInfo != null) {
+ return JsonParser.parse(tokenInfo, OpenIDToken.class);
+ }
+ return null;
+ }
+
+ @Override
+ public void saveToken(OpenIDToken token) {
+ tokenMapper.insertNewToken(token.getValue(),
+ token.getRefreshToken().getValue(),
+ JsonParser.unparse(token));
+ }
+
+}
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/TokenMapper.java
similarity index 58%
copy from api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
copy to samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/TokenMapper.java
index cd65ead..7ef3f22 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/token/OpenIDTokenStore.java
+++ b/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/user/TokenMapper.java
@@ -15,17 +15,18 @@
* limitations under the License.
*/
-package org.apache.servicecomb.authentication.token;
+package org.apache.servicecomb.authentication.user;
-public interface OpenIDTokenStore extends TokenStore<OpenIDToken> {
+import org.apache.ibatis.annotations.Param;
- OpenIDToken readTokenByValue(String value);
+public interface TokenMapper {
+ public void insertNewToken(@Param("accessTokenId") String accessTokenId,
+ @Param("refreshTokenId") String refreshTokenId,
+ @Param("tokenInfo") String tokenInfo);
- OpenIDToken readTokenByRefreshTokenValue(String refreshTokenValue);
+ public String getTokenInfoByAccessTokenId(@Param("accessTokenId") String accessTokenId);
- OpenIDToken readTokenByIDTokenValue(String idTokenValue);
-
- JWTToken createIDTokenByValue(String jwtTokenValue);
+ public String getTokenInfoByRefreshTokenId(@Param("refreshTokenId") String refreshTokenId);
- void saveToken(OpenIDToken token);
+ public String getTokenInfoByIdTokenId(@Param("idTokenId") String idTokenId);
}
diff --git a/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml b/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml
index dac1cdf..08ebeb0 100644
--- a/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml
+++ b/samples/AuthenticationServer/src/main/resources/META-INF/spring/authentication.server.bean.xml
@@ -38,5 +38,9 @@
value="org.apache.servicecomb.authentication.user.UserMapper" />
<property name="sqlSessionFactory" ref="sqlSessionFactory" />
</bean>
-
+ <bean id="tokenMapper" class="org.mybatis.spring.mapper.MapperFactoryBean">
+ <property name="mapperInterface"
+ value="org.apache.servicecomb.authentication.user.TokenMapper" />
+ <property name="sqlSessionFactory" ref="sqlSessionFactory" />
+ </bean>
</beans>
\ No newline at end of file
diff --git a/samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml b/samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml
new file mode 100644
index 0000000..8d702f9
--- /dev/null
+++ b/samples/AuthenticationServer/src/main/resources/config/TokenMapper.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with ~
+ this work for additional information regarding copyright ownership. ~ The
+ ASF licenses this file to You under the Apache License, Version 2.0 ~ (the
+ "License"); you may not use this file except in compliance with ~ the License.
+ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~ ~ Unless required by applicable law or agreed to in writing, software ~
+ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the
+ License for the specific language governing permissions and ~ limitations
+ under the License. -->
+
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="org.apache.servicecomb.authentication.user.TokenMapper">
+ <insert id="insertNewToken">
+ insert into
+ T_TOKENS(ACCESS_TOKEN_VALUE,REFRESH_TOKEN_VALUE,TOKEN)
+ values(#{accessTokenId},#{refreshTokenId},#{tokenInfo})
+ </insert>
+
+ <select id="getTokenInfoByAccessTokenId" parameterType="java.lang.String"
+ resultType="java.lang.String">
+ select TOKEN
+ from T_TOKENS where ACCESS_TOKEN_VALUE =
+ #{accessTokenId}
+ </select>
+
+ <select id="getTokenInfoByRefreshTokenId" parameterType="java.lang.String"
+ resultType="java.lang.String">
+ select TOKEN
+ from T_TOKENS where REFRESH_TOKEN_VALUE =
+ #{refreshTokenId}
+ </select>
+</mapper>
\ No newline at end of file
diff --git a/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml b/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml
index 2bd7b68..9290b3f 100644
--- a/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml
+++ b/samples/AuthenticationServer/src/main/resources/config/mybatis-config.xml
@@ -15,7 +15,8 @@
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
- <mappers>
- <mapper resource="config/UserMapper.xml"/>
- </mappers>
+ <mappers>
+ <mapper resource="config/UserMapper.xml" />
+ <mapper resource="config/TokenMapper.xml" />
+ </mappers>
</configuration>
\ No newline at end of file
diff --git a/samples/AuthenticationServer/src/main/resources/sql/user.sql b/samples/AuthenticationServer/src/main/resources/sql/user.sql
index 223826d..b5dbfc7 100644
--- a/samples/AuthenticationServer/src/main/resources/sql/user.sql
+++ b/samples/AuthenticationServer/src/main/resources/sql/user.sql
@@ -73,7 +73,6 @@ CREATE TABLE `T_TOKENS` (
`ID` INTEGER(8) NOT NULL AUTO_INCREMENT,
`ACCESS_TOKEN_VALUE` VARCHAR(256) NOT NULL,
`REFRESH_TOKEN_VALUE` VARCHAR(256) NOT NULL,
- `ID_TOKEN_VALUE` VARCHAR(256) NOT NULL,
`TOKEN` TEXT NOT NULL,
PRIMARY KEY (`ID`)
);
diff --git a/samples/Client/pom.xml b/samples/Client/pom.xml
index 5bbe9d8..b6b3220 100644
--- a/samples/Client/pom.xml
+++ b/samples/Client/pom.xml
@@ -33,7 +33,7 @@
<dependencies>
<dependency>
<groupId>org.apache.servicecomb.authentication</groupId>
- <artifactId>authentication-server-api-service</artifactId>
+ <artifactId>authentication-edge-api-service</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
@@ -64,7 +64,7 @@
<dependencies>
<dependency>
<groupId>org.apache.servicecomb.authentication</groupId>
- <artifactId>authentication-server-api-service</artifactId>
+ <artifactId>authentication-edge-api-service</artifactId>
</dependency>
<dependency>
<groupId>org.apache.servicecomb</groupId>
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
index 2b8fd5a..7acb34d 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
@@ -17,7 +17,7 @@
package org.apache.servicecomb.authentication;
-import org.apache.servicecomb.authentication.server.TokenResponse;
+import org.apache.servicecomb.authentication.edge.TokenResponse;
import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
index 00a557e..766aba0 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
@@ -17,7 +17,7 @@
package org.apache.servicecomb.authentication;
-import org.apache.servicecomb.authentication.server.TokenResponse;
+import org.apache.servicecomb.authentication.edge.TokenResponse;
import org.apache.servicecomb.authentication.util.CommonConstants;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
[servicecomb-fence] 03/03: [SCB-1365]demonstrates access token & id
token authentication
Posted by li...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-fence.git
commit cb6d5b0b587a8a3bf36927fc604d580ac4fe468e
Author: liubao <bi...@qq.com>
AuthorDate: Thu Jul 11 11:40:02 2019 +0800
[SCB-1365]demonstrates access token & id token authentication
---
.../authentication/util/CommonConstants.java | 6 ++-
.../authentication/edge/AuthHandler.java | 4 +-
.../authentication/edge/AuthenticationFilter.java | 5 +--
.../authentication/AuthenticationTestCase.java | 44 ++++++++++++++--------
.../authentication/TokenExpireTestCase.java | 22 ++++++++---
5 files changed, 53 insertions(+), 28 deletions(-)
diff --git a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
index 03ee62e..dad8891 100644
--- a/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
+++ b/api/common/service/src/main/java/org/apache/servicecomb/authentication/util/CommonConstants.java
@@ -22,13 +22,15 @@ public final class CommonConstants {
public static final String HTTP_HEADER_AUTHORIZATION = "Authorization";
+ public static final String HTTP_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE";
+
public static final String CONTEXT_HEADER_AUTHORIZATION = "Authorization";
public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE = "Authorization-TYPE";
- public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN";
+ public static final String AUTHORIZATION_TYPE_ID_TOKEN = "ID_TOKEN";
- public static final String CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN = "SESSION_TOKEN";
+ public static final String AUTHORIZATION_TYPE_ACCESS_TOKEN = "ACCESS_TOKEN";
public static final String CONTEXT_HEADER_CLAIMS = "Claims";
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
index e99e90c..b91d75f 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java
@@ -41,7 +41,7 @@ public class AuthHandler implements Handler {
OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
- if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
+ if (CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
JWTToken jwtToken = openIDTokenStore.createIDTokenByValue(token);
if (jwtToken == null || jwtToken.isExpired()) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "token expired or not valid."));
@@ -51,7 +51,7 @@ public class AuthHandler implements Handler {
// send id_token to services to apply state less validation
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue());
invocation.next(asyncResponse);
- } else if (CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_SESSION_TOKEN.equals(tokenType)) {
+ } else if (CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN.equals(tokenType)) {
CompletableFuture<OpenIDToken> openIDTokenFuture = openIDTokenStore.readTokenByAccessToken(token);
openIDTokenFuture.whenComplete((res, ex) -> {
if (openIDTokenFuture.isCompletedExceptionally() || res == null || res.isExpired()) {
diff --git a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
index 8a31649..56733c3 100644
--- a/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
+++ b/api/edge-service/endpoint/src/main/java/org/apache/servicecomb/authentication/edge/AuthenticationFilter.java
@@ -32,16 +32,15 @@ public class AuthenticationFilter implements HttpServerFilter {
@Override
public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) {
- // Now support bearer id tokens authentication
- // TODO : add support for Cookies session tokens.
String authentication = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION);
+ String type = requestEx.getHeader(CommonConstants.HTTP_HEADER_AUTHORIZATION_TYPE);
if (authentication != null) {
String[] tokens = authentication.split(" ");
if (tokens.length == 2) {
if (tokens[0].equals(CommonConstants.TOKEN_TYPE_BEARER)) {
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, tokens[1]);
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE,
- CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE_ID_TOKEN);
+ type == null ? CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN : type);
}
}
}
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
index 7acb34d..357e3c1 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java
@@ -31,16 +31,24 @@ import org.springframework.web.client.HttpClientErrorException;
public class AuthenticationTestCase implements TestCase {
@Override
public void run() {
- String idToken = idToken();
- testHanlderAuth(idToken);
- testMethodAuth(idToken);
-
- idToken = idTokenByRefreshToken();
- testHanlderAuth(idToken);
- testMethodAuth(idToken);
+ TokenResponse token = getTokenByPassword();
+ testHanlderAuth(token.getAccess_token(), null);
+ testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
+ testMethodAuth(token.getAccess_token(), null);
+ testMethodAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testMethodAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
+
+ token = getTokenByRefreshToken();
+ testHanlderAuth(token.getAccess_token(), null);
+ testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
+ testMethodAuth(token.getAccess_token(), null);
+ testMethodAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ testMethodAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
}
- private String idToken() {
+ private TokenResponse getTokenByPassword() {
// get token
MultiValueMap<String, Object> map = new LinkedMultiValueMap<>();
map.add("grant_type", "password");
@@ -56,10 +64,10 @@ public class AuthenticationTestCase implements TestCase {
TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type());
TestMgr.check(true, token.getId_token().length() > 10);
TestMgr.check(600, token.getExpires_in());
- return token.getId_token();
+ return token;
}
- private String idTokenByRefreshToken() {
+ private TokenResponse getTokenByRefreshToken() {
// get token
MultiValueMap<String, Object> map = new LinkedMultiValueMap<>();
map.add("grant_type", "password");
@@ -89,14 +97,17 @@ public class AuthenticationTestCase implements TestCase {
TestMgr.check(token.getAccess_token().equals(tokenNew.getAccess_token()), false);
TestMgr.check(token.getId_token().equals(tokenNew.getId_token()), false);
- return tokenNew.getId_token();
+ return tokenNew;
}
- private void testHanlderAuth(String accessToken) {
+ private void testHanlderAuth(String token, String type) {
// get resources
HttpHeaders headers = new HttpHeaders();
headers = new HttpHeaders();
- headers.add("Authorization", "Bearer " + accessToken);
+ headers.add("Authorization", "Bearer " + token);
+ if (type != null) {
+ headers.add("Authorization-Type", type);
+ }
headers.setContentType(MediaType.APPLICATION_JSON);
String name;
name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",
@@ -126,11 +137,14 @@ public class AuthenticationTestCase implements TestCase {
TestMgr.check(null, name);
}
- private void testMethodAuth(String accessToken) {
+ private void testMethodAuth(String token, String type) {
// get resources
HttpHeaders headers = new HttpHeaders();
- headers.add("Authorization", "Bearer " + accessToken);
+ headers.add("Authorization", "Bearer " + token);
headers.setContentType(MediaType.APPLICATION_JSON);
+ if (type != null) {
+ headers.add("Authorization-Type", type);
+ }
String name;
name = BootEventListener.resouceServerMethodAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",
new HttpEntity<>(headers),
diff --git a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
index 766aba0..2a95b1e 100644
--- a/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
+++ b/samples/Client/src/main/java/org/apache/servicecomb/authentication/TokenExpireTestCase.java
@@ -31,11 +31,18 @@ import org.springframework.web.client.HttpClientErrorException;
public class TokenExpireTestCase implements TestCase {
@Override
public void run() {
- String idToken = idToken();
- testHanlderAuth(idToken);
+ // This test case will wait expiration for 3 seconds per run. Do not give too much tests.
+ TokenResponse token = getTokenByPassword();
+ testHanlderAuth(token.getAccess_token(), null);
+ // expired. create new for next test.
+ token = getTokenByPassword();
+ testHanlderAuth(token.getId_token(), CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN);
+ // expired. create new for next test.
+ token = getTokenByPassword();
+ testHanlderAuth(token.getAccess_token(), CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN);
}
- private String idToken() {
+ private TokenResponse getTokenByPassword() {
// get token
MultiValueMap<String, Object> map = new LinkedMultiValueMap<>();
map.add("grant_type", "password");
@@ -51,14 +58,17 @@ public class TokenExpireTestCase implements TestCase {
TestMgr.check(CommonConstants.TOKEN_TYPE_BEARER, token.getToken_type());
TestMgr.check(3, token.getExpires_in());
TestMgr.check(true, token.getId_token().length() > 10);
- return token.getId_token();
+ return token;
}
- private void testHanlderAuth(String accessToken) {
+ private void testHanlderAuth(String token, String type) {
// get resources
HttpHeaders headers = new HttpHeaders();
headers = new HttpHeaders();
- headers.add("Authorization", "Bearer " + accessToken);
+ headers.add("Authorization", "Bearer " + token);
+ if (type != null) {
+ headers.add("Authorization-Type", type);
+ }
headers.setContentType(MediaType.APPLICATION_JSON);
String name;
name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi",