ApiBoot Security Oauth 支持自定义Oauth Grant Type

Author: hengboy

api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/oauth/ApiBootAuthorizationMemoryServerAutoConfiguration.java

@@ -17,6 +17,8 @@
 package org.minbox.framework.api.boot.autoconfigure.oauth;
 
 import org.minbox.framework.api.boot.plugin.oauth.ApiBootAuthorizationServerConfiguration;
+import org.minbox.framework.api.boot.plugin.oauth.grant.ApiBootOauthTokenGranter;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -27,6 +29,8 @@
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
 
+import java.util.List;
+
 import static org.minbox.framework.api.boot.autoconfigure.oauth.ApiBootOauthProperties.API_BOOT_OAUTH_PREFIX;
 
 
@@ -47,8 +51,8 @@
 @EnableAuthorizationServer
 @ConditionalOnProperty(prefix = API_BOOT_OAUTH_PREFIX, name = "away", havingValue = "memory", matchIfMissing = true)
 public class ApiBootAuthorizationMemoryServerAutoConfiguration extends ApiBootAuthorizationServerAutoConfiguration {
-    public ApiBootAuthorizationMemoryServerAutoConfiguration(ApiBootOauthProperties apiBootOauthProperties) {
-        super(apiBootOauthProperties);
+    public ApiBootAuthorizationMemoryServerAutoConfiguration(ObjectProvider<List<ApiBootOauthTokenGranter>> objectProvider, ApiBootOauthProperties apiBootOauthProperties) {
+        super(objectProvider, apiBootOauthProperties);
     }
 
     @Override

api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/oauth/ApiBootAuthorizationServerAutoConfiguration.java

@@ -17,12 +17,16 @@
 package org.minbox.framework.api.boot.autoconfigure.oauth;
 
 import org.minbox.framework.api.boot.plugin.oauth.ApiBootAuthorizationServerConfiguration;
+import org.minbox.framework.api.boot.plugin.oauth.grant.ApiBootOauthTokenGranter;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 
+import java.util.List;
+
 import static org.minbox.framework.api.boot.autoconfigure.oauth.ApiBootOauthProperties.API_BOOT_OAUTH_PREFIX;
 
 /**
@@ -42,7 +46,8 @@ public class ApiBootAuthorizationServerAutoConfiguration extends ApiBootAuthoriz
      */
     protected ApiBootOauthProperties apiBootOauthProperties;
 
-    public ApiBootAuthorizationServerAutoConfiguration(ApiBootOauthProperties apiBootOauthProperties) {
+    public ApiBootAuthorizationServerAutoConfiguration(ObjectProvider<List<ApiBootOauthTokenGranter>> objectProvider, ApiBootOauthProperties apiBootOauthProperties) {
+        super(objectProvider);
         this.apiBootOauthProperties = apiBootOauthProperties;
     }
 

api-boot-project/api-boot-autoconfigure/src/main/java/org/minbox/framework/api/boot/autoconfigure/oauth/ApiBootAuthorizationServerJdbcAutoConfiguration.java

@@ -17,6 +17,8 @@
 package org.minbox.framework.api.boot.autoconfigure.oauth;
 
 import org.minbox.framework.api.boot.plugin.oauth.ApiBootAuthorizationServerConfiguration;
+import org.minbox.framework.api.boot.plugin.oauth.grant.ApiBootOauthTokenGranter;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
@@ -32,6 +34,8 @@
 
 import javax.sql.DataSource;
 
+import java.util.List;
+
 import static org.minbox.framework.api.boot.autoconfigure.oauth.ApiBootOauthProperties.API_BOOT_OAUTH_PREFIX;
 
 /**
@@ -52,11 +56,11 @@
 @ConditionalOnClass(ApiBootAuthorizationServerConfiguration.class)
 @ConditionalOnProperty(prefix = API_BOOT_OAUTH_PREFIX, name = "away", havingValue = "jdbc")
 @AutoConfigureAfter(DataSourceAutoConfiguration.class)
-public class ApiBootAuthorizationServerJdbcAutoConfiguration extends ApiBootAuthorizationServerAutoConfiguration{
+public class ApiBootAuthorizationServerJdbcAutoConfiguration extends ApiBootAuthorizationServerAutoConfiguration {
     private DataSource dataSource;
 
-    public ApiBootAuthorizationServerJdbcAutoConfiguration(ApiBootOauthProperties apiBootOauthProperties, DataSource dataSource) {
-        super(apiBootOauthProperties);
+    public ApiBootAuthorizationServerJdbcAutoConfiguration(ObjectProvider<List<ApiBootOauthTokenGranter>> objectProvider, ApiBootOauthProperties apiBootOauthProperties, DataSource dataSource) {
+        super(objectProvider, apiBootOauthProperties);
         this.dataSource = dataSource;
     }
 

api-boot-project/api-boot-maven-plugins/api-boot-mybatis-enhance-maven-codegen/src/main/java/org/minbox/framework/api/boot/maven/plugin/mybatis/enhance/codegen/builder/impl/AbstractClassBuilder.java

@@ -54,7 +54,7 @@ public abstract class AbstractClassBuilder implements ClassBuilder {
     /**
      * Column Insertable Annotation
      */
-    public static final String COLUMN_INSERTABLE_ANNOTATION = "@Column(name = \"%s\",insertable = true)";
+    public static final String COLUMN_INSERTABLE_ANNOTATION = "@Column(name = \"%s\",insertable = false)";
     /**
      * Id auto Annotation
      */

api-boot-project/api-boot-maven-plugins/api-boot-mybatis-enhance-maven-codegen/src/main/java/org/minbox/framework/api/boot/maven/plugin/mybatis/enhance/codegen/builder/impl/EntityClassBuilder.java

@@ -136,7 +136,7 @@ public String getPrefixDir() {
      * get column annotation definition
      *
      * @param column column
-     * @return
+     * @return column annotation
      */
     private String getColumnAnnotation(com.gitee.hengboy.builder.core.database.model.Column column) {
         // append content to @column(name=xxx after
@@ -154,7 +154,7 @@ private String getColumnAnnotation(com.gitee.hengboy.builder.core.database.model
      * int default value
      *
      * @param column column
-     * @return
+     * @return column default value
      */
     private String getColumnDefaultValue(com.gitee.hengboy.builder.core.database.model.Column column) {
         String pattern = " = %s";

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/ApiBootAuthorizationServerConfiguration.java

@@ -1,16 +1,32 @@
 package org.minbox.framework.api.boot.plugin.oauth;
 
+import org.minbox.framework.api.boot.plugin.oauth.grant.ApiBootOauthTokenGranter;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
-import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
-import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
+import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
+import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
+import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
+import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
+import org.springframework.security.oauth2.provider.token.*;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.util.ObjectUtils;
+
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * ApiBoot 集成Oauth2 相关配置实现
@@ -25,24 +41,36 @@
  */
 public class ApiBootAuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
     /**
-     * 认证管理
-     * 整合SpringSecurity
+     * authentication manager
      */
     @Autowired
     private AuthenticationManager authenticationManager;
     /**
-     * 令牌存储
+     * Token Store
      */
     @Autowired
     private TokenStore tokenStore;
     /**
-     * 令牌转换
+     * Access Token Converter
      */
     @Autowired
     private AccessTokenConverter accessTokenConverter;
+    /**
+     * Oauth Client Detail Service
+     */
+    @Autowired
+    private ClientDetailsService clientDetailsService;
+    /**
+     * Instance of custom authorization provided by ApiBoot
+     */
+    private List<ApiBootOauthTokenGranter> apiBootOauthTokenGranters;
+
+    public ApiBootAuthorizationServerConfiguration(ObjectProvider<List<ApiBootOauthTokenGranter>> objectProvider) {
+        this.apiBootOauthTokenGranters = objectProvider.getIfAvailable();
+    }
 
     /**
-     * 配置secret的加密方式与ApiBoot Security一致
+     * Configure secret encryption in the same way as ApiBoot Security
      *
      * @param security AuthorizationServerSecurityConfigurer
      * @throws Exception 异常信息
@@ -51,15 +79,15 @@ public class ApiBootAuthorizationServerConfiguration extends AuthorizationServer
     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
         security
                 .passwordEncoder(passwordEncoder())
-                // 配置开放/oauth/token_key访问地址
+                // Configure open/oauth/token_key access address
                 .tokenKeyAccess("permitAll()")
-                // 配置开放/oauth/check_token访问地址
-                // 必须登录有权限后才可以访问
+                // Configure Open /oauth/check_token Access Address
+                // Access must be accessible after login privileges
                 .checkTokenAccess("isAuthenticated()");
     }
 
     /**
-     * 配置整合SpringSecurity完成用户有效性认证
+     * Configuration and Integration of Spring Security to Complete User Validity Authentication
      *
      * @param endpoints AuthorizationServerEndpointsConfigurer
      * @throws Exception 异常信息
@@ -69,11 +97,13 @@ public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws E
         endpoints
                 .authenticationManager(authenticationManager)
                 .tokenStore(tokenStore)
+                // ApiBoot custom token granter
+                .tokenGranter(tokenGranter())
                 .accessTokenConverter(accessTokenConverter);
     }
 
     /**
-     * 用户登录或者获取Token时的密码加密方式
+     * Password Encryption for Users Logging in or Obtaining Token
      *
      * @return BCryptPasswordEncoder
      */
@@ -82,4 +112,86 @@ public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws E
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
+
+    /**
+     * token granter
+     *
+     * @return TokenGranter
+     */
+    private TokenGranter tokenGranter() {
+        TokenGranter tokenGranter = new TokenGranter() {
+            private CompositeTokenGranter delegate;
+
+            @Override
+            public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
+                if (delegate == null) {
+                    delegate = new CompositeTokenGranter(getDefaultTokenGranters());
+                }
+                return delegate.grant(grantType, tokenRequest);
+            }
+        };
+        return tokenGranter;
+    }
+
+    /**
+     * token enhancer
+     *
+     * @return TokenEnhancer
+     */
+    private TokenEnhancer tokenEnhancer() {
+        if (accessTokenConverter instanceof JwtAccessTokenConverter) {
+            return (TokenEnhancer) accessTokenConverter;
+        }
+        return null;
+    }
+
+    private DefaultTokenServices tokenServices() {
+        DefaultTokenServices tokenServices = new DefaultTokenServices();
+        tokenServices.setTokenStore(tokenStore);
+        tokenServices.setSupportRefreshToken(true);
+        tokenServices.setReuseRefreshToken(true);
+        tokenServices.setClientDetailsService(clientDetailsService);
+        tokenServices.setTokenEnhancer(tokenEnhancer());
+        return tokenServices;
+    }
+
+    private AuthorizationCodeServices authorizationCodeServices() {
+        return new InMemoryAuthorizationCodeServices();
+    }
+
+    private OAuth2RequestFactory requestFactory() {
+        return new DefaultOAuth2RequestFactory(clientDetailsService);
+    }
+
+    /**
+     * Return all granters within oauth2
+     * Contains custom
+     *
+     * @return TokenGranter
+     */
+    private List<TokenGranter> getDefaultTokenGranters() {
+        ClientDetailsService clientDetails = clientDetailsService;
+        AuthorizationServerTokenServices tokenServices = tokenServices();
+        AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
+        OAuth2RequestFactory requestFactory = requestFactory();
+
+        List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
+        tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails,
+                requestFactory));
+        tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
+        ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory);
+        tokenGranters.add(implicit);
+        tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
+        if (authenticationManager != null) {
+            tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,
+                    clientDetails, requestFactory));
+        }
+
+        // have custom token granter
+        if (!ObjectUtils.isEmpty(apiBootOauthTokenGranters)) {
+            apiBootOauthTokenGranters.stream().forEach(apiBootOauthTokenGranter -> tokenGranters.add(new DefaultApiBootOauthTokenGranter(tokenServices, clientDetailsService, requestFactory, apiBootOauthTokenGranter)));
+        }
+
+        return tokenGranters;
+    }
 }

api-boot-project/api-boot-plugins/api-boot-plugin-oauth/src/main/java/org/minbox/framework/api/boot/plugin/oauth/DefaultApiBootOauthTokenGranter.java

@@ -0,0 +1,84 @@
+/*
+ * Copyright [2019] [恒宇少年 - 于起宇]
+ *
+ *      Licensed under the Apache License, Version 2.0 (the "License");
+ *      you may not use this file except in compliance with the License.
+ *      You may obtain a copy of the License at
+ *
+ *          http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing, software
+ *      distributed under the License is distributed on an "AS IS" BASIS,
+ *      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *      See the License for the specific language governing permissions and
+ *      limitations under the License.
+ *
+ */
+
+package org.minbox.framework.api.boot.plugin.oauth;
+
+import org.minbox.framework.api.boot.plugin.oauth.grant.ApiBootOauthTokenGranter;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
+import org.springframework.security.oauth2.provider.TokenRequest;
+import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * default api boot oauth token granter
+ *
+ * @author：恒宇少年 - 于起宇
+ * <p>
+ * DateTime：2019-05-27 18:00
+ * Blog：http://blog.yuqiyu.com
+ * WebSite：http://www.jianshu.com/u/092df3f77bca
+ * Gitee：https://gitee.com/hengboy
+ * GitHub：https://github.com/hengboy
+ */
+public class DefaultApiBootOauthTokenGranter extends AbstractTokenGranter {
+    /**
+     * Instance of custom authorization provided by ApiBoot
+     */
+    private ApiBootOauthTokenGranter apiBootOauthTokenGranter;
+
+    /**
+     * instance default ApiBoot Oauth Token Granter
+     *
+     * @param tokenServices            token service
+     * @param clientDetailsService     client detail service
+     * @param requestFactory           oauth2 request factory
+     * @param apiBootOauthTokenGranter Instance of custom authorization provided by ApiBoot
+     */
+    public DefaultApiBootOauthTokenGranter(AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, ApiBootOauthTokenGranter apiBootOauthTokenGranter) {
+        super(tokenServices, clientDetailsService, requestFactory, apiBootOauthTokenGranter.grantType());
+        this.apiBootOauthTokenGranter = apiBootOauthTokenGranter;
+    }
+
+    /**
+     * grant access token
+     *
+     * @param grantType    grant type
+     * @param tokenRequest create token parameter
+     * @return
+     */
+    @Override
+    public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
+        // create token request parameters
+        Map<String, String> parameters = new LinkedHashMap(tokenRequest.getRequestParameters());
+
+        // valid
+        apiBootOauthTokenGranter.valid(parameters);
+
+        // create token
+        OAuth2AccessToken token = super.grant(grantType, tokenRequest);
+        if (token != null) {
+            token = new DefaultOAuth2AccessToken(token);
+        }
+        return token;
+    }
+}