ss

Author: patternhelloworld

README.md

@@ -1,11 +1,23 @@
 # Spring Security Oauth2 JPA Implementation
 
-> App-Token based OAuth2 POC built to grow with Spring Boot and ORM
+> App-Token based OAuth2 implementation built to grow with Spring Boot and JPA
+
+## Table of Contents
+
+- [Quick Start](#quick-start)
+- [Features](#features)
+- [Dependencies](#dependencies)
+- [Run the App](#run-the-app)
+- [API Guide](#api-guide)
+    - [Registration](#registration)
+    - [Implementations](#implementations)
+        - [Mandatory Settings](#mandatory-settings)
+        - [Customizable Settings](#customizable-settings)
+- [OAuth2 - ROPC](#oauth2---ropc)
+- [OAuth2 - Authorization Code](#oauth2---authorization-code)
+- [Running this App with Docker](#running-this-app-with-docker)
+- [Contribution Guide](#contribution-guide)
 
-## Supporting Oauth2 Type
-| ROPC             | Authorization Code                              |
-|------------------|-------------------------------------------------|
-| production-level | Beta (expected to reach production-level in v3) |
 
 ## Quick Start
 ```xml
@@ -15,21 +27,15 @@
     <version>3.5.0</version>
 </dependency>
 ```
-For v2, using the database tables from Spring Security 5 (only the database tables; follow the dependencies as above):
-```xml
-<dependency>
-    <groupId>io.github.patternknife.securityhelper.oauth2.api</groupId>
-    <artifactId>spring-security-oauth2-password-jpa-implementation</artifactId>
-    <version>2.8.2</version>
-</dependency>
-```
 
-## Overview
 
-* Complete separation of the library (API) and the client for testing it
+## Features
+
+* Complete separation of the library and the client
+  * Library : API
+  * Client : DOC, Integration tester
 * Immediate Permission (Authority) Check: Not limited to verifying the token itself, but also ensuring real-time validation of any updates to permissions in the database.
 * Token Introspector: Enable the ``/oauth2/introspect`` endpoint to allow multiple resource servers to verify the token's validity and permissions with the authorization server.
-
 * Set up the same access & refresh token APIs on both ``/oauth2/token`` and on our controller layer such as ``/api/v1/traditional-oauth/token``, both of which function same and have `the same request & response payloads for success and errors`. (However, ``/oauth2/token`` is the standard that "spring-authorization-server" provides.)
   * As you are aware, the API ``/oauth2/token`` is what "spring-authorization-server" provides.
     * ``/api/v1/traditional-oauth/token`` is what this library implemented directly.

client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/customer/api/CustomerApi.java

@@ -103,7 +103,7 @@ public Map<String, Boolean> logoutCustomer(HttpServletRequest request) {
 
     @PreAuthorize("@resourceServerAuthorityChecker.hasRole('CUSTOMER_ADMIN')")
     @GetMapping("/customers/{id}")
-    public CustomerResDTO.Id getCustomerForAuthorizationTest(@PathVariable("id") final long id, @CustomAuthenticationPrincipal KnifeUserInfo knifeUserInfo)
+    public CustomerResDTO.Id getCustomerForAuthorizationTest(@PathVariable("id") final long id, @CustomAuthenticationPrincipal KnifeUserInfo<CustomizedUserInfo> knifeUserInfo)
             throws ResourceNotFoundException {
         return new CustomerResDTO.Id(id);
     }

lib/pom.xml

@@ -10,7 +10,7 @@ http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <artifactId>spring-security-oauth2-password-jpa-implementation</artifactId>
     <version>3.5.0</version>
     <name>spring-security-oauth2-password-jpa-implementation</name>
-    <description>The implementation of Spring Security 6 Spring Authorization Server for stateful OAuth2 Password Grant</description>
+    <description>App-Token based OAuth2 implementation built to grow with Spring Boot and JPA</description>
     <packaging>jar</packaging>
 
     <url>https://github.com/patternknife/spring-security-oauth2-password-jpa-implementation</url>

lib/src/main/java/io/github/patternknife/securityhelper/oauth2/api/config/security/server/ServerConfig.java

@@ -1,6 +1,11 @@
 package io.github.patternknife.securityhelper.oauth2.api.config.security.server;
 
 
+import com.nimbusds.jose.jwk.JWK;
+import com.nimbusds.jose.jwk.OctetSequenceKey;
+import com.nimbusds.jose.jwk.source.ImmutableSecret;
+import com.nimbusds.jose.jwk.source.JWKSource;
+import com.nimbusds.jose.proc.SecurityContext;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.aop.DefaultSecurityPointCut;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.aop.SecurityPointCut;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.converter.auth.endpoint.AuthorizationCodeAuthorizationRequestConverter;
@@ -47,7 +52,10 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.core.OAuth2Token;
 
+import org.springframework.security.oauth2.jwt.JwtEncoder;
+import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.oauth2.server.authorization.token.JwtGenerator;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2AccessTokenGenerator;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2RefreshTokenGenerator;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
@@ -63,6 +71,9 @@
 
 import org.springframework.web.servlet.HandlerExceptionResolver;
 
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.Base64;
 
 
 @Configuration
@@ -74,17 +85,36 @@ public class ServerConfig {
 
     private static String CUSTOM_CONSENT_PAGE_URI = "/oauth2/authorization";
 
+
     @Primary
     @Bean
     public OAuth2TokenGenerator<OAuth2Token> tokenGenerator() {
-        OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
-        OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
+        // Base64-encoded secret key (HS256)
+        String secretKey = "U29tZVZhbGlkU2VjcmV0S2V5IQ=="; // Replace with your Base64-encoded secret key
+        byte[] decodedKey = Base64.getDecoder().decode(secretKey);
+
+        // Create JWK from the secret key
+        JWK jwk = new OctetSequenceKey.Builder(decodedKey).build();
+
+        // Create JWKSource
+        JWKSource<SecurityContext> jwkSource = new ImmutableSecret<>(decodedKey);
+
+        // Create JwtEncoder with the JWKSource
+        JwtEncoder jwtEncoder = new NimbusJwtEncoder(jwkSource);
+
+        // Create JwtGenerator with the JwtEncoder
+        JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder);
+
+        // Combine JwtGenerator with a RefreshTokenGenerator
         return new CustomDelegatingOAuth2TokenGenerator(
-                accessTokenGenerator, refreshTokenGenerator);
+                jwtGenerator,
+                new OAuth2RefreshTokenGenerator()
+        );
     }
 
 
 
+
     @Bean
     @Order(1)
     public SecurityFilterChain authorizationServerSecurityFilterChain(

lib/src/main/java/io/github/patternknife/securityhelper/oauth2/api/config/security/token/generator/CustomAccessTokenCustomizer.java

@@ -1,22 +1,25 @@
 package io.github.patternknife.securityhelper.oauth2.api.config.security.token.generator;
 
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsSet;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
 
 import java.util.HashMap;
 import java.util.Map;
 
-public class CustomAccessTokenCustomizer implements OAuth2TokenCustomizer<OAuth2TokenClaimsContext> {
+public class CustomAccessTokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
 
     private final UserDetails userDetails;
 
     public CustomAccessTokenCustomizer(UserDetails userDetails) {
         this.userDetails = userDetails;
     }
 
-    @Override
+
+
+/*    @Override
     public void customize(OAuth2TokenClaimsContext context) {
         if (context != null) {
             OAuth2TokenClaimsSet.Builder claimsSetBuilder = context.getClaims();
@@ -32,7 +35,7 @@ public void customize(OAuth2TokenClaimsContext context) {
         }
 
 
-    }
+    }*/
     private Map<String, Object> serializeCustomerToMap(UserDetails userDetails) {
         // Implement the logic to transform the Customer object into a Map or another format suitable for JWT claims
         Map<String, Object> customerInfo = new HashMap<>();
@@ -41,4 +44,9 @@ private Map<String, Object> serializeCustomerToMap(UserDetails userDetails) {
         // Add other customer attributes as needed
         return customerInfo;
     }
+
+    @Override
+    public void customize(JwtEncodingContext context) {
+
+    }
 }

lib/src/main/java/io/github/patternknife/securityhelper/oauth2/api/config/security/token/generator/CustomDelegatingOAuth2TokenGenerator.java

@@ -32,7 +32,7 @@ public OAuth2Token generate(OAuth2TokenContext context) {
                 boolean b = tokenGenerators.get(0) instanceof CustomDelegatingOAuth2TokenGenerator;
                 if(b){
                     CustomDelegatingOAuth2TokenGenerator c = (CustomDelegatingOAuth2TokenGenerator) tokenGenerators.get(0);
-                    boolean d = c.tokenGenerators.get(0) instanceof OAuth2AccessTokenGenerator;
+                    boolean d = c.tokenGenerators.get(0) instanceof JwtGenerator;
                     boolean e = c.tokenGenerators.get(1) instanceof OAuth2RefreshTokenGenerator;
                     if(d && context.getTokenType().equals(OAuth2TokenType.ACCESS_TOKEN)){
                       return  ((OAuth2AccessTokenGenerator) c.tokenGenerators.get(0)).generate(context);
@@ -47,17 +47,17 @@ public OAuth2Token generate(OAuth2TokenContext context) {
         return null;
     }
 
-    public void setCustomizer(GeneratorType type, OAuth2TokenCustomizer<OAuth2TokenClaimsContext> customizer) {
+    public void setCustomizer(GeneratorType type, OAuth2TokenCustomizer<JwtEncodingContext> customizer) {
         switch (type) {
             case ACCESS_TOKEN:
                 for (OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator : this.tokenGenerators) {
                     if (tokenGenerator instanceof CustomDelegatingOAuth2TokenGenerator) {
                         boolean b = tokenGenerators.get(0) instanceof CustomDelegatingOAuth2TokenGenerator;
                         if(b){
                             CustomDelegatingOAuth2TokenGenerator c = (CustomDelegatingOAuth2TokenGenerator) tokenGenerators.get(0);
-                           boolean d = c.tokenGenerators.get(0) instanceof OAuth2AccessTokenGenerator;
+                           boolean d = c.tokenGenerators.get(0) instanceof JwtGenerator;
                             if(d){
-                                ((OAuth2AccessTokenGenerator) c.tokenGenerators.get(0)).setAccessTokenCustomizer(customizer);
+                                ((JwtGenerator) c.tokenGenerators.get(0)).setJwtCustomizer(customizer);
                             }
                         }
                     }