You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# POC : Spring Security Oauth2 Password JPA Implementation
1
+
# Spring Security Oauth2 Password JPA Implementation
2
2
## Overview
3
3
4
-
* In the Spring Security 6 ecosystem, compared to 5, there is a preference for JWT or Keycloak over traditional OAuth2 using a Password Grant method with Spring Security Authorization and Resource Server. I needed to incorporate the current OAuth2 Password Grant with the Spring Security new version and am showing the customization.
5
-
* Set up access & refresh token APIs on both '/oauth2/token' and on our controller layer such as '/api/v1...', both of which function same and have `the same request & response payloads for success and errors`.
6
-
* In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be.
7
-
````
8
-
{
9
-
"timestamp": 1719470948370,
10
-
"message": "Couldn't find the client ID : client_admi",
11
-
"details": "uri=/oauth2/token",
12
-
"userMessage": "Authentication failed. Please check your credentials.",
13
-
"userValidationMessage": null
14
-
}
15
-
````
16
-
* Authentication management based on a combination of username, client id, and an extra token (referred to in the source code as App-Token, which receives a unique value from the calling devices).
17
-
* Separated UserDetails implementation for Admin and Customer roles.
18
-
* Integration with spring-security-oauth2-authorization-server.
19
-
* Provide MySQL DDL, which consists of oauth\_access\_token, oauth\_refresh\_token and oauth\_client\_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the ``authorization`` table indicated in https://github.com/spring-projects/spring-authorization-server.
20
-
* Application of Spring Rest Docs.
4
+
* Complete separation of the library (API) and the client for testing it
* Set up the same access & refresh token APIs on both ``/oauth2/token`` and on our controller layer such as ``/api/v1/traditional-oauth/token``, both of which function same and have `the same request & response payloads for success and errors`.
13
+
* As you are aware, the API ``/oauth2/token`` is what "spring-authorization-server" provides.
14
+
*``/api/v1/traditional-oauth/token`` is what this library implemented manually.
15
+
* Success Payload
16
+
```json
17
+
{
18
+
"access_token" : "Vd4x8D4lDg7VBFh...",
19
+
"token_type" : "Bearer",
20
+
"refresh_token" : "m3UgLrvPtXKdy7jiD...",
21
+
"expires_in" : 3469,
22
+
"scope" : "read write"
23
+
}
24
+
```
25
+
26
+
* Error Payload
27
+
```json
28
+
{
29
+
"timestamp": 1719470948370,
30
+
"message": "Couldn't find the client ID : client_admin", // Sensitive info such as being thrown from StackTraces
31
+
"details": "uri=/oauth2/token",
32
+
"userMessage": "Authentication failed. Please check your credentials.",
33
+
"userValidationMessage": null
34
+
}
35
+
```
36
+
37
+
* In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be.
38
+
39
+
* Authentication management based on a combination of username, client ID, and App-Token
40
+
* What is an App-Token? An App-Token is a new access token generated each time the same account logs in. If the token values are the same, the same access token is shared.
41
+
* Separated UserDetails implementation for Admin and Customer roles as an example. (This can be extended as desired by implementing ``UserDetailsServiceFactory``)
42
+
* Provide MySQL DDL, which consists of oauth\_access\_token, oauth\_refresh\_token and oauth\_client\_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the ``authorization`` table indicated in https://github.com/spring-projects/spring-authorization-server.
43
+
* Application of Spring Rest Docs
21
44
22
45
## Dependencies
23
46
@@ -47,16 +70,16 @@ mvnw clean install # Integration tests are done here, which creates docs by Spri
47
70
- In case you use IntelliJ, I recommend creating an empty project and importing the API (root) module and client module separately.
48
71
- The client module definitely consumes the API module, but not vice versa.
49
72
50
-
## Implementation of the Api
51
-
### The implementation method is shown in the client source code.
73
+
## API Guide
74
+
####The implementation method is shown in the client source code.
52
75
53
-
- **Registration**
54
-
- As the Api consumes JPA, adding it to Beans is required.
76
+
###**Registration**
77
+
- As the Api module consumes JPA, adding it to Beans is required.
- In fact, the only mandatory settings are 'CustomUserDetailsServiceFactory'. The rest depend on your specific situation.
99
-
100
-

101
-
102
-
103
-
### Running this App with Docker
120
+
### **Implementation**
121
+
- The only mandatory setting is ``client.config.securityimpl.service.userdetail.CustomUserDetailsServiceFactory``. The rest depend on your specific situation.
122
+
123
+
-**Use PointCut when events happen such as tokens created**
124
+
-``SecurityPointCut``
125
+
- See the source code in ``client.config.securityimpl.aop``
126
+
-**Register error user messages as desired**
127
+
-``ISecurityUserExceptionMessageService``
128
+
- See the source code in ``client.config.securityimpl.message``
129
+
130
+
## Running this App with Docker
104
131
* Use the following module for Blue-Green deployment:
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/SpringSecurityOauth2PasswordJpaImplApplication.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/database/CommonDataSourceConfiguration.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/dto/CustomErrorResponsePayload.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/exception/ErrorMessagesContainedException.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/exception/data/ResourceNotFoundException.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/exception/util/EncodingProcessException.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/message/GeneralErrorMessage.java
Copy file name to clipboardExpand all lines: client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/aop/SecurityPointCutImpl.java
0 commit comments