Git Product home page Git Product logo

oauth2-server's Introduction

oauth2-server

This project is an implementation for OAuth 2.0 Specification. Especially, the protocol of the server area is covered by this project.

Current supported Grant types

  • Authorization Code Grant
  • Resource Owner Password Credentials Grant
  • Client Credentials Grant

Current supported token types

How to use

This project is supporting some common processes to issue tokens. To use this framework, you have to provide an implementation of a DataHandler interface. The implementation class connects this framework to your databases or such storages.

Also, you have to implement a DataHandlerFactory interface to create your DataHandler instance.

Classes you have to implement are only above.

A class to handle a request to issue an access token is Token class. But, the Token class needs some helper classes. Therefore, you have to provide their instances to the Token instance. If you're using Spring Framework DI Container, you can inject them to the Token instance. Refer the applicationContext-token-schenario.xml file.

The way to use the Token class is simple. You can use it as the following snippet:

HttpServletRequest request = ...; // Provided by Servlet Container
HttpServletRequestAdapter adapter = new HttpServletRequestAdapter(request);
Token token = ...; // Injected
Token.Response response = token.handleRequest(adapter);
int code = response.getCode(); // 200, 400, 401, ...
String body = response.getBody(); // {"token_type":"Bearer","access_token":"...", ...}

An code for an integration test has the request and response contents of each grant type. Refer the test code TokenScenarioTest.

To check the request to access to each API endpoints, you can use ProtectedResource class. The following code snippet represents how to use its class:

HttpServletRequest request = ...; // Provided by Servlet Container
HttpServletRequestAdapter adapter = new HttpServletRequestAdapter(request);
ProtectedResource protectedResource = ...; // Injected
try {
    ProtectedResource.Response response = protectedResource.handleRequest(adapter);
    String remoteUser = response.getRemoteUser(); // User ID
    String clientId = response.getClientId(); // Client ID
    String scope = response.getScope(); // Scope string delimited by whitespace
    // do something
} catch(OAuthError e) {
    int httpStatusCode = e.getCode();
    String errorType = e.getType();
    String description = e.getDescription();
    // do something
}

If you build your application with Servlet API, then you can use the code above in your Filter class.

oauth2-server's People

Contributors

willmorrison avatar yoichiro avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

dboissin yukiyuki edificeio lambrospetrou hdmessaging tlztanluhe frankie8849 vniu jaiiye chenld khalihan prometheusk lukeddy zjggle zhilinwang coder-ming edtenz morozumi-h kimmunsu bosen365 oraclexbw khaliyo bieyaqing rinohan jawadkakar iqiancheng sdgdsffdsfff joliny geraldoandradee 253815740 noahxinhao dgbeetle mxcong lcamilo15 willmorrison lrodriguez2002cu mysugar rafikn lucienh jackxueman cusquiskas rishiwhite11 donaldlee2008 colababy kaikaigo57 dgu123 skyprayer tong1990 dacduong gfehse narci2010 nucedu arpitsingh21 evandertino mangotomato leamiko xinglu heavyvinicio acpouch jurson86 zgdkik yanxinjie l32218 abner-evane

oauth2-server's Issues

Request - getParameter() bug?

Hi!
I'm using your Oauth2Server and I have stumbled with a 500 bug while running the Token fetching, specifically in RequestParameter.java , method fetch, when it says:

    Map<String, String> params = new HashMap<String, String>();
    Map<String, String> parameterMap = request.getParameterMap();
    params.putAll(parameterMap);
    String token = request.getParameter("access_token")

The call to request.getParameterMap() is defined in the Request implementation HttpServletRequestAdapter, like this:

@SuppressWarnings("unchecked")
@Override
public Map<String, String> getParameterMap() {
    return request.getParameterMap();
}

where request is a HttpServletRequest variable.
This is worng because the HttpServletRequest method getParameter returns a Map<String,String[]> instead of a Map<String,String> to admit multiple parameters values.

Since we are are only interested on single parameters values in this program (there can only be one access token value), I have fixed the bug changing this function :

@SuppressWarnings("unchecked")
@Override
public Map<String, String> getParameterMap() {
    Map<String,String[]> allParametersValuesMap = request.getParameterMap();
    Map<String,String> firstParameterValueMap = new HashMap<String,String>();

    for (String key: allParametersValuesMap.keySet()) {
        firstParameterValueMap.put(key,( (String []) allParametersValuesMap.get(key))[0]);
    }

    return firstParameterValueMap;
}

Hope this helps, sorry for my english :(

Can you provide some examples?

config:
<servlet>
<servlet-name>token2</servlet-name>
<servlet-class>jp.eisbahn.oauth2.server.spi.servlet.TokenServlet</servlet-class>
<init-param>
<param-name>dataHandlerFactory</param-name>
<param-value>cn.lz.demo.MyDataFactory</param-value>
</init-param>
<init-param>
<param-name>grantHandlerProvider</param-name>
<param-value>jp.eisbahn.oauth2.server.granttype.impl.DefaultGrantHandlerProvider</param-value>
</init-param>
<init-param>
<param-name>clientCredentialFetcher</param-name>
<param-value>jp.eisbahn.oauth2.server.fetcher.clientcredential.ClientCredentialFetcherImpl</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>token2</servlet-name>
<url-pattern>/oauth2/token</url-pattern>
</servlet-mapping>
MyDataFactory.java:
public class MyDataFactory implements DataHandlerFactory {

@Override
public DataHandler create(Request request) {
    return new MyDataHandler(request);
}

}

MyDataHandler .java:
public class MyDataHandler extends DataHandler {

public MyDataHandler(Request request) {
    super(request);
    // TODO Auto-generated constructor stub
}

@Override
public boolean validateClient(String clientId, String clientSecret,
        String grantType) {
    // TODO Auto-generated method stub
    return false;
}

@Override
public String getUserId(String username, String password) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public AuthInfo createOrUpdateAuthInfo(String clientId, String userId,
        String scope) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public AccessToken createOrUpdateAccessToken(AuthInfo authInfo) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public AuthInfo getAuthInfoByCode(String code) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public AuthInfo getAuthInfoByRefreshToken(String refreshToken) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public String getClientUserId(String clientId, String clientSecret) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public boolean validateClientById(String clientId) {
    // TODO Auto-generated method stub
    return false;
}

@Override
public boolean validateUserById(String userId) {
    // TODO Auto-generated method stub
    return false;
}

@Override
public AccessToken getAccessToken(String token) {
    // TODO Auto-generated method stub
    return null;
}

@Override
public AuthInfo getAuthInfoById(String id) {
    // TODO Auto-generated method stub
    return null;
}

}

like this ,is right?
but, access http://localhost:8080/oauth2/token
HTTP Status 405 - HTTP method GET is not supported by this URL
Hope to get your help.
very big thanks.

compilation errors

I can't compile the project. Tried the following:

  1. import maven project from Intellij. Got these errors:
    a. package.org.apache.commons.io does not exist
    b. cannot find symbol
    symbol: variable IOUtils
    location: class jp.eisbahn.oauth2.server.spi.servlet.TokenServlet

  2. running "mvn clean package" from command line. Got same errors

Do you know how can I solve it?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.