single sign on

Author: giaunv

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/.gitignore

@@ -0,0 +1,8 @@
+target
+out
+.settings
+.classpath
+.project
+.idea
+*.iml
+*.DS_Store

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/pom.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>hello-sso-jwt-auth</artifactId>
+    <name>hello-sso-jwt-auth</name>
+    <description>hello-sso-jwt-auth</description>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.4.RELEASE</version>
+    </parent>
+
+    <properties>
+        <java.version>1.7</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-freemarker</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/src/main/java/com/hellokoding/sso/auth/CookieUtil.java

@@ -0,0 +1,32 @@
+package com.hellokoding.sso.auth;
+
+import org.springframework.web.util.WebUtils;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookieUtil {
+    public static void create(HttpServletResponse httpServletResponse, String name, String value, Boolean secure, Integer maxAge, String domain) {
+        Cookie cookie = new Cookie(name, value);
+        cookie.setSecure(secure);
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(maxAge);
+        cookie.setDomain(domain);
+        cookie.setPath("/");
+        httpServletResponse.addCookie(cookie);
+    }
+
+    public static void clear(HttpServletResponse httpServletResponse, String name) {
+        Cookie cookie = new Cookie(name, null);
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(0);
+        httpServletResponse.addCookie(cookie);
+    }
+
+    public static String getValue(HttpServletRequest httpServletRequest, String name) {
+        Cookie cookie = WebUtils.getCookie(httpServletRequest, name);
+        return cookie != null ? cookie.getValue() : null;
+    }
+}

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/src/main/java/com/hellokoding/sso/auth/JwtUtil.java

@@ -0,0 +1,28 @@
+package com.hellokoding.sso.auth;
+
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Date;
+
+public class JwtUtil {
+    public static String generateToken(String signingKey, String subject) {
+        long nowMillis = System.currentTimeMillis();
+        Date now = new Date(nowMillis);
+
+        JwtBuilder builder = Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .signWith(SignatureAlgorithm.HS256, signingKey);
+
+        return builder.compact();
+    }
+
+    public static String getSubject(HttpServletRequest httpServletRequest, String jwtTokenCookieName, String signingKey){
+        String token = CookieUtil.getValue(httpServletRequest, jwtTokenCookieName);
+        if(token == null) return null;
+        return Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token).getBody().getSubject();
+    }
+}

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/src/main/java/com/hellokoding/sso/auth/LoginController.java

@@ -0,0 +1,45 @@
+package com.hellokoding.sso.auth;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.Map;
+
+@Controller
+public class LoginController {
+    private static final String jwtTokenCookieName = "JWT-TOKEN";
+    private static final String signingKey = "signingKey";
+    private static final Map<String, String> credentials = new HashMap<>();
+
+    public LoginController() {
+        credentials.put("hellokoding", "hellokoding");
+        credentials.put("hellosso", "hellosso");
+    }
+
+    @RequestMapping("/")
+    public String home(){
+        return "redirect:/login";
+    }
+
+    @RequestMapping("/login")
+    public String login(){
+        return "login";
+    }
+
+    @RequestMapping(value = "login", method = RequestMethod.POST)
+    public String login(HttpServletResponse httpServletResponse, String username, String password, String redirect, Model model){
+        if (username == null || !credentials.containsKey(username) || !credentials.get(username).equals(password)){
+            model.addAttribute("error", "Invalid username or password!");
+            return "login";
+        }
+
+        String token = JwtUtil.generateToken(signingKey, username);
+        CookieUtil.create(httpServletResponse, jwtTokenCookieName, token, false, -1, "localhost");
+
+        return "redirect:" + redirect;
+    }
+}

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/src/main/java/com/hellokoding/sso/auth/WebApplication.java

@@ -0,0 +1,12 @@
+package com.hellokoding.sso.auth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class WebApplication{
+    public static void main(String[] args) throws Exception {
+        SpringApplication.run(WebApplication.class, args);
+    }
+}
+

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-auth/src/main/resources/templates/login.ftl

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>Authentication Service</title>
+</head>
+<body>
+<form method="POST" action="/login?redirect=${RequestParameters.redirect!}">
+    <h2>Log in</h2>
+    <input name="username" type="text" placeholder="Username"
+           autofocus="true"/>
+    <input name="password" type="password" placeholder="Password"/>
+    <div>(try username=hellokoding and password=hellokoding)</div>
+    <div style="color: red">${error!}</div>
+    <br/>
+    <button type="submit">Log In</button>
+</form>
+</body>
+</html>

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-resource/.gitignore

@@ -0,0 +1,8 @@
+target
+out
+.settings
+.classpath
+.project
+.idea
+*.iml
+*.DS_Store

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-resource/pom.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>hello-sso-jwt-resource</artifactId>
+    <name>hello-sso-jwt-resource</name>
+    <description>hello-sso-jwt-resource</description>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.4.RELEASE</version>
+    </parent>
+
+    <properties>
+        <java.version>1.7</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-freemarker</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

springboot-examples/springboot-single-sign-on-jwt/hello-sso-jwt-resource/src/main/java/com/hellokoding/sso/resource/CookieUtil.java

@@ -0,0 +1,33 @@
+package com.hellokoding.sso.resource;
+
+import org.springframework.web.util.WebUtils;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookieUtil {
+    public static void create(HttpServletResponse httpServletResponse, String name, String value, Boolean secure, Integer maxAge, String domain) {
+        Cookie cookie = new Cookie(name, value);
+        cookie.setSecure(secure);
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(maxAge);
+        cookie.setDomain(domain);
+        cookie.setPath("/");
+        httpServletResponse.addCookie(cookie);
+    }
+
+    public static void clear(HttpServletResponse httpServletResponse, String name) {
+        Cookie cookie = new Cookie(name, null);
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(0);
+        cookie.setDomain("localhost");
+        httpServletResponse.addCookie(cookie);
+    }
+
+    public static String getValue(HttpServletRequest httpServletRequest, String name) {
+        Cookie cookie = WebUtils.getCookie(httpServletRequest, name);
+        return cookie != null ? cookie.getValue() : null;
+    }
+}
+