Update to version 0.5-beta from http://git.oschina.net/shengzhao/spring-oauth-server

Author: LSZ

others/database/initial_db.ddl

@@ -1,39 +1,40 @@
 -- ###############
 --    create MySQL database , if need create, cancel the comment
 -- ###############
--- create database if not exists spring_oauth default character set utf8;
--- use spring_oauth set default character = utf8;
+-- create database if not exists oauth2 default character set utf8;
+-- use oauth2 set default character = utf8;
 
 -- ###############
---    grant privileges  to spring_oauth/spring_oauth
+--    grant privileges  to oauth2/oauth2
 -- ###############
--- GRANT ALL PRIVILEGES ON spring_oauth.* TO spring_oauth@localhost IDENTIFIED BY "spring_oauth";
+-- GRANT ALL PRIVILEGES ON oauth2.* TO oauth2@localhost IDENTIFIED BY "oauth2";
 
 -- ###############
 -- Domain:  User
 -- ###############
 Drop table  if exists user_;
-CREATE TABLE `user_` (
-  `id` int(11) NOT NULL auto_increment,
-  `guid` varchar(255) not null unique,
-  `create_time` datetime ,
-  `archived` tinyint(1) default '0',
-  `email` varchar(255),
-  `password` varchar(255) not null,
-  `phone` varchar(255),
-  `username` varchar(255) not null unique,
-   `default_user` tinyint(1) default '0',
-   `last_login_time` datetime ,
-  PRIMARY KEY  (`id`)
+CREATE TABLE user_ (
+  id int(11) NOT NULL auto_increment,
+  guid varchar(255) not null unique,
+  create_time datetime ,
+  archived tinyint(1) default '0',
+  email varchar(255),
+  password varchar(255) not null,
+  phone varchar(255),
+  username varchar(255) not null unique,
+   default_user tinyint(1) default '0',
+   last_login_time datetime ,
+  PRIMARY KEY  (id)
 ) ENGINE=InnoDB AUTO_INCREMENT=20 DEFAULT CHARSET=utf8;
 
 
 -- ###############
 -- Domain:  Privilege
 -- ###############
 Drop table  if exists user_privilege;
-CREATE TABLE `user_privilege` (
-  `user_id` int(11),
-  `privilege` varchar(255)
+CREATE TABLE user_privilege (
+  user_id int(11),
+  privilege varchar(255),
+  KEY user_id_index (user_id)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 

others/database/oauth.ddl

@@ -5,57 +5,62 @@
 Drop table  if exists oauth_client_details;
 create table oauth_client_details (
   client_id VARCHAR(255) PRIMARY KEY,
-  resource_ids VARCHAR(256),
-  client_secret VARCHAR(256),
-  scope VARCHAR(256),
-  authorized_grant_types VARCHAR(256),
-  web_server_redirect_uri VARCHAR(256),
-  authorities VARCHAR(256),
+  resource_ids VARCHAR(255),
+  client_secret VARCHAR(255),
+  scope VARCHAR(255),
+  authorized_grant_types VARCHAR(255),
+  web_server_redirect_uri VARCHAR(255),
+  authorities VARCHAR(255),
   access_token_validity INTEGER,
   refresh_token_validity INTEGER,
-  additional_information VARCHAR(4096),
+  additional_information TEXT,
   create_time timestamp default now(),
   archived tinyint(1) default '0',
-  trusted tinyint(1) default '0'
-);
+  trusted tinyint(1) default '0',
+  autoapprove VARCHAR (255) default 'false'
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
-Drop table  if exists oauth_client_token;
-create table oauth_client_token (
-  create_time timestamp default now(),
-  token_id VARCHAR(256),
-  token BLOB,
-  authentication_id VARCHAR(256),
-  user_name VARCHAR(256),
-  client_id VARCHAR(256)
-);
 
 Drop table  if exists oauth_access_token;
 create table oauth_access_token (
   create_time timestamp default now(),
-  token_id VARCHAR(256),
+  token_id VARCHAR(255),
   token BLOB,
-  authentication_id VARCHAR(256),
-  user_name VARCHAR(256),
-  client_id VARCHAR(256),
+  authentication_id VARCHAR(255),
+  user_name VARCHAR(255),
+  client_id VARCHAR(255),
   authentication BLOB,
-  refresh_token VARCHAR(256)
-);
+  refresh_token VARCHAR(255)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 
 Drop table  if exists oauth_refresh_token;
 create table oauth_refresh_token (
   create_time timestamp default now(),
-  token_id VARCHAR(256),
+  token_id VARCHAR(255),
   token BLOB,
   authentication BLOB
-);
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 
 Drop table  if exists oauth_code;
 create table oauth_code (
   create_time timestamp default now(),
-  code VARCHAR(256),
+  code VARCHAR(255),
   authentication BLOB
-);
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+
+
+-- Add indexes
+create index token_id_index on oauth_access_token (token_id);
+create index authentication_id_index on oauth_access_token (authentication_id);
+create index user_name_index on oauth_access_token (user_name);
+create index client_id_index on oauth_access_token (client_id);
+create index refresh_token_index on oauth_access_token (refresh_token);
 
+create index token_id_index on oauth_refresh_token (token_id);
 
+create index code_index on oauth_code (code);
 
 

others/db_table_description.html

@@ -22,7 +22,7 @@ <h2>spring-oauth-server 数据库表说明</h2>
         </thead>
         <tbody>
         <tr>
-            <td rowspan="14">oauth_client_details</td>
+            <td rowspan="15">oauth_client_details</td>
             <td>client_id</td>
             <td>
                 主键,必须唯一,不能为空.
@@ -188,6 +188,16 @@ <h2>spring-oauth-server 数据库表说明</h2>
                 对该字段的具体使用请参考<code>OauthUserApprovalHandler.java</code>. (扩展字段)
             </td>
         </tr>
+        <tr>
+            <td>autoapprove</td>
+            <td>
+                设置用户是否自动Approval操作, 默认值为 'false', 可选值包括 'true','false', 'read','write'.
+                <br/>
+                该字段只适用于grant_type="authorization_code"的情况,当用户登录成功后,若该值为'true'或支持的scope值,则会跳过用户Approve的页面, 直接授权.
+                <br/>
+                该字段与 trusted 有类似的功能, 是 spring-security-oauth2 的 2.0 版本后添加的新属性.
+            </td>
+        </tr>
         <tr>
             <td colspan="2">
                 <p class="text-info">
@@ -361,7 +371,7 @@ <h2>spring-oauth-server 数据库表说明</h2>
     </table>
 
     <p class="text-muted">
-        &copy; <a href="http://git.oschina.net/shengzhao/spring-oauth-server" target="_blank">spring-oauth-server</a>
+        &copy; 2013 - 2015 <a href="http://git.oschina.net/shengzhao/spring-oauth-server" target="_blank">spring-oauth-server</a>
     </p>
 </div>
 

others/how_to_use.txt

@@ -1,14 +1,13 @@
 
 
 使用的主要技术与版本号
-*Spring (3.1.1.RELEASE)
-*Spring Security (3.1.0.RELEASE)
-*MyBatis (3.2.1)
-*spring-security-oauth2 (1.0.5.RELEASE)
+*Spring (4.1.6.RELEASE)
+*Spring Security (4.0.1.RELEASE)
+*spring-security-oauth2 (2.0.7.RELEASE)
 
 
 如何使用?
-1.项目是Maven管理的, 需要本地安装maven(开发用的maven版本号为3.1.0), 还有MySql(开发用的mysql版本号为5.5)
+1.项目是Maven管理的, 需要本地安装maven(开发用的maven版本号为3.1.0), 还有MySql(开发用的mysql版本号为5.6)
 
 2.下载(或clone)项目到本地
 
@@ -17,7 +16,7 @@
 
 4.修改spring-oauth-server.properties(位于src/resources目录)中的数据库连接信息(包括username, password等)
 
-5.将本地项目导入到IDE(如Intellij IDEA)中,配置Tomcat(或类似的servelt运行服务器), 并启动Tomcat(默认端口为8080)
+5.将本地项目导入到IDE(如Intellij IDEA)中,配置Tomcat(或类似的servlet运行服务器), 并启动Tomcat(默认端口为8080)
    另: 也可通过maven package命令将项目编译为war文件(spring-oauth-server.war),
          将war放在Tomcat中并启动(注意: 这种方式需要将spring-oauth-server.properties加入到classpath中并正确配置数据库连接信息).
 

others/oauth_test.txt

@@ -1,22 +1,22 @@
 
 方式1:基于浏览器  (访问时后跳到登录页面,登录成功后跳转到redirect_uri指定的地址) [GET]
 说明:只能使用admin或unity 账号登录才能有权限访问,若使用mobile账号登录将返回Access is denied
-http://localhost:8080/spring-oauth-server/oauth/authorize?client_id=unity-client&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2funity%2fdashboard.htm&response_type=code&scope=read
+http://localhost:8080/spring-oauth-server/oauth/authorize?client_id=unity-client&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2funity%2fdashboard&response_type=code&scope=read
 
 说明: 由于mobile-client只支持password,refresh_token, 所以不管用哪个账号登录后都将返回Illegal action
-http://localhost:8080/spring-oauth-server/oauth/authorize?client_id=mobile-client&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2fm%2fdashboard.htm&response_type=code&scope=read
+http://localhost:8080/spring-oauth-server/oauth/authorize?client_id=mobile-client&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2fm%2fdashboard&response_type=code&scope=read
 
 
 
 
 响应的URL如:
 http://localhost:8080/spring-oauth-server/unity/dashboard.htm?code=zLl170
 
-通过code换取access_token [GET]
-http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=zLl170&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2funity%2fdashboard.htm
+通过code换取access_token [POST]
+http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=zLl170&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2funity%2fdashboard
 
 
-方式2:基于客户端  (注意参数中的username,password,对应用户的账号,密码) [GET]
+方式2:基于客户端  (注意参数中的username,password,对应用户的账号,密码) [POST]
 http://localhost:8080/spring-oauth-server/oauth/token?client_id=mobile-client&client_secret=mobile&grant_type=password&scope=read,write&username=mobile&password=mobile
 
 说明:由于unity-client不支持password,所以若用unity-client通过password方式去授权,将返回invalid_grant
@@ -33,10 +33,28 @@ http://localhost:8080/spring-oauth-server/unity/dashboard.htm?access_token=3420d
 
 
 
-刷新access_token [GET]
+刷新access_token [POST]
 http://localhost:8080/spring-oauth-server/oauth/token?client_id=mobile-client&client_secret=mobile&grant_type=refresh_token&refresh_token=b36f4978-a172-4aa8-af89-60f58abe3ba1
 
 
+Restful OAuth2 Test [POST]
+URL: /oauth2/rest_token
+ContentType: application/json
+
+DEMO URL: http://localhost:8080/spring-oauth-server/oauth2/rest_token
+Request Body: {"grant_type":"client_credentials","scope":"read","client_id":"credentials","client_secret":"credentials","username":"user","password":"123"}
+
+Response Body:
+{
+    "access_token": "cd165ebc-562d-45df-8488-9f1ba947553e",
+    "token_type": "bearer",
+    "expires_in": 43193,
+    "scope": "read"
+}
+
+
+
+
 更多的测试请访问
 http://git.oschina.net/mkk/spring-oauth-client