feature : set authorization code base

Author: patternhelloworld

client/pom.xml

@@ -157,6 +157,14 @@ http://maven.apache.org/xsd/maven-4.0.0.xsd">
             <!-- Follow ${spring-boot-dependencies.version} -->
         </dependency>
 
+        <!-- Login Page -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+            <!-- Follow ${spring-boot-dependencies.version} -->
+        </dependency>
+
+
 
 
         <!--4. TEST-->

client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/logger/common/LoggingFilter.java

@@ -34,13 +34,14 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
                 return;
             }
 
-            HttpServletRequest requestToCache = new ContentCachingRequestWrapper(request);
+          //  HttpServletRequest requestToCache = new ContentCachingRequestWrapper(request);
 //          HttpServletResponse responseToCache = new ContentCachingResponseWrapper(response);
 
-            chain.doFilter(requestToCache, servletResponse);
+           // chain.doFilter(requestToCache, servletResponse);
         } else {
-            chain.doFilter(servletRequest, servletResponse);
+            //chain.doFilter(servletRequest, servletResponse);
         }
+        chain.doFilter(servletRequest, servletResponse);
 
 
     }

client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/message/CustomSecurityUserExceptionMessage.java

@@ -16,6 +16,9 @@ public enum CustomSecurityUserExceptionMessage implements ExceptionMessageInterf
     AUTHENTICATION_WRONG_ID_PASSWORD("1User information could not be verified. Please check your ID or password. If the problem persists, please contact customer service."),
     AUTHENTICATION_PASSWORD_FAILED_EXCEEDED("1The number of password attempts has been exceeded."),
 
+    // Wrong Authorization Code
+    AUTHORIZATION_CODE_NO_EXISTS("1The specified Authorization code does not exist."),
+
     // CLIENT ID, SECRET
     AUTHENTICATION_WRONG_CLIENT_ID_SECRET("1Client information is not verified."),
 

client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/web/WebMvcConfig.java

@@ -14,7 +14,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
 
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        registry.addResourceHandler("/docs/**", "/favicon.ico").addResourceLocations("classpath:/static/docs/");
+        registry.addResourceHandler("/docs/**").addResourceLocations("classpath:/static/docs/");
     }
 
 }

client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/common/api/BaseApi.java

@@ -30,4 +30,6 @@ public String home () {
         return "home";
     }
 
+
+
 }

client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/common/web/LoginWeb.java

@@ -0,0 +1,12 @@
+package com.patternknife.securityhelper.oauth2.client.domain.common.web;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class LoginWeb {
+    @GetMapping("/login")
+    public String loginPage() {
+        return "login";
+    }
+}

client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/traditionaloauth/api/v1/TraditionalOauthApi.java

@@ -1,24 +1,33 @@
 package com.patternknife.securityhelper.oauth2.client.domain.traditionaloauth.api.v1;
 
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jose.util.Base64;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.exception.KnifeOauth2AuthenticationException;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.message.DefaultSecurityUserExceptionMessage;
 
 import io.github.patternknife.securityhelper.oauth2.api.config.security.message.ISecurityUserExceptionMessageService;
 import io.github.patternknife.securityhelper.oauth2.api.domain.traditionaloauth.dto.SpringSecurityTraditionalOauthDTO;
 import io.github.patternknife.securityhelper.oauth2.api.domain.traditionaloauth.service.TraditionalOauthService;
+import lombok.Getter;
 import lombok.RequiredArgsConstructor;
+import lombok.ToString;
+import org.springframework.http.*;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.client.RestTemplate;
 
 @RestController
-@RequestMapping("/api/v1")
 @RequiredArgsConstructor
 public class TraditionalOauthApi {
 
     private final TraditionalOauthService traditionalOauthService;
     private final ISecurityUserExceptionMessageService iSecurityUserExceptionMessageService;
 
-    @PostMapping("/traditional-oauth/token")
+    @PostMapping("/api/v1/traditional-oauth/token")
     public SpringSecurityTraditionalOauthDTO.TokenResponse createAccessToken(
             @ModelAttribute SpringSecurityTraditionalOauthDTO.TokenRequest tokenRequest,
             @RequestHeader("Authorization") String authorizationHeader){
@@ -32,4 +41,57 @@ public SpringSecurityTraditionalOauthDTO.TokenResponse createAccessToken(
         }
     }
 
+    @PostMapping("/api/v1/traditional-oauth/authorization-code")
+    public SpringSecurityTraditionalOauthDTO.AuthorizationCodeResponse createAuthorizationCode(
+            @ModelAttribute SpringSecurityTraditionalOauthDTO.AuthorizationCodeRequest authorizationCodeRequest,
+            @RequestHeader("Authorization") String authorizationHeader){
+
+        // authorization_code 생성
+        return traditionalOauthService.createAuthorizationCode(authorizationCodeRequest, authorizationHeader);
+    }
+
+    @GetMapping("/callback1")
+    public String callback(@RequestParam String code) throws JsonProcessingException {
+        System.out.println("code = " + code);
+
+        OauthTokenDto token = getToken(code);
+        System.out.println("getToken() = " + token);
+
+        return token.toString();
+    }
+
+    private RestTemplate restTemplate;
+    private ObjectMapper objectMapper;
+
+    private OauthTokenDto getToken(String code) throws JsonProcessingException {
+        String credentials = "testClientId:testSecret";
+        String encodedCredentials = new String(Base64.encode(credentials.getBytes()).decode());
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        headers.add("Authorization", "Basic " + encodedCredentials);
+
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        params.add("code", code);
+        params.add("grant_type", "authorization_code");
+        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+        ResponseEntity<String> response = restTemplate.postForEntity("http://localhost:8080/oauth2/token", request, String.class);
+        if (response.getStatusCode() == HttpStatus.OK) {
+            System.out.println("response.getBody() = " + response.getBody());
+            OauthTokenDto oauthTokenDto = objectMapper.readValue(response.getBody(), OauthTokenDto.class);
+            return oauthTokenDto;
+        }
+        return null;
+    }
+
+    @Getter
+    @ToString
+    static class OauthTokenDto {
+        private String access_token;
+        private String token_type;
+        private String refresh_token;
+        private long expires_in;
+        private String scope;
+    }
+
 }

client/src/main/resources/application.properties

@@ -70,4 +70,7 @@ app.timezone=Asia/Seoul
 
 logginglevel.org.springframework.security=trace
 
-io.github.patternknife.securityhelper.oauth2.no-app-token-same-access-token=true
+io.github.patternknife.securityhelper.oauth2.no-app-token-same-access-token=true
+
+spring.mvc.view.prefix=/templates/
+spring.mvc.view.suffix=.html

client/src/main/resources/static/assets/css/signin.css

@@ -0,0 +1,32 @@
+html,
+body {
+    height: 100%;
+}
+
+body {
+    display: flex;
+    align-items: start;
+    padding-top: 100px;
+    background-color: #f5f5f5;
+}
+
+.form-signin {
+    max-width: 330px;
+    padding: 15px;
+}
+
+.form-signin .form-floating:focus-within {
+    z-index: 2;
+}
+
+.form-signin input[type="username"] {
+    margin-bottom: -1px;
+    border-bottom-right-radius: 0;
+    border-bottom-left-radius: 0;
+}
+
+.form-signin input[type="password"] {
+    margin-bottom: 10px;
+    border-top-left-radius: 0;
+    border-top-right-radius: 0;
+}

client/src/main/resources/templates/consent.html

@@ -0,0 +1,104 @@
+<!DOCTYPE html>
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+<head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Custom consent page - Consent required</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
+    <script>
+        function cancelConsent() {
+            document.consent_form.reset();
+            document.consent_form.submit();
+        }
+    </script>
+</head>
+<body>
+<div class="container">
+    <div class="row py-5">
+        <h1 class="text-center text-primary">App permissions</h1>
+    </div>
+    <div class="row">
+        <div class="col text-center">
+            <p>
+                The application
+                <span class="fw-bold text-primary" th:text="${clientId}"></span>
+                wants to access your account
+                <span class="fw-bold" th:text="${principalName}"></span>
+            </p>
+        </div>
+    </div>
+    <div th:if="${userCode}" class="row">
+        <div class="col text-center">
+            <p class="alert alert-warning">
+                You have provided the code
+                <span class="fw-bold" th:text="${userCode}"></span>.
+                Verify that this code matches what is shown on your device.
+            </p>
+        </div>
+    </div>
+    <div class="row pb-3">
+        <div class="col text-center">
+            <p>
+                The following permissions are requested by the above app.<br/>
+                Please review these and consent if you approve.
+            </p>
+        </div>
+    </div>
+    <div class="row">
+        <div class="col text-center">
+            <form name="consent_form" method="post" th:action="${requestURI}">
+                <input type="hidden" name="client_id" th:value="${clientId}">
+                <input type="hidden" name="state" th:value="${state}">
+                <input th:if="${userCode}" type="hidden" name="user_code" th:value="${userCode}">
+
+                <div th:each="scope: ${scopes}" class="form-check py-1">
+                    <input class="form-check-input"
+                           style="float: none"
+                           type="checkbox"
+                           name="scope"
+                           th:value="${scope.scope}"
+                           th:id="${scope.scope}">
+                    <label class="form-check-label fw-bold px-2" th:for="${scope.scope}" th:text="${scope.scope}"></label>
+                    <p class="text-primary" th:text="${scope.description}"></p>
+                </div>
+
+                <p th:if="${not #lists.isEmpty(previouslyApprovedScopes)}">
+                    You have already granted the following permissions to the above app:
+                </p>
+                <div th:each="scope: ${previouslyApprovedScopes}" class="form-check py-1">
+                    <input class="form-check-input"
+                           style="float: none"
+                           type="checkbox"
+                           th:id="${scope.scope}"
+                           disabled
+                           checked>
+                    <label class="form-check-label fw-bold px-2" th:for="${scope.scope}" th:text="${scope.scope}"></label>
+                    <p class="text-primary" th:text="${scope.description}"></p>
+                </div>
+
+                <div class="pt-3">
+                    <button class="btn btn-primary btn-lg" type="submit" id="submit-consent">
+                        Submit Consent
+                    </button>
+                </div>
+                <div class="pt-3">
+                    <button class="btn btn-link regular" type="button" id="cancel-consent" onclick="cancelConsent();">
+                        Cancel
+                    </button>
+                </div>
+            </form>
+        </div>
+    </div>
+    <div class="row pt-4">
+        <div class="col text-center">
+            <p>
+                <small>
+                    Your consent to provide access is required.<br/>
+                    If you do not approve, click Cancel, in which case no information will be shared with the app.
+                </small>
+            </p>
+        </div>
+    </div>
+</div>
+</body>
+</html>