custom security configs are added

musabbozkurt · Feb 3, 2024 · 7e11c08 · 7e11c08
1 parent 7453848
commit 7e11c08
Show file tree

Hide file tree

Showing 16 changed files with 991 additions and 10 deletions.
diff --git a/OAuth2 Authorization Server.postman_collection.json b/OAuth2 Authorization Server.postman_collection.json
@@ -1,6 +1,6 @@
 {
   "info": {
-    "_postman_id": "6f2013c5-ce4f-45e9-925b-c74657c76b96",
+    "_postman_id": "4984c05e-6ca1-418a-ad8d-865821ba6a10",
     "name": "OAuth2 Authorization Server",
     "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
     "_exporter_id": "31512047"
@@ -127,6 +127,199 @@
         }
       },
       "response": []
+    },
+    {
+      "name": "Get OAuth2 Token with Custom Password",
+      "request": {
+        "auth": {
+          "type": "basic",
+          "basic": [
+            {
+              "key": "password",
+              "value": "{{client_secret}}",
+              "type": "string"
+            },
+            {
+              "key": "username",
+              "value": "{{client_id}}",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "POST",
+        "header": [],
+        "body": {
+          "mode": "formdata",
+          "formdata": [
+            {
+              "key": "grant_type",
+              "value": "custom_password",
+              "type": "text"
+            },
+            {
+              "key": "username",
+              "value": "User",
+              "type": "text"
+            },
+            {
+              "key": "password",
+              "value": "password",
+              "type": "text"
+            }
+          ]
+        },
+        "url": {
+          "raw": "localhost:9000/oauth2/token",
+          "host": [
+            "localhost"
+          ],
+          "port": "9000",
+          "path": [
+            "oauth2",
+            "token"
+          ]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "Get OAuth2 Token Using Client Credentials Grant",
+      "event": [
+        {
+          "listen": "test",
+          "script": {
+            "exec": [
+              "var response = JSON.parse(responseBody);",
+              "",
+              "pm.test(\"Status code is 200\", function () {",
+              "    pm.response.to.have.status(200);",
+              "    pm.collectionVariables.set(\"client_credentials_access_token\", response.access_token);",
+              "});"
+            ],
+            "type": "text/javascript"
+          }
+        }
+      ],
+      "request": {
+        "auth": {
+          "type": "basic",
+          "basic": [
+            {
+              "key": "password",
+              "value": "{{client_secret}}",
+              "type": "string"
+            },
+            {
+              "key": "username",
+              "value": "{{client_id}}",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "POST",
+        "header": [],
+        "body": {
+          "mode": "formdata",
+          "formdata": [
+            {
+              "key": "grant_type",
+              "value": "client_credentials",
+              "type": "text"
+            },
+            {
+              "key": "scope",
+              "value": "read openid",
+              "type": "text"
+            }
+          ]
+        },
+        "url": {
+          "raw": "localhost:9000/oauth2/token",
+          "host": [
+            "localhost"
+          ],
+          "port": "9000",
+          "path": [
+            "oauth2",
+            "token"
+          ]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "Get OAuth2 Token Using JWT Bearer Grant",
+      "request": {
+        "auth": {
+          "type": "basic",
+          "basic": [
+            {
+              "key": "password",
+              "value": "{{client_secret}}",
+              "type": "string"
+            },
+            {
+              "key": "username",
+              "value": "{{client_id}}",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "POST",
+        "header": [],
+        "body": {
+          "mode": "formdata",
+          "formdata": [
+            {
+              "key": "grant_type",
+              "value": "urn:ietf:params:oauth:grant-type:jwt-bearer",
+              "type": "text"
+            },
+            {
+              "key": "assertion",
+              "value": "{{client_credentials_access_token}}",
+              "type": "text"
+            },
+            {
+              "key": "scope",
+              "value": "read",
+              "type": "text"
+            }
+          ]
+        },
+        "url": {
+          "raw": "localhost:9000/oauth2/token",
+          "host": [
+            "localhost"
+          ],
+          "port": "9000",
+          "path": [
+            "oauth2",
+            "token"
+          ]
+        }
+      },
+      "response": []
+    }
+  ],
+  "event": [
+    {
+      "listen": "prerequest",
+      "script": {
+        "type": "text/javascript",
+        "exec": [
+          ""
+        ]
+      }
+    },
+    {
+      "listen": "test",
+      "script": {
+        "type": "text/javascript",
+        "exec": [
+          ""
+        ]
+      }
     }
   ],
   "variable": [
@@ -137,6 +330,10 @@
     {
       "key": "client_secret",
       "value": "secret"
+    },
+    {
+      "key": "client_credentials_access_token",
+      "value": "null"
     }
   ]
 }
diff --git a/src/main/java/mb/oauth2authorizationserver/config/CustomPasswordAuthenticationConverter.java b/src/main/java/mb/oauth2authorizationserver/config/CustomPasswordAuthenticationConverter.java
@@ -0,0 +1,63 @@
+package mb.oauth2authorizationserver.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+import mb.oauth2authorizationserver.utils.SecurityUtil;
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+
+import java.util.*;
+
+public class CustomPasswordAuthenticationConverter implements AuthenticationConverter {
+
+    @Nullable
+    @Override
+    public Authentication convert(HttpServletRequest request) {
+        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
+
+        if (!"custom_password".equals(grantType)) {
+            return null;
+        }
+
+        MultiValueMap<String, String> parameters = SecurityUtil.getParameters(request);
+
+        // scope (OPTIONAL)
+        String scope = parameters.getFirst(OAuth2ParameterNames.SCOPE);
+        if (StringUtils.hasText(scope) && parameters.get(OAuth2ParameterNames.SCOPE).size() != 1) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST);
+        }
+
+        // username (REQUIRED)
+        String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
+        if (!StringUtils.hasText(username) || parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST);
+        }
+
+        // password (REQUIRED)
+        String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
+        if (!StringUtils.hasText(password) || parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) {
+            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST);
+        }
+
+        Set<String> requestedScopes = null;
+        if (StringUtils.hasText(scope)) {
+            requestedScopes = new HashSet<>(Arrays.asList(StringUtils.delimitedListToStringArray(scope, " ")));
+        }
+
+        Map<String, Object> additionalParameters = new HashMap<>();
+        parameters.forEach((key, value) -> {
+            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && !key.equals(OAuth2ParameterNames.SCOPE)) {
+                additionalParameters.put(key, value.getFirst());
+            }
+        });
+
+        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
+        return new CustomPasswordAuthenticationToken(clientPrincipal, requestedScopes, additionalParameters);
+    }
+}