oauth sso dev

authorization-server/build.gradle

@@ -26,7 +26,6 @@ ext {
 dependencies {
     compile('org.springframework.security:spring-security-oauth2-client')
     compile('org.springframework.security:spring-security-oauth2-jose')
-    
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
     implementation 'org.springframework.boot:spring-boot-starter-web'

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java

@@ -13,7 +13,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.List;
 
-//@EnableWebSecurity
+@EnableWebSecurity
 public class WebMvcConfig implements WebMvcConfigurer {
 
     @Autowired

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java

@@ -23,7 +23,7 @@ import org.springframework.web.filter.CharacterEncodingFilter;
 @Configuration
 //@EnableOAuth2Client
 //@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
-//@Order(-1)
+@Order(-1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
@@ -52,29 +52,18 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-//        http.formLogin();
-//http://localhost:8081/mk-auth/oauth/authorize?response_type=code&client_id=system1&redirect_uri=http://localhost:8081/mk-auth/code&scope=read
-//        curl -u system1:1234 http://localhost:8081/mk-auth/oauth/token -d "grant_type=password&username=user1&password=1234"
-// curl -u system1:1234 http://localhost:8081/mk-auth/oauth/token -d "grant_type=refresh_token&scope=read&refresh_token=131e73e1-0806-4f26-a84c-6d06eeecfd5d"
-
-
-
-
-
 
 //        --------------------------------- sso test
-//        http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
-//                .and()
-//                .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
-//                .and()
-//                .authorizeRequests().anyRequest().authenticated()
-//                .and()
-//                .headers().frameOptions().disable()
-//                .and()
-//                .oauth2Login()
-//                .loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
-//                .and()
-//                .addFilterBefore(filter, CsrfFilter.class);
+        http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
+                .and()
+                .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
+                .and()
+                .authorizeRequests().anyRequest().authenticated()
+                .and()
+                .headers().frameOptions().disable()
+                .and()
+                .oauth2Login()
+                .loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
 
     }
 

queue/out/production/resources/application.properties

@@ -0,0 +1,18 @@
+spring.application.name=queue
+server.port=8080
+
+spring.jackson.serialization.write-dates-as-timestamps=false
+
+#spring.datasource.url=jdbc:mysql://rds.master.uneedcomms.net/mmc?charset=utf8
+#spring.datasource.username=mmc_crud
+#spring.datasource.password=s3art33c
+#spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+
+cloud.aws.credentials.access-key=AKIAJG77K3AKVKQVE3LA
+cloud.aws.credentials.secret-key=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
+cloud.aws.region.auto=false
+cloud.aws.region.static=ap-northeast-2
+cloud.aws.stack.auto=false
+
+#sqs.queue_name=sender-sms.fifo
+#sqs.url=https://sqs.ap-northeast-2.amazonaws.com/203872522995/sender-sms.fifo

settings.gradle

@@ -1,6 +1 @@
-rootProject.name = 'project-mark'
-include 'eureka-server'
-include 'contents'
-include 'zuul-oauth2'
-include 'authorization-server'
-include 'test-service'
+rootProject.name = 'project-mark'

test-service/src/main/java/io/bluemoon/testservice/ResourceServiceConfig.java

@@ -1,18 +1,19 @@
-//package io.bluemoon.testservice;
-//
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-//import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
-//
-//@EnableResourceServer
-//@Configuration
-//public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
-//
-//    @Override
-//    public void configure(HttpSecurity http) throws Exception {
-//        http.requestMatcher(new RequestHeaderRequestMatcher("Authorization"))
-//                .authorizeRequests().anyRequest().fullyAuthenticated();
-//    }
-//}
+package io.bluemoon.testservice;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
+
+@Configuration
+public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .anyRequest()
+                .authenticated();
+    }
+}

test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java

@@ -17,32 +17,33 @@ import java.security.Principal;
 @EnableResourceServer
 public class TestServiceApplication {
 
+
     public static void main(String[] args) {
         SpringApplication.run(TestServiceApplication.class, args);
     }
 
-    @Controller
-    @RequestMapping("/")
-    public static class TestController{
-
-        @RequestMapping(method = RequestMethod.GET)
-        @ResponseBody
-        public String helloMk2(Principal principal) {
-            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
-        }
-
-        @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_USER')")
-        @RequestMapping(value = "secret", method = RequestMethod.GET)
-        @ResponseBody
-        public String helloMk2Secret(Principal principal) {
-            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
-        }
-
-        @RequestMapping(method = RequestMethod.GET, value = "test")
-        @ResponseBody
-        public String test() {
-            return "test";
-        }
-    }
+//    @Controller
+//    @RequestMapping("/")
+//    public static class TestController{
+//
+//        @RequestMapping(method = RequestMethod.GET)
+//        @ResponseBody
+//        public String helloMk2(Principal principal) {
+//            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
+//        }
+//
+//        @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_USER')")
+//        @RequestMapping(value = "secret", method = RequestMethod.GET)
+//        @ResponseBody
+//        public String helloMk2Secret(Principal principal) {
+//            return principal == null ? "hello anonymous" : "heelo" + principal.getName();
+//        }
+//
+//        @RequestMapping(method = RequestMethod.GET, value = "test")
+//        @ResponseBody
+//        public String test() {
+//            return "test";
+//        }
+//    }
 
 }

test-service/src/main/java/io/bluemoon/testservice/utils/UserContext.java

@@ -0,0 +1,21 @@
+package io.bluemoon.testservice.utils;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+@Setter
+public class UserContext {
+    public static final String CORREATION_ID = "tmx-correlation-id";
+    public static final String AUTH_TOKEN = "Authorization";
+    public static final String USER_ID = "tmx-user-id";
+    public static final String ORG_ID = "tmx-org-id";
+
+    private String correlationId;
+    private String authToken;
+    private String userId;
+    private String orgId;
+
+}

test-service/src/main/java/io/bluemoon/testservice/utils/UserContextFilter.java

@@ -0,0 +1,36 @@
+package io.bluemoon.testservice.utils;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+@Component
+@Slf4j
+public class UserContextFilter implements Filter {
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        log.debug("I am entering the licensing service id with auth token : ", httpServletRequest.getHeader("Authorization"));
+
+        UserContextHolder.getContext().setCorrelationId(httpServletRequest.getHeader(UserContext.CORREATION_ID));
+        UserContextHolder.getContext().setUserId(httpServletRequest.getHeader(UserContext.USER_ID));
+        UserContextHolder.getContext().setAuthToken(httpServletRequest.getHeader(UserContext.AUTH_TOKEN));
+        UserContextHolder.getContext().setOrgId(httpServletRequest.getHeader(UserContext.ORG_ID));
+
+        chain.doFilter(httpServletRequest, response);
+
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

test-service/src/main/java/io/bluemoon/testservice/utils/UserContextHolder.java

@@ -0,0 +1,26 @@
+package io.bluemoon.testservice.utils;
+
+import org.springframework.util.Assert;
+
+public class UserContextHolder {
+    private static final ThreadLocal<UserContext> userContext = new ThreadLocal<UserContext>();
+
+    public static final UserContext getContext() {
+        UserContext context = userContext.get();
+
+        if (context == null) {
+            context = createEmptyContext();
+            userContext.set(context);
+        }
+        return userContext.get();
+    }
+
+    public static final void setContext(UserContext context) {
+        Assert.notNull(context, "Only non-null UserContext instances are permitted");
+        userContext.set(context);
+    }
+
+    public static final UserContext createEmptyContext() {
+        return new UserContext();
+    }
+}

test-service/src/main/java/io/bluemoon/testservice/utils/UserContextInterceptor.java

@@ -0,0 +1,21 @@
+package io.bluemoon.testservice.utils;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
+
+import java.io.IOException;
+
+public class UserContextInterceptor implements ClientHttpRequestInterceptor {
+    @Override
+    public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
+
+        HttpHeaders headers = request.getHeaders();
+        headers.add(UserContext.CORREATION_ID, UserContextHolder.getContext().getCorrelationId());
+        headers.add(UserContext.AUTH_TOKEN, UserContextHolder.getContext().getAuthToken());
+
+        return execution.execute(request, body);
+    }
+}

test-service/src/main/resources/application.properties

@@ -8,5 +8,4 @@ server.servlet.context-path=/api
 #security.oauth2.client.client-id=system1
 #security.oauth2.client.client-secret=1234
 #security.oauth2.resource.token-info-uri=http://127.0.0.1:8081/mk-auth/oauth/check_token
-security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user
-security.oauth2.resource.prefer-token-info=false
+security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user

zuul-oauth2/build.gradle

@@ -26,8 +26,6 @@ ext {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.cloud:spring-cloud-starter-netflix-zuul'
-    implementation 'org.springframework.cloud:spring-cloud-starter-oauth2'
-    implementation 'org.springframework.cloud:spring-cloud-starter-security'
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'

zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/ZuulOauth2Application.java

@@ -1,12 +1,20 @@
 package io.bluemoon.zuuloauth2;
 
+import io.bluemoon.zuuloauth2.utils.UserContextInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.loadbalancer.LoadBalanced;
 import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
 import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.client.RestTemplate;
 
+import java.security.Principal;
+import java.util.Collections;
+import java.util.List;
+
 @SpringBootApplication
 @EnableZuulProxy
 public class ZuulOauth2Application {
@@ -14,9 +22,29 @@ public class ZuulOauth2Application {
     @LoadBalanced
     @Bean
     public RestTemplate getRestTemplate() {
+//        RestTemplate template = new RestTemplate();
+//        List interceptors = template.getInterceptors();
+//        if (interceptors == null) {
+//            template.setInterceptors(Collections.singletonList(new UserContextInterceptor()));
+//        } else {
+//            interceptors.add(new UserContextInterceptor());
+//            template.setInterceptors(interceptors);
+//        }
+//        return template;
         return new RestTemplate();
     }
 
+    @Controller
+    @RequestMapping("/")
+    public static class TestController {
+        @RequestMapping(method = RequestMethod.GET)
+        public String test(Principal principal) {
+            System.out.println(principal.getName());
+            System.out.println(principal.toString());
+            return "aa";
+        }
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(ZuulOauth2Application.class, args);
     }

zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/AuthenticationFilter.java

@@ -50,6 +50,7 @@ public class AuthenticationFilter extends ZuulFilter {
     @Override
     public Object run() throws ZuulException {
         RequestContext ctx = RequestContext.getCurrentContext();
+        log.debug("what???{}", ctx);
         return null;
     }
 }

zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContext.java

@@ -0,0 +1,21 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+@Setter
+public class UserContext {
+    public static final String CORREATION_ID = "tmx-correlation-id";
+    public static final String AUTH_TOKEN = "Authorization";
+    public static final String USER_ID = "tmx-user-id";
+    public static final String ORG_ID = "tmx-org-id";
+
+    private String correlationId;
+    private String authToken;
+    private String userId;
+    private String orgId;
+
+}

zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextFilter.java

@@ -0,0 +1,36 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+@Component
+@Slf4j
+public class UserContextFilter implements Filter {
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        log.debug("I am entering the licensing service id with auth token : ", httpServletRequest.getHeader("Authorization"));
+
+        UserContextHolder.getContext().setCorrelationId(httpServletRequest.getHeader(UserContext.CORREATION_ID));
+        UserContextHolder.getContext().setUserId(httpServletRequest.getHeader(UserContext.USER_ID));
+        UserContextHolder.getContext().setAuthToken(httpServletRequest.getHeader(UserContext.AUTH_TOKEN));
+        UserContextHolder.getContext().setOrgId(httpServletRequest.getHeader(UserContext.ORG_ID));
+
+        chain.doFilter(httpServletRequest, response);
+
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextHolder.java

@@ -0,0 +1,26 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import org.springframework.util.Assert;
+
+public class UserContextHolder {
+    private static final ThreadLocal<UserContext> userContext = new ThreadLocal<UserContext>();
+
+    public static final UserContext getContext() {
+        UserContext context = userContext.get();
+
+        if (context == null) {
+            context = createEmptyContext();
+            userContext.set(context);
+        }
+        return userContext.get();
+    }
+
+    public static final void setContext(UserContext context) {
+        Assert.notNull(context, "Only non-null UserContext instances are permitted");
+        userContext.set(context);
+    }
+
+    public static final UserContext createEmptyContext() {
+        return new UserContext();
+    }
+}

zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/utils/UserContextInterceptor.java

@@ -0,0 +1,21 @@
+package io.bluemoon.zuuloauth2.utils;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
+
+import java.io.IOException;
+
+public class UserContextInterceptor implements ClientHttpRequestInterceptor {
+    @Override
+    public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
+
+        HttpHeaders headers = request.getHeaders();
+        headers.add(UserContext.CORREATION_ID, UserContextHolder.getContext().getCorrelationId());
+        headers.add(UserContext.AUTH_TOKEN, UserContextHolder.getContext().getAuthToken());
+
+        return execution.execute(request, body);
+    }
+}

zuul-oauth2/src/main/resources/application.properties

@@ -1 +1,19 @@
+server.port=8765
 
+zuul.sensitive-headers=
+
+zuul.routes.mk2-service.path=/api/**
+zuul.routes.mk2-service.url=http://127.0.0.1:8082/api
+zuul.routes.mk2-service.sensitive-headers=
+#zuul.routes.mk2-service.sensitive-headers=Cookie,Set-Cookie,Authorization
+
+zuul.routes.mk2-oauth.path=/mk-auth/**
+#zuul.routes.mk2-oauth.url=https://59a7bc58.ngrok.io
+zuul.routes.mk2-oauth.url=http://localhost:8081/mk-auth
+zuul.routes.mk2-oauth.sensitive-headers=
+#zuul.routes.mk2-oauth.sensitive-headers=Cookie,Set-Cookie,Authorization
+#zuul.routes.mk2-oauth.path=/mk2auth/**
+
+
+logging.level.web=debug
+spring.http.log-request-details=true