authorization exception handler, logout

authorization-server/src/main/java/io/bluemoon/authorizationserver/AuthorizationServerApplication.java

@@ -8,7 +8,6 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
 import java.util.Date;
 
 @SpringBootApplication
-@EnableResourceServer
 public class AuthorizationServerApplication {
 
     public static void main(String[] args) {

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/ResourceServerConfiguration.java

@@ -1,27 +1,22 @@
-//package io.bluemoon.authorizationserver.config;
+package io.bluemoon.authorizationserver.config;
-//
+
-//
+
-//import org.springframework.context.annotation.Configuration;
+import io.bluemoon.authorizationserver.config.handler.CustomAccessDeniedHandler;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import io.bluemoon.authorizationserver.config.handler.CustomHttp403ForbiddenEntryPoint;
-//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.context.annotation.Configuration;
-//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-//
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-//@Configuration
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
-//@EnableResourceServer
+
-//public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
+@Configuration
-//
+@EnableResourceServer
-//    @Override
+public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
-//    public void configure(HttpSecurity http) throws Exception {
+
-////        super.configure(http);
+    @Override
-//        http.headers().frameOptions().disable();
+    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
-//        http.authorizeRequests()
+        resources.authenticationEntryPoint(new CustomHttp403ForbiddenEntryPoint());
-//                .anyRequest().permitAll()
+        resources.accessDeniedHandler(new CustomAccessDeniedHandler());
-//                .antMatchers("/mk-auth/code").access("#oauth2.hasScode('read')");
+        resources.resourceId("resource-id");
-//    }
+    }
-//
+}
-//    @Override
-//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
-//        resources.resourceId()
-//    }
-//}

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java

@@ -4,6 +4,7 @@ import io.bluemoon.authorizationserver.domain.social.UserArgumentResolver;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.web.filter.ForwardedHeaderFilter;
@@ -13,7 +14,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.List;
 
-@EnableWebSecurity
+@Configuration
 public class WebMvcConfig implements WebMvcConfigurer {
 
     @Autowired

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java

@@ -13,17 +13,19 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 //import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.csrf.CsrfFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.filter.CharacterEncodingFilter;
 
 @Configuration
-//@EnableOAuth2Client
+@EnableWebSecurity
-//@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
 @Order(SecurityProperties.DEFAULT_FILTER_ORDER)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -57,12 +59,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 //        --------------------------------- sso test
         http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
                 .and()
-                .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
+                .requestMatchers().antMatchers("/login/**","/oauth/authorize")
                 .and()
                 .authorizeRequests().anyRequest().authenticated()
                 .and()
                 .headers().frameOptions().disable()
                 .and()
+                .logout().logoutSuccessUrl("/logout").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true).deleteCookies("JSESSIONID")
+                .and()
                 .oauth2Login()
                 .loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
 
@@ -93,10 +97,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         return daoAuthenticationProvider;
     }
 
+//    @Bean
+//    @SuppressWarnings("deprecation")
+//    public static NoOpPasswordEncoder passwordEncoder() {
+//        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
+//    }
+
     @Bean
-    @SuppressWarnings("deprecation")
+    public static PasswordEncoder passwordEncoder() {
-    public static NoOpPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
-        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
     }
 
 

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomAccessDeniedHandler.java

@@ -0,0 +1,37 @@
+package io.bluemoon.authorizationserver.config.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.Map;
+
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        System.out.println("---------custom access denied handler");
+        System.out.println(request.getRequestURI());
+        System.out.println(accessDeniedException.getMessage());
+
+        response.setContentType("application/json;charset=UTF-8");
+        Map map = new HashMap();
+        map.put("errorauth", "400");
+        map.put("message", accessDeniedException.getMessage());
+        map.put("path", request.getServletPath());
+        map.put("timestamp", LocalDateTime.now().toString());
+        response.setContentType("application/json");
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        try {
+            ObjectMapper mapper = new ObjectMapper();
+            mapper.writeValue(response.getOutputStream(), map);
+        } catch (Exception e) {
+            throw new ServletException();
+        }
+    }
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomHttp403ForbiddenEntryPoint.java

@@ -0,0 +1,36 @@
+package io.bluemoon.authorizationserver.config.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.Map;
+
+public class CustomHttp403ForbiddenEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        System.out.println("-------------------");
+        System.out.println(request.getRequestURI());
+        System.out.println("-------------------");
+        Map map = new HashMap();
+        map.put("errorentry", "401");
+        map.put("message", authException.getMessage());
+        map.put("path", request.getServletPath());
+        map.put("timestamp", LocalDateTime.now().toString());
+        response.setContentType("application/json");
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+
+        try {
+            ObjectMapper mapper = new ObjectMapper();
+            mapper.writeValue(response.getOutputStream(), map);
+        } catch (Exception e) {
+            throw new ServletException();
+        }
+    }
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomOAuthException.java

@@ -0,0 +1,11 @@
+package io.bluemoon.authorizationserver.config.handler;
+
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+
+@JsonSerialize(using = CustomOAuthExceptionSerializer.class)
+public class CustomOAuthException extends OAuth2Exception {
+    public CustomOAuthException(String msg) {
+        super(msg);
+    }
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomOAuthExceptionSerializer.java

@@ -0,0 +1,34 @@
+package io.bluemoon.authorizationserver.config.handler;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Map;
+
+public class CustomOAuthExceptionSerializer extends StdSerializer<CustomOAuthException> {
+
+    public CustomOAuthExceptionSerializer() {
+        super(CustomOAuthException.class);
+    }
+
+    @Override
+    public void serialize(CustomOAuthException value, JsonGenerator gen, SerializerProvider provider) throws IOException {
+        gen.writeStartObject();
+        gen.writeNumberField("code4444", value.getHttpErrorCode());
+        gen.writeBooleanField("status", false);
+        gen.writeObjectField("data", null);
+        gen.writeObjectField("errors", Arrays.asList(value.getOAuth2ErrorCode(), value.getMessage()));
+
+        if (value.getAdditionalInformation() != null) {
+            for (Map.Entry<String, String> entry : value.getAdditionalInformation().entrySet()) {
+                String key = entry.getKey();
+                String add = entry.getValue();
+                gen.writeStringField(key, add);
+            }
+        }
+        gen.writeEndObject();;
+    }
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomResponseExceptionTranslator.java

@@ -0,0 +1,27 @@
+package io.bluemoon.authorizationserver.config.handler;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
+import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
+
+public class CustomResponseExceptionTranslator implements WebResponseExceptionTranslator {
+    @Override
+    public ResponseEntity translate(Exception e) throws Exception {
+        if (e instanceof OAuth2Exception) {
+            OAuth2Exception oAuth2Exception = (OAuth2Exception) e;
+            return ResponseEntity
+                    .status(oAuth2Exception.getHttpErrorCode())
+                    .body(new CustomOAuthException(oAuth2Exception.getMessage()));
+        } else if (e instanceof AuthenticationException) {
+            AuthenticationException authenticationException = (AuthenticationException) e;
+            return ResponseEntity
+                    .status(HttpStatus.UNAUTHORIZED)
+                    .body(new CustomOAuthException(authenticationException.getMessage()));
+        }
+        return ResponseEntity
+                .status(HttpStatus.OK)
+                .body(new CustomOAuthException(e.getMessage()));
+    }
+}

test-service/src/main/resources/application.properties

@@ -2,7 +2,7 @@ server.port=8082
 server.servlet.context-path=/test
 
 #security.oauth2.resource.user-info-uri=http://oauth.keepgrow.world/uaa/user
-security.oauth2.resource.user-info-uri=http://localhost:8081/uaa/user
+security.oauth2.resource.user-info-uri=http://localhost:8765/uaa/user
 security.oauth2.resource.token-info-uri=http://localhost:8081/uaa/oauth/check_token
 security.oauth2.resource.prefer-token-info=false