diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b6e2a6d --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +.idea +.gradle +build/ +classes/ +out +.DS_Store +*.iml +src/main/resources/application.yml \ No newline at end of file diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..60539c2 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,13 @@ +language: java +jdk: + - oraclejdk8 +install: true +before_cache: + - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock + - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ +cache: + directories: + - $HOME/.gradle/caches/ + - $HOME/.gradle/wrapper/ +after_success: + - ./gradlew jacocoTestReport coveralls \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..49ba704 --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ +# FINT OAuth Token Service + +[![Build Status](https://travis-ci.org/FINTlibs/fint-oauth-token-service.svg?branch=master)](https://travis-ci.org/FINTlibs/fint-oauth-token-service) +[![Coverage Status](https://coveralls.io/repos/github/FINTlibs/fint-oauth-token-service/badge.svg?branch=master)](https://coveralls.io/github/FINTlibs/fint-oauth-token-service?branch=master) + +Based on the [Spring Security OAuth](http://projects.spring.io/spring-security-oauth/) project. +Handles the access and refresh token. + + +## Installation + +```groovy +repositories { + maven { + url "http://dl.bintray.com/fint/maven" + } +} + +compile('no.fint:fint-oauth-token-service:0.0.1') +``` + +## Usage + +Import the `OAuthConfig` class fro the `@Configuration`. + +```java +@Import(OAuthConfig.class) +@Configuration +public class Config { + ... +} +``` + +Autoimport the `TokenService` and call `getAccessToken()`. +If the property `fint.oauth.enabled` is set to `false` the `TokenService` can be null. + +```java +@Autowired(required = false) +private TokenService tokenService; + +public void myMethod() { + if(tokenService != null) { + String accessToken = tokenService.getAccessToken(); + ... + } +} +``` + +## Configuration + +| Key | Description | +|-----|-------------| +| fint.oauth.enabled | true / false. Enables / disables the TokenService | +| fint.oauth.username | Username | +| fint.oauth.password | Password | +| fint.oauth.access-token-uri | Access token URI | +| fint.oauth.client-id | Client id | +| fint.oauth.client-secret | Client secret | +| fint.oauth.request-url | Request url | +| fint.oauth.scope | Scope | \ No newline at end of file diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..face4a9 --- /dev/null +++ b/build.gradle @@ -0,0 +1,54 @@ +plugins { + id 'com.github.ben-manes.versions' version '0.15.0' + id 'com.jfrog.bintray' version '1.7.3' + id 'com.github.kt3k.coveralls' version '2.8.1' +} + +apply plugin: 'java' +apply plugin: 'groovy' +apply plugin: 'maven' +apply plugin: 'jacoco' + +version = '0.0.1' +sourceCompatibility = 1.8 + +repositories { + mavenLocal() + jcenter() + maven { + url "http://dl.bintray.com/fint/maven" + } +} + +apply from: 'https://raw.githubusercontent.com/FINTlibs/fint-buildscripts/v1.0.14/dependencies.gradle' +dependencies { + compile("org.springframework.boot:spring-boot-starter-web:${springBootVersion}") + compile('org.springframework.security.oauth:spring-security-oauth2:2.1.1.RELEASE') + compileOnly("org.projectlombok:lombok:${lombokVersion}") + + testCompile('cglib:cglib-nodep:3.2.5') + testCompile("org.spockframework:spock-spring:${spockSpringVersion}") + testCompile("org.spockframework:spock-core:${spockSpringVersion}") + testCompile("org.springframework.boot:spring-boot-starter-test:${springBootVersion}") +} + +task wrapper(type: Wrapper) { + gradleVersion = gradleVersion +} + +test { + testLogging { + events 'passed', 'skipped', 'failed' + } +} + +jacocoTestReport { + reports { + xml.enabled true + } +} + +apply from: 'https://raw.githubusercontent.com/FINTlibs/fint-buildscripts/v1.0.14/dependencyReport.gradle' +if (project.hasProperty('bintrayUser') && project.hasProperty('bintrayKey')) { + apply from: 'https://raw.githubusercontent.com/FINTlibs/fint-buildscripts/v1.0.14/bintray.gradle' +} \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..5bced51 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..09320ea --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Tue Jun 20 15:13:25 CEST 2017 +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-bin.zip diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..cccdd3d --- /dev/null +++ b/gradlew @@ -0,0 +1,172 @@ +#!/usr/bin/env sh + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS="" + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=$(save "$@") + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..e95643d --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,84 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS= + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/src/main/java/no/fint/oauth/OAuthConfig.java b/src/main/java/no/fint/oauth/OAuthConfig.java new file mode 100644 index 0000000..50e0587 --- /dev/null +++ b/src/main/java/no/fint/oauth/OAuthConfig.java @@ -0,0 +1,41 @@ +package no.fint.oauth; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.client.OAuth2RestTemplate; +import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails; + +import java.util.Collections; + +@Slf4j +@ConditionalOnProperty(name = OAuthTokenProps.ENABLE_OAUTH, havingValue = "true") +@Configuration +public class OAuthConfig { + + @Bean + public OAuthTokenProps props() { + return new OAuthTokenProps(); + } + + @Bean + public OAuth2RestTemplate oauth2RestTemplate() { + OAuthTokenProps props = props(); + ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails(); + resourceDetails.setUsername(props.getUsername()); + resourceDetails.setPassword(props.getPassword()); + resourceDetails.setAccessTokenUri(props.getAccessTokenUri()); + resourceDetails.setClientId(props.getClientId()); + resourceDetails.setClientSecret(props.getClientSecret()); + resourceDetails.setGrantType("password"); + resourceDetails.setScope(Collections.singletonList(props.getScope())); + return new OAuth2RestTemplate(resourceDetails); + } + + @Bean + public TokenService tokenService() { + return new TokenService(); + } + +} diff --git a/src/main/java/no/fint/oauth/OAuthTokenProps.java b/src/main/java/no/fint/oauth/OAuthTokenProps.java new file mode 100644 index 0000000..8172aee --- /dev/null +++ b/src/main/java/no/fint/oauth/OAuthTokenProps.java @@ -0,0 +1,33 @@ +package no.fint.oauth; + +import lombok.Getter; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +@Getter +@Component +public class OAuthTokenProps { + + static final String ENABLE_OAUTH = "fint.oauth.enabled"; + + @Value("${fint.oauth.username}") + private String username; + + @Value("${fint.oauth.password}") + private String password; + + @Value("${fint.oauth.access-token-uri}") + private String accessTokenUri; + + @Value("${fint.oauth.client-id}") + private String clientId; + + @Value("${fint.oauth.client-secret}") + private String clientSecret; + + @Value("${fint.oauth.request-url}") + private String requestUrl; + + @Value("${fint.oauth.scope}") + private String scope; +} diff --git a/src/main/java/no/fint/oauth/TokenService.java b/src/main/java/no/fint/oauth/TokenService.java new file mode 100644 index 0000000..b975aa7 --- /dev/null +++ b/src/main/java/no/fint/oauth/TokenService.java @@ -0,0 +1,41 @@ +package no.fint.oauth; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.oauth2.client.OAuth2RestTemplate; +import org.springframework.security.oauth2.common.OAuth2AccessToken; + +import javax.annotation.PostConstruct; + +public class TokenService { + + @Autowired + private OAuth2RestTemplate restTemplate; + + @Autowired + private OAuthTokenProps props; + + @PostConstruct + public void init() { + refreshToken(); + } + + private void refreshToken() { + ResponseEntity response = restTemplate.getForEntity(props.getRequestUrl(), Void.class); + if (response.getStatusCode() != HttpStatus.OK) { + throw new IllegalStateException(String.format("Unable to get access token from %s. Status: %d", props.getRequestUrl(), response.getStatusCodeValue())); + } + } + + public String getAccessToken() { + OAuth2AccessToken accessToken = restTemplate.getAccessToken(); + if (accessToken.getExpiresIn() > 5) { + return accessToken.getValue(); + } else { + refreshToken(); + return restTemplate.getAccessToken().getValue(); + } + } + +} diff --git a/src/test/groovy/no/fint/oauth/OAuthConfigSpec.groovy b/src/test/groovy/no/fint/oauth/OAuthConfigSpec.groovy new file mode 100644 index 0000000..eac7ced --- /dev/null +++ b/src/test/groovy/no/fint/oauth/OAuthConfigSpec.groovy @@ -0,0 +1,36 @@ +package no.fint.oauth + +import spock.lang.Specification + +class OAuthConfigSpec extends Specification { + private OAuthConfig config + + void setup() { + config = new OAuthConfig() + } + + def "Create OAuth props"() { + when: + def props = config.props() + + then: + props != null + } + + def "Create OAuth RestTemplate with grant type password"() { + when: + def restTemplate = config.oauth2RestTemplate() + + then: + restTemplate != null + restTemplate.resource.grantType == 'password' + } + + def "Create TokenService"() { + when: + def tokenService = config.tokenService() + + then: + tokenService != null + } +} diff --git a/src/test/groovy/no/fint/oauth/TokenServiceIntegrationSpec.groovy b/src/test/groovy/no/fint/oauth/TokenServiceIntegrationSpec.groovy new file mode 100644 index 0000000..218c66f --- /dev/null +++ b/src/test/groovy/no/fint/oauth/TokenServiceIntegrationSpec.groovy @@ -0,0 +1,22 @@ +package no.fint.oauth + +import no.fint.oauth.testutils.TestApplication +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.test.context.SpringBootTest +import spock.lang.Specification + +@SpringBootTest(classes = TestApplication) +class TokenServiceIntegrationSpec extends Specification { + + @Autowired(required = false) + private TokenService tokenService + + def "Disable TokenService when fint.oauth.enabled is set to false"() { + when: + def disabled = (tokenService == null) + + then: + disabled + } + +} diff --git a/src/test/groovy/no/fint/oauth/TokenServiceSpec.groovy b/src/test/groovy/no/fint/oauth/TokenServiceSpec.groovy new file mode 100644 index 0000000..32e02d3 --- /dev/null +++ b/src/test/groovy/no/fint/oauth/TokenServiceSpec.groovy @@ -0,0 +1,54 @@ +package no.fint.oauth + +import org.springframework.http.ResponseEntity +import org.springframework.security.oauth2.client.OAuth2RestTemplate +import org.springframework.security.oauth2.common.OAuth2AccessToken +import spock.lang.Specification + +class TokenServiceSpec extends Specification { + private TokenService tokenService + private OAuthTokenProps props + private OAuth2RestTemplate restTemplate + + void setup() { + restTemplate = Mock(OAuth2RestTemplate) + props = Mock(OAuthTokenProps) + tokenService = new TokenService(props: props, restTemplate: restTemplate) + } + + def "Throw IllegalStateException if request url does not return OK status"() { + when: + tokenService.init() + + then: + 2 * props.getRequestUrl() >> 'invalid-url' + 1 * restTemplate.getForEntity(_ as String, _ as Class) >> ResponseEntity.notFound().build() + thrown(IllegalStateException) + } + + def "Get AccessToken value if expiration is more than 5 seconds"() { + when: + def accessToken = tokenService.getAccessToken() + + then: + 1 * restTemplate.getAccessToken() >> Mock(OAuth2AccessToken) { + getExpiresIn() >> 10 + getValue() >> 'test' + } + accessToken == 'test' + } + + def "Refresh AccessToken if expiration is less than 5 seconds"() { + when: + def accessToken = tokenService.getAccessToken() + + then: + 2 * restTemplate.getAccessToken() >> Mock(OAuth2AccessToken) { + getExpiresIn() >> 4 + getValue() >> 'test' + } + 1 * props.getRequestUrl() >> 'http://localhost' + 1 * restTemplate.getForEntity(_ as String, _ as Class) >> ResponseEntity.ok().build() + accessToken == 'test' + } +} diff --git a/src/test/groovy/no/fint/oauth/testutils/TestApplication.java b/src/test/groovy/no/fint/oauth/testutils/TestApplication.java new file mode 100644 index 0000000..f40817f --- /dev/null +++ b/src/test/groovy/no/fint/oauth/testutils/TestApplication.java @@ -0,0 +1,10 @@ +package no.fint.oauth.testutils; + +import no.fint.oauth.OAuthConfig; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Import; + +@Import(OAuthConfig.class) +@SpringBootApplication +public class TestApplication { +} diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml new file mode 100644 index 0000000..c6f6beb --- /dev/null +++ b/src/test/resources/application.yml @@ -0,0 +1,3 @@ +fint: + oauth: + enabled: false \ No newline at end of file