package com.eactive.eai.authserver.custom; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.json.simple.JSONObject; import org.springframework.http.ResponseEntity; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.util.MultiValueMap; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException; import com.eactive.eai.authserver.service.OAuth2Manager; import com.eactive.eai.common.util.Logger; @RestController @RequestMapping("/auth/oauth/v2") public class BearerTokenContoller { public static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT); private final BearerTokenService tokenService; public BearerTokenContoller(BearerTokenService tokenService) { this.tokenService = tokenService; } // 기본 CA Bearer Token 발급 @PostMapping("/token") public ResponseEntity issueCAToken(@RequestParam MultiValueMap req) throws JwtAuthException { JSONObject resObject = new JSONObject(); try { String clientId = req.getFirst("client_id"); // .get("client_id"); String grantType = req.getFirst("grant_type"); if (!StringUtils.equals(grantType, "client_credentials") ) { throw new JwtAuthException("unsupported_grant_type", "Unsupported grant type"); } ClientDetails clientDetails = OAuth2Manager.getInstance().getClientDeatilsStore().get(clientId); if (clientDetails == null) { throw new JwtAuthException("invalid_client", "Bad client credentials(not found)"); } String tokenType = "Bearer"; String clientSecret = req.getFirst("client_secret"); String scopes = req.getFirst("scope"); Long expiresIn = Long.valueOf(clientDetails.getAccessTokenValiditySeconds()); String[] reqScopeArr = org.springframework.util.StringUtils.tokenizeToStringArray(scopes, " "); Set scopeSet = new HashSet(); for (String scope : reqScopeArr) { scopeSet.add(scope); } veryfyClient(clientDetails, clientSecret, scopeSet); String token = tokenService.generateCAToken(clientId, expiresIn, scopeSet); Map tokenMap = new HashMap<>(); tokenMap.put("token_type", tokenType); tokenMap.put("access_token", token); tokenMap.put("expires_in", expiresIn); tokenMap.put("scope", scopes); // ... and so on for all key-value pairs resObject.putAll(tokenMap); return ResponseEntity.ok(resObject); } catch (JwtAuthException e) { logger.error(e); JSONObject errorJson = new JSONObject(); errorJson.put("error", e.getCode()); errorJson.put("error_description", e.getMessage()); resObject.putAll(errorJson); return ResponseEntity.status(401).body(resObject); } catch (Exception e) { logger.error(e); JSONObject errorJson = new JSONObject(); errorJson.put("error", "invalid_request"); errorJson.put("error_description", e.getMessage()); resObject.putAll(errorJson); return ResponseEntity.status(500).body(resObject); } } // // 서비스용 Bearer Token 발급 // @PostMapping("/service") // public ResponseEntity issueFileToken(@RequestBody Map req) { // String fileId = req.get("fileid"); // // String token = tokenService.generateFileToken(fileId); // // Map tokenMap = new HashMap<>(); // tokenMap.put("token_type", "Bearer"); // tokenMap.put("file_token", token); // tokenMap.put("expires_in", "599"); // tokenMap.put("expires_on", "1575593514"); // tokenMap.put("resource", fileId); // // return ResponseEntity.ok(tokenMap); // } private void veryfyClient(ClientDetails clientDetails, String clientSecret, Set scopeSet) throws JwtAuthException { if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) { throw new JwtAuthException("invalid_client", "Bad client credentials(client_secret is empty or not match)"); } if (scopeSet.isEmpty()) { throw new JwtAuthException("invalid_client", "Bad client credentials(Scope is empty)"); } if (!clientDetails.getScope().containsAll(scopeSet)) { throw new JwtAuthException("invalid_client", "Bad client credentials(Include unacceptable scope)"); } } }