126 lines
4.7 KiB
Java
126 lines
4.7 KiB
Java
package com.eactive.eai.authserver.custom;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.apache.commons.lang3.StringUtils;
|
|
import org.json.simple.JSONObject;
|
|
import org.springframework.http.ResponseEntity;
|
|
import org.springframework.security.oauth2.provider.ClientDetails;
|
|
import org.springframework.util.MultiValueMap;
|
|
import org.springframework.web.bind.annotation.PostMapping;
|
|
import org.springframework.web.bind.annotation.RequestBody;
|
|
import org.springframework.web.bind.annotation.RequestMapping;
|
|
import org.springframework.web.bind.annotation.RequestMethod;
|
|
import org.springframework.web.bind.annotation.RequestParam;
|
|
import org.springframework.web.bind.annotation.ResponseBody;
|
|
import org.springframework.web.bind.annotation.RestController;
|
|
|
|
import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException;
|
|
import com.eactive.eai.authserver.service.OAuth2Manager;
|
|
import com.eactive.eai.common.util.Logger;
|
|
|
|
@RestController
|
|
@RequestMapping("/auth/oauth/v2")
|
|
public class BearerTokenContoller {
|
|
|
|
public static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
|
|
private final BearerTokenService tokenService;
|
|
|
|
public BearerTokenContoller(BearerTokenService tokenService) {
|
|
this.tokenService = tokenService;
|
|
}
|
|
|
|
// 기본 CA Bearer Token 발급
|
|
@PostMapping("/token")
|
|
public ResponseEntity<?> issueCAToken(@RequestParam MultiValueMap<String, String> req) throws JwtAuthException {
|
|
JSONObject resObject = new JSONObject();
|
|
|
|
try {
|
|
String clientId = req.getFirst("client_id"); // .get("client_id");
|
|
String grantType = req.getFirst("grant_type");
|
|
if (!StringUtils.equals(grantType, "client_credentials") ) {
|
|
throw new JwtAuthException("unsupported_grant_type", "Unsupported grant type");
|
|
}
|
|
|
|
ClientDetails clientDetails = OAuth2Manager.getInstance().getClientDeatilsStore().get(clientId);
|
|
if (clientDetails == null) {
|
|
throw new JwtAuthException("invalid_client", "Bad client credentials(not found)");
|
|
}
|
|
|
|
String tokenType = "Bearer";
|
|
String clientSecret = req.getFirst("client_secret");
|
|
String scopes = req.getFirst("scope");
|
|
Long expiresIn = Long.valueOf(clientDetails.getAccessTokenValiditySeconds());
|
|
|
|
String[] reqScopeArr = org.springframework.util.StringUtils.tokenizeToStringArray(scopes, " ");
|
|
Set<String> scopeSet = new HashSet<String>();
|
|
for (String scope : reqScopeArr) {
|
|
scopeSet.add(scope);
|
|
}
|
|
veryfyClient(clientDetails, clientSecret, scopeSet);
|
|
|
|
String token = tokenService.generateCAToken(clientId, expiresIn, scopeSet);
|
|
|
|
Map<String, Object> tokenMap = new HashMap<>();
|
|
tokenMap.put("token_type", tokenType);
|
|
tokenMap.put("access_token", token);
|
|
tokenMap.put("expires_in", expiresIn);
|
|
tokenMap.put("scope", scopes);
|
|
// ... and so on for all key-value pairs
|
|
resObject.putAll(tokenMap);
|
|
|
|
return ResponseEntity.ok(resObject);
|
|
} catch (JwtAuthException e) {
|
|
logger.error(e);
|
|
|
|
JSONObject errorJson = new JSONObject();
|
|
errorJson.put("error", e.getCode());
|
|
errorJson.put("error_description", e.getMessage());
|
|
resObject.putAll(errorJson);
|
|
return ResponseEntity.status(401).body(resObject);
|
|
} catch (Exception e) {
|
|
logger.error(e);
|
|
|
|
JSONObject errorJson = new JSONObject();
|
|
errorJson.put("error", "invalid_request");
|
|
errorJson.put("error_description", e.getMessage());
|
|
resObject.putAll(errorJson);
|
|
return ResponseEntity.status(500).body(resObject);
|
|
}
|
|
}
|
|
|
|
// // 서비스용 Bearer Token 발급
|
|
// @PostMapping("/service")
|
|
// public ResponseEntity<?> issueFileToken(@RequestBody Map<String, String> req) {
|
|
// String fileId = req.get("fileid");
|
|
//
|
|
// String token = tokenService.generateFileToken(fileId);
|
|
//
|
|
// Map<String, String> tokenMap = new HashMap<>();
|
|
// tokenMap.put("token_type", "Bearer");
|
|
// tokenMap.put("file_token", token);
|
|
// tokenMap.put("expires_in", "599");
|
|
// tokenMap.put("expires_on", "1575593514");
|
|
// tokenMap.put("resource", fileId);
|
|
//
|
|
// return ResponseEntity.ok(tokenMap);
|
|
// }
|
|
private void veryfyClient(ClientDetails clientDetails, String clientSecret, Set<String> scopeSet) throws JwtAuthException {
|
|
if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
|
|
throw new JwtAuthException("invalid_client", "Bad client credentials(client_secret is empty or not match)");
|
|
}
|
|
|
|
if (scopeSet.isEmpty()) {
|
|
throw new JwtAuthException("invalid_client", "Bad client credentials(Scope is empty)");
|
|
}
|
|
|
|
if (!clientDetails.getScope().containsAll(scopeSet)) {
|
|
throw new JwtAuthException("invalid_client", "Bad client credentials(Include unacceptable scope)");
|
|
}
|
|
}
|
|
}
|
|
|