Client registration with custom security

README.md

@@ -15,9 +15,9 @@ This is an Intermine Authorization Server built with Spring Boot 2.x OAuth2 whic
 ### Features
 
 * OAuth2.0 Authorization Server
-* We Use Postgresql
-* We Use Jdbc Token Store
-* We Use Jpa
+* Postgresql Database
+* Jdbc Token Store
+* Jpa
 
 ## Getting Started
 
@@ -53,54 +53,43 @@ Update these configurations in application.yml file of project inside resource d
 
 
 NOTE: Resource directory contains two predefined script also for database table creation and dummy entries so no need to create any tables on your own.
-But if you are running system very first time then make sure the extension of data file in resource directory is .sql because it will create entries in the tables with primary keys so after first run either remove that file or rename it to data.txt otherwise it'll cause error in your furthur run.  
+But if you are running system very first time then make sure the extension of data file in resource directory is .sql because it will create entries in the tables with primary key so after first run either remove that file or rename it to data.txt otherwise it'll cause error in your furthur run.  
 
 ### STEP-2 Run the application
 
 Server will be up on default port 8282 but you can change it by make changes in application.yml file.   
 
 ### Oauth2 Users Credential
-| User            | Password        | Role      | Permission                            |
-|-----------------|-----------------|-----------|---------------------------------------|
-| admin           | admin123        | Admin     | Create,Read,Update & DeleteProfile    |
-| testUser        | testUser123     | Operator  | Read & Update Profile                 |
-
-### Oauth Client Credential
-| Client_id    | Client_secret  | authorized grant types                             | scope       |
-|--------------|----------------|----------------------------------------------------|-------------|
-| flymine      | fmine          | authorization_code,password,refresh_token,implicit | READ, WRITE |   
+| User     | Password                                 | Role  | Permission                         |
+|----------|------------------------------------------|-------|------------------------------------|
+| admin    | b053c35d7ad8874124316924db05fc7023633d10 | Admin | Create,Read,Update & DeleteProfile |    
 
 
 
 ## Testing the App
 
-1. Testing PASSWORD Grant type to get access_token.
-This grant type is for testing purpose only and will not present in live application of Intermine authorization server.
+1.  Register a new client
+
+Make a POST request on http://localhost:8080/client-registration with following json body
 
-Make a post request from your rest client or by curl with following parameters:
 ```
-url: http://localhost:8282/oauth/token
-Authorization: Basic Auth
-               username(client_id): flymine
-               password(client_secret): fmine
-Body(form-data):: grant_type : password
-                  username   : admin
-                  password   : admin123
+{
+  "clientName": "<your-app-name",
+  "websiteUrl": "<your-appWebsite-url",
+  "registeredRedirectUri": ["<Callback-url>"]
+}
 ```
 
+Response
+
+You will get your client id and secret. Make sure to store these somewhere.
 
-Response:
 ```
 {
-    "access_token": "a6d92574-ded3-4a6e-ac7e-6fd8950d8faf",
-    "token_type": "bearer",
-    "refresh_token": "db8f3bc2-ff39-4480-84a5-d48a80f21311",
-    "expires_in": 3509,
-    "scope": "READ WRITE"
+  "client_id": "1adh34gdt6ywqsf68iklop94df.apps.intermine.com",
+  "client_secret": "9ju764gbvc32wsx56gj998k"
 }
 ```
-In the above grant type client is asking for access token from authorization server with its own credentials on behalf of user i.e along with user credentials also.
-
 
 2. Testing the authorization_code grant type:
 
@@ -114,16 +103,16 @@ Grant Type: Authorization Code
 Callback Url: http://localhost:8080/code
 Auth Url: http://localhost:8282/oauth/authorize
 Access Token Url: http://localhost:8282/oauth/token
-Client Id: flymine
-Client Secret: fmine
+Client Id: <your-client-id>
+Client Secret: <your-client-secret>
 Scope: READ WRITE
 State:(optional)
 Client Authentication: Send as Basic Auth Header
 ```
 
 Response
 
-You will be redirected to a login screen page so make sure to enter correct credentials of admin or testUser.
+You will be redirected to a login screen page so make sure to enter correct credentials of admin.
 
 <p align="center">
   <img src="https://github.com/ry007/intermine-authentication-server/blob/dev/src/main/resources/static/login.png" alt="Intermine Login" width="500">
@@ -163,8 +152,8 @@ Response :
 
 {
     "aud": [
-        "inventory",
-        "payment"
+    "Resource-1",
+    "Resource-2"
     ],
     "user_name": null,
     "scope": [
@@ -180,7 +169,7 @@ Response :
         "read_profile",
         "create_profile"
     ],
-    "client_id": "flymine"
+    "client_id": "1adh34gdt6yf.apps.intermine.com"
 }
 ```
 

src/main/java/org/intermine/security/authserver/config/AuthorizationServerConfiguration.java

@@ -1,5 +1,7 @@
 package org.intermine.security.authserver.config;
 
+import org.intermine.security.authserver.security.CustomPasswordEncoder;
+import org.intermine.security.authserver.service.CustomClientDetailsService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -9,40 +11,51 @@
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 import javax.sql.DataSource;
 
 @Configuration
 public class AuthorizationServerConfiguration implements AuthorizationServerConfigurer{
 
-    @Autowired
-    private PasswordEncoder passwordEncoder;
+    private PasswordEncoder passwordEncoder() {
+        return new CustomPasswordEncoder();
+    }
 
     @Autowired
     private DataSource dataSource;
 
     @Autowired
     private AuthenticationManager authenticationManager;
 
+    @Autowired
+    public ClientDetailsService clientDetailsService() {
+
+        CustomClientDetailsService client = new CustomClientDetailsService(this.dataSource);
+        client.setPasswordEncoder(this.passwordEncoder());
+        return client;
+    }
+
     @Bean
     TokenStore jdbcTokenStore() {
         return new JdbcTokenStore(dataSource);
     }
 
     @Override
     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
-        security.checkTokenAccess("isAuthenticated()").tokenKeyAccess("permitAll()");
+        security.checkTokenAccess("permitAll()");
     }
 
     @Override
-    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-        clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
+    public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
+        configurer.withClientDetails(this.clientDetailsService());
     }
 
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints.authenticationManager(authenticationManager);
         endpoints.tokenStore(jdbcTokenStore());
     }
+
 }

src/main/java/org/intermine/security/authserver/config/WebSecurityConfiguration.java

@@ -1,5 +1,7 @@
 package org.intermine.security.authserver.config;
 
+import org.intermine.security.authserver.security.CustomPasswordEncoder;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,12 +25,17 @@ protected AuthenticationManager getAuthenticationManager() throws Exception{
     }
 
     @Bean
-    PasswordEncoder passwordEncoder(){
-        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    PasswordEncoder passwordEncoder() {
+        return new CustomPasswordEncoder();
     }
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
     }
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/client-registration");
+    }
 }

src/main/java/org/intermine/security/authserver/controller/MainController.java

@@ -0,0 +1,26 @@
+package org.intermine.security.authserver.controller;
+
+import org.intermine.security.authserver.model.OauthClientDetails;
+import org.intermine.security.authserver.service.CustomClientDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
+
+@RestController
+public class MainController {
+
+    @Autowired
+    CustomClientDetailsService customClientDetailsService;
+
+
+    @RequestMapping(value = "/client-registration", method = RequestMethod.POST)
+    public Map<String, String> save(@RequestBody OauthClientDetails oauthClientDetails)throws NoSuchAlgorithmException {
+        return customClientDetailsService.addCustomClientDetails(oauthClientDetails);
+    }
+
+}