Merge pull request #583 from bpstelios10/BAEL-9245-spring-oauth-with-redis

Bael 9245 spring oauth with redis

Author: eric-martin

oauth-authorization-server-with-redis/pom.xml

@@ -0,0 +1,35 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <description>Spring Security OAuth Authorization Server Implemented With Redis</description>
+
+    <groupId>com.baeldung</groupId>
+    <artifactId>oauth-authorization-server-with-redis</artifactId>
+    <version>0.1.0-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.5.0</version>
+    </parent>
+
+    <modules>
+        <module>redis-authorization-server</module>
+        <module>redis-client-server</module>
+        <module>redis-resource-server</module>
+    </modules>
+
+    <properties>
+        <java.version>17</java.version>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

oauth-authorization-server-with-redis/redis-authorization-server/pom.xml

@@ -0,0 +1,50 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>redis-authorization-server</artifactId>
+    <name>redis-authorization-server</name>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>oauth-authorization-server-with-redis</artifactId>
+        <version>0.1.0-SNAPSHOT</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.github.codemonstur</groupId>
+            <artifactId>embedded-redis</artifactId>
+            <version>1.4.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/OAuth2AuthorizationServerApplication.java

@@ -0,0 +1,12 @@
+package com.baeldung;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class OAuth2AuthorizationServerApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(OAuth2AuthorizationServerApplication.class, args);
+    }
+}

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/config/RedisConfig.java

@@ -0,0 +1,104 @@
+package com.baeldung.config;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.convert.RedisCustomConversions;
+import org.springframework.data.redis.repository.configuration.EnableRedisRepositories;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+
+import com.baeldung.convert.BytesToClaimsHolderConverter;
+import com.baeldung.convert.BytesToOAuth2AuthorizationRequestConverter;
+import com.baeldung.convert.BytesToUsernamePasswordAuthenticationTokenConverter;
+import com.baeldung.convert.ClaimsHolderToBytesConverter;
+import com.baeldung.convert.OAuth2AuthorizationRequestToBytesConverter;
+import com.baeldung.convert.UsernamePasswordAuthenticationTokenToBytesConverter;
+import com.baeldung.repository.OAuth2AuthorizationGrantAuthorizationRepository;
+import com.baeldung.repository.OAuth2RegisteredClientRepository;
+import com.baeldung.repository.OAuth2UserConsentRepository;
+import com.baeldung.service.RedisOAuth2AuthorizationConsentService;
+import com.baeldung.service.RedisOAuth2AuthorizationService;
+import com.baeldung.service.RedisRegisteredClientRepository;
+
+import jakarta.annotation.PostConstruct;
+import jakarta.annotation.PreDestroy;
+import redis.embedded.RedisServer;
+
+@Configuration(proxyBeanMethods = false)
+@EnableRedisRepositories
+public class RedisConfig {
+
+    private final String redisHost;
+    private final int redisPort;
+    private final RedisServer redisServer;
+
+    public RedisConfig(@Value("${spring.data.redis.host}") String redisHost, @Value("${spring.data.redis.port}") int redisPort) throws IOException {
+        this.redisHost = redisHost;
+        this.redisPort = redisPort;
+        this.redisServer = new RedisServer(redisPort);
+    }
+
+    @PostConstruct
+    public void postConstruct() throws IOException {
+        redisServer.start();
+    }
+
+    @PreDestroy
+    public void preDestroy() throws IOException {
+        redisServer.stop();
+    }
+
+    @Bean
+    @Order(1)
+    public JedisConnectionFactory redisConnectionFactory() {
+        RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration(redisHost, redisPort);
+
+        return new JedisConnectionFactory(redisStandaloneConfiguration);
+    }
+
+    @Bean
+    @Order(2)
+    public RedisTemplate<?, ?> redisTemplate(JedisConnectionFactory connectionFactory) {
+        RedisTemplate<byte[], byte[]> template = new RedisTemplate<>();
+        template.setConnectionFactory(connectionFactory);
+        return template;
+    }
+
+    @Bean
+    @Order(3)
+    public RedisCustomConversions redisCustomConversions() {
+        return new RedisCustomConversions(
+          Arrays.asList(new UsernamePasswordAuthenticationTokenToBytesConverter(), new BytesToUsernamePasswordAuthenticationTokenConverter(),
+            new OAuth2AuthorizationRequestToBytesConverter(), new BytesToOAuth2AuthorizationRequestConverter(), new ClaimsHolderToBytesConverter(),
+            new BytesToClaimsHolderConverter()));
+    }
+
+    @Bean
+    @Order(4)
+    public RedisRegisteredClientRepository registeredClientRepository(OAuth2RegisteredClientRepository registeredClientRepository) {
+        RedisRegisteredClientRepository redisRegisteredClientRepository = new RedisRegisteredClientRepository(registeredClientRepository);
+        redisRegisteredClientRepository.save(RegisteredClients.messagingClient());
+
+        return redisRegisteredClientRepository;
+    }
+
+    @Bean
+    @Order(5)
+    public RedisOAuth2AuthorizationService authorizationService(RegisteredClientRepository registeredClientRepository,
+      OAuth2AuthorizationGrantAuthorizationRepository authorizationGrantAuthorizationRepository) {
+        return new RedisOAuth2AuthorizationService(registeredClientRepository, authorizationGrantAuthorizationRepository);
+    }
+
+    @Bean
+    @Order(6)
+    public RedisOAuth2AuthorizationConsentService authorizationConsentService(OAuth2UserConsentRepository userConsentRepository) {
+        return new RedisOAuth2AuthorizationConsentService(userConsentRepository);
+    }
+}

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/config/RegisteredClients.java

@@ -0,0 +1,29 @@
+package com.baeldung.config;
+
+import java.util.UUID;
+
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+
+public class RegisteredClients {
+
+    public static RegisteredClient messagingClient() {
+        return RegisteredClient.withId(UUID.randomUUID()
+            .toString())
+          .clientId("articles-client")
+          .clientSecret("{noop}secret")
+          .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+          .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+          .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+          .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+          .authorizationGrantType(AuthorizationGrantType.DEVICE_CODE)
+          .redirectUri("http://127.0.0.1:8080/login/oauth2/code/articles-client-oidc")
+          .redirectUri("http://127.0.0.1:8080/authorized")
+          .postLogoutRedirectUri("http://127.0.0.1:9000/login")
+          .scope(OidcScopes.OPENID)
+          .scope("articles.read")
+          .build();
+    }
+}

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/config/SecurityConfig.java

@@ -0,0 +1,61 @@
+package com.baeldung.config;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    @Order(1)
+    SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer.authorizationServer()
+          .oidc(Customizer.withDefaults());
+
+        http.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+          .with(authorizationServerConfigurer, Customizer.withDefaults())
+          .authorizeHttpRequests((authorize) -> authorize.anyRequest()
+            .authenticated());
+
+        return http.formLogin(withDefaults())
+          .build();
+    }
+
+    @Bean
+    @Order(2)
+    SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest()
+            .authenticated())
+          .formLogin(withDefaults());
+
+        return http.build();
+    }
+
+    @Bean
+    UserDetailsService users() {
+        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        UserDetails user = User.builder()
+          .username("admin")
+          .password("password")
+          .passwordEncoder(encoder::encode)
+          .roles("USER")
+          .build();
+
+        return new InMemoryUserDetailsManager(user);
+    }
+}

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/convert/BytesToClaimsHolderConverter.java

@@ -0,0 +1,29 @@
+package com.baeldung.convert;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.data.convert.ReadingConverter;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
+
+import com.baeldung.entity.OAuth2AuthorizationGrantAuthorization;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+@ReadingConverter
+public class BytesToClaimsHolderConverter implements Converter<byte[], OAuth2AuthorizationGrantAuthorization.ClaimsHolder> {
+
+    private final Jackson2JsonRedisSerializer<OAuth2AuthorizationGrantAuthorization.ClaimsHolder> serializer;
+
+    public BytesToClaimsHolderConverter() {
+        ObjectMapper objectMapper = new ObjectMapper();
+        objectMapper.registerModules(SecurityJackson2Modules.getModules(BytesToClaimsHolderConverter.class.getClassLoader()));
+        objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
+        objectMapper.addMixIn(OAuth2AuthorizationGrantAuthorization.ClaimsHolder.class, ClaimsHolderMixin.class);
+        this.serializer = new Jackson2JsonRedisSerializer<>(objectMapper, OAuth2AuthorizationGrantAuthorization.ClaimsHolder.class);
+    }
+
+    @Override
+    public OAuth2AuthorizationGrantAuthorization.ClaimsHolder convert(byte[] value) {
+        return this.serializer.deserialize(value);
+    }
+}

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/convert/BytesToOAuth2AuthorizationRequestConverter.java

@@ -0,0 +1,28 @@
+package com.baeldung.convert;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.data.convert.ReadingConverter;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+@ReadingConverter
+public class BytesToOAuth2AuthorizationRequestConverter implements Converter<byte[], OAuth2AuthorizationRequest> {
+
+    private final Jackson2JsonRedisSerializer<OAuth2AuthorizationRequest> serializer;
+
+    public BytesToOAuth2AuthorizationRequestConverter() {
+        ObjectMapper objectMapper = new ObjectMapper();
+        objectMapper.registerModules(SecurityJackson2Modules.getModules(BytesToOAuth2AuthorizationRequestConverter.class.getClassLoader()));
+        objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
+        this.serializer = new Jackson2JsonRedisSerializer<>(objectMapper, OAuth2AuthorizationRequest.class);
+    }
+
+    @Override
+    public OAuth2AuthorizationRequest convert(byte[] value) {
+        return this.serializer.deserialize(value);
+    }
+}

oauth-authorization-server-with-redis/redis-authorization-server/src/main/java/com/baeldung/convert/BytesToUsernamePasswordAuthenticationTokenConverter.java

@@ -0,0 +1,26 @@
+package com.baeldung.convert;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.data.convert.ReadingConverter;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+@ReadingConverter
+public class BytesToUsernamePasswordAuthenticationTokenConverter implements Converter<byte[], UsernamePasswordAuthenticationToken> {
+
+    private final Jackson2JsonRedisSerializer<UsernamePasswordAuthenticationToken> serializer;
+
+    public BytesToUsernamePasswordAuthenticationTokenConverter() {
+        ObjectMapper objectMapper = new ObjectMapper();
+        objectMapper.registerModules(SecurityJackson2Modules.getModules(BytesToUsernamePasswordAuthenticationTokenConverter.class.getClassLoader()));
+        this.serializer = new Jackson2JsonRedisSerializer<>(objectMapper, UsernamePasswordAuthenticationToken.class);
+    }
+
+    @Override
+    public UsernamePasswordAuthenticationToken convert(byte[] value) {
+        return this.serializer.deserialize(value);
+    }
+}