Make the auth. server works

592804fc · alvachien · 20f553aa · 592804fc · 592804fc · 592804fc
11 changed file
--- a/auth-server-demo/pom.xml
+++ b/auth-server-demo/pom.xml
@@ -17,6 +17,12 @@
 		<java.version>17</java.version>
 	</properties>
 	<dependencies>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
+
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-jpa</artifactId>
@@ -38,6 +44,7 @@
 			<groupId>com.microsoft.sqlserver</groupId>
 			<artifactId>mssql-jdbc</artifactId>
 			<version>11.2.1.jre17</version>
+			<scope>runtime</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/AuthServerDemoApplication.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/AuthServerDemoApplication.java
@@ -3,9 +3,18 @@ package com.poc.alvachien.authserverdemo;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;

+import com.poc.alvachien.authserverdemo.component.JpaRegisteredClientRepository;
+import com.poc.alvachien.authserverdemo.model.UserAccount;
 import com.poc.alvachien.authserverdemo.repository.UserAccountRepository;

+import java.util.UUID;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.CommandLineRunner;
@@ -19,8 +28,48 @@ public class AuthServerDemoApplication {
 	}

 	@Bean
-	public CommandLineRunner demo(UserAccountRepository repository) {
+	public CommandLineRunner preparetestdata(UserAccountRepository userRepository, JpaRegisteredClientRepository clientRepository) {
 		return (args) -> {
+			log.info("Entering CommandLineRunner");
+			Long userCnt = userRepository.count();
+			log.info("User Count = " + userCnt);
+			if (userCnt == 0) {
+				UserAccount ua = new UserAccount();
+				ua.setUsername("test");
+				ua.setPassword("test");
+				ua.setActive(true);
+
+				userRepository.save(ua);
+				log.info("Test User 'test' created");
+			}
+			userCnt = userRepository.count();
+			log.info("User Count = " + userCnt);
+
+			Long clientCnt = clientRepository.count();
+			log.info("Client Count = " + userCnt);
+			if (clientCnt == 0) {
+				RegisteredClient client = RegisteredClient.withId(UUID.randomUUID().toString())
+				.clientId("angular-client")
+				.clientSecret("{noop}secret")
+				.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
+				.redirectUri("http://127.0.0.1:8080/authorized")
+				.scope(OidcScopes.OPENID)
+				.scope(OidcScopes.PROFILE)
+				.scope("message.read")
+				.scope("message.write")
+				.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
+				.build();
+				clientRepository.save(client);
+
+				log.info("Test Client 'angular-client' created");
+			}
+			clientCnt = clientRepository.count();
+			log.info("Client Count = " + userCnt);
+			
 			// // save a few customers
 			// repository.save(new Customer("Jack", "Bauer"));
 			// repository.save(new Customer("Chloe", "O'Brian"));

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/component/JpaRegisteredClientRepository.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/component/JpaRegisteredClientRepository.java
@@ -154,4 +154,8 @@ public class JpaRegisteredClientRepository implements RegisteredClientRepository
 		}
 		return new ClientAuthenticationMethod(clientAuthenticationMethod);      // Custom client authentication method
 	}
+
+	public Long count() {
+		return this.clientRepository.count();
+	}
 }
--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/config/SecurityConfig.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/config/SecurityConfig.java
@@ -15,7 +15,6 @@ import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import com.poc.alvachien.authserverdemo.service.MyUserDetailsService;

-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -24,28 +23,16 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.factory.PasswordEncoderFactories;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
-import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
-import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
-import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
 import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
-import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

@@ -133,38 +120,17 @@ public class SecurityConfig {
 		};
 	}
 	
-	@Bean 
-	public UserDetailsService userDetailsService() {
-		PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+	// @Bean 
+	// public UserDetailsService userDetailsService() {
+	// 	PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
 		
-		UserDetails userDetails = User.withUsername("user")
-                .password(encoder.encode("password"))
-				.roles("USER")
-				.build();
+	// 	UserDetails userDetails = User.withUsername("user")
+    //             .password(encoder.encode("password"))
+	// 			.roles("USER")
+	// 			.build();

-		return new InMemoryUserDetailsManager(userDetails);
-	}
-
-	@Bean 
-	public RegisteredClientRepository registeredClientRepository() {
-		RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
-				.clientId("messaging-client")
-				.clientSecret("{noop}secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
-				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
-				.redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
-				.redirectUri("http://127.0.0.1:8080/authorized")
-				.scope(OidcScopes.OPENID)
-				.scope(OidcScopes.PROFILE)
-				.scope("message.read")
-				.scope("message.write")
-				.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
-				.build();
-
-		return new InMemoryRegisteredClientRepository(registeredClient);
-	}
+	// 	return new InMemoryUserDetailsManager(userDetails);
+	// }

 	@Bean 
 	public JWKSource<SecurityContext> jwkSource() {
@@ -201,5 +167,4 @@ public class SecurityConfig {
 	public AuthorizationServerSettings authorizationServerSettings() {
 		return AuthorizationServerSettings.builder().build();
 	}
-
 }
--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/Authorization.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/Authorization.java
@@ -8,51 +8,56 @@ import jakarta.persistence.Id;
 import jakarta.persistence.Table;

 @Entity
-@Table(name = "authorization")
+@Table(name = "[authorization]")
 public class Authorization {
 	@Id
-	@Column
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String id;
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String registeredClientId;
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String principalName;
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String authorizationGrantType;
 	@Column(length = 1000)
 	private String authorizedScopes;
-	@Column(length = 4000)
+	@Column(length = 4000, columnDefinition = "nvarchar(4000)")
 	private String attributes;
-	@Column(length = 500)
+	@Column(length = 500, columnDefinition = "nvarchar(500)")
 	private String state;

-	@Column(length = 4000)
+	@Column(length = 4000, columnDefinition = "nvarchar(4000)")
 	private String authorizationCodeValue;
 	private Instant authorizationCodeIssuedAt;
 	private Instant authorizationCodeExpiresAt;
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String authorizationCodeMetadata;

-	@Column(length = 4000)
+	@Column(length = 4000, columnDefinition = "nvarchar(4000)")
 	private String accessTokenValue;
 	private Instant accessTokenIssuedAt;
 	private Instant accessTokenExpiresAt;
-	@Column(length = 2000)
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String accessTokenMetadata;
+	@Column(length = 255, columnDefinition = "nvarchar(255)")
 	private String accessTokenType;
-	@Column(length = 1000)
+	@Column(length = 1000, columnDefinition = "nvarchar(1000)")
 	private String accessTokenScopes;

-	@Column(length = 4000)
+	@Column(length = 4000, columnDefinition = "nvarchar(4000)")
 	private String refreshTokenValue;
 	private Instant refreshTokenIssuedAt;
 	private Instant refreshTokenExpiresAt;
-	@Column(length = 2000)
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String refreshTokenMetadata;

-	@Column(length = 4000)
+	@Column(length = 4000, columnDefinition = "nvarchar(4000)")
 	private String oidcIdTokenValue;
 	private Instant oidcIdTokenIssuedAt;
 	private Instant oidcIdTokenExpiresAt;
-	@Column(length = 2000)
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String oidcIdTokenMetadata;
-	@Column(length = 2000)
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String oidcIdTokenClaims;

 	public String getId() {

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/AuthorizationConsent.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/AuthorizationConsent.java
@@ -14,10 +14,12 @@ import jakarta.persistence.Table;
 @IdClass(AuthorizationConsent.AuthorizationConsentId.class)
 public class AuthorizationConsent {
 	@Id
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String registeredClientId;
 	@Id
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String principalName;
-	@Column(length = 1000)
+	@Column(length = 1000, nullable = false, columnDefinition = "nvarchar(1000)")
 	private String authorities;

 	public String getRegisteredClientId() {

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/Client.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/Client.java
@@ -11,23 +11,27 @@ import jakarta.persistence.Table;
 @Table(name = "client")
 public class Client {
 	@Id
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String id;
+	@Column(length = 255, nullable = false, columnDefinition = "nvarchar(255)")
 	private String clientId;
 	private Instant clientIdIssuedAt;
+	@Column(length = 255, columnDefinition = "nvarchar(255)")
 	private String clientSecret;
 	private Instant clientSecretExpiresAt;
+	@Column(length = 255, columnDefinition = "nvarchar(255)")
 	private String clientName;
-	@Column(length = 1000)
+	@Column(length = 1000, columnDefinition = "nvarchar(1000)")
 	private String clientAuthenticationMethods;
-	@Column(length = 1000)
+	@Column(length = 1000, columnDefinition = "nvarchar(1000)")
 	private String authorizationGrantTypes;
-	@Column(length = 1000)
+	@Column(length = 1000, columnDefinition = "nvarchar(1000)")
 	private String redirectUris;
-	@Column(length = 1000)
+	@Column(length = 1000, columnDefinition = "nvarchar(1000)")
 	private String scopes;
-	@Column(length = 2000)
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String clientSettings;
-	@Column(length = 2000)
+	@Column(length = 2000, columnDefinition = "nvarchar(2000)")
 	private String tokenSettings;

 	public String getId() {

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/UserAccount.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/UserAccount.java
@@ -2,28 +2,34 @@ package com.poc.alvachien.authserverdemo.model;

 import java.util.List;

+import jakarta.persistence.CascadeType;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;

 @Entity
+@Table(name = "useraccount")
 public class UserAccount {

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;

-    @Column(nullable = false, unique = true)
+    @Column(nullable = false, unique = true, length = 50, columnDefinition = "nvarchar(50)")
    private String username;

+    @Column(nullable = false, length = 50, columnDefinition = "nvarchar(50)")
    private String password;

+    @Column(nullable = false)
    private boolean active;

-    @OneToMany
+    @OneToMany(mappedBy = "userAccount", fetch = FetchType.LAZY, cascade = CascadeType.ALL)
    private List<UserRole> userRoles;

    public UserAccount() {        

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/UserRole.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/model/UserRole.java
@@ -2,22 +2,28 @@ package com.poc.alvachien.authserverdemo.model;

 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
 import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+
 import org.springframework.security.core.GrantedAuthority;

 @Entity
+@Table(name = "userrole")
 public class UserRole implements GrantedAuthority {
    @Id
-    @GeneratedValue(strategy = GenerationType.IDENTITY)
-    private Integer id;
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;

-    @Column(nullable = false, unique = true)
+    @Column(nullable = false, length = 50)
    private String name;

-    @ManyToOne
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "useraccount_id", nullable = false)
    private UserAccount userAccount;

    public UserRole() {
@@ -27,14 +33,6 @@ public class UserRole implements GrantedAuthority {
        this.name = name;
    }
    
-    public Integer getId() {
-        return id;
-    }
-
-    public void setId(Integer id) {
-        this.id = id;
-    }
-
    public String getName() {
        return name;
    }

--- a/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/service/MyUserDetailsService.java
+++ b/auth-server-demo/src/main/java/com/poc/alvachien/authserverdemo/service/MyUserDetailsService.java
 package com.poc.alvachien.authserverdemo.service;

-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Service;
@@ -10,11 +9,13 @@ import com.poc.alvachien.authserverdemo.model.MyUserDetails;
 import com.poc.alvachien.authserverdemo.model.UserAccount;
 import com.poc.alvachien.authserverdemo.repository.UserAccountRepository;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 @Service
 public class MyUserDetailsService implements UserDetailsService {
-
-    private final
-    UserAccountRepository userAccountRepository;
+	private static final Logger log = LoggerFactory.getLogger(MyUserDetailsService.class);
+    private final UserAccountRepository userAccountRepository;

    public MyUserDetailsService(UserAccountRepository userAccountRepository) {
        this.userAccountRepository = userAccountRepository;
@@ -22,9 +23,11 @@ public class MyUserDetailsService implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(String username) {
+        log.info("loadUserByUsername: " + username);
        UserAccount userAccount = userAccountRepository.findByUsername(username);
        if (userAccount == null) {
-            try {
+            log.error("User with username [" + username + "] not found in the system");
+            try {                
                throw new UsernameNotFoundException("User with username [" + username + "] not found in the system");
            } catch (UsernameNotFoundException e) {
                // TODO Auto-generated catch block

--- a/auth-server-demo/src/main/resources/application.properties
+++ b/auth-server-demo/src/main/resources/application.properties
 server.port:9600

 spring.jpa.hibernate.ddl-auto=update
-spring.datasource.url=jdbc:sqlserver://localhost;database=authserver;integratedSecurity=true;encrypt=true;trustServerCertificate=true
+spring.datasource.url=jdbc:sqlserver://localhost;encrypt=true;database=authdemo;integratedSecurity=true;trustServerCertificate=true
 #spring.datasource.username=springuser
 #spring.datasource.password=ThePassword
 spring.datasource.driver-class-name=com.microsoft.sqlserver.jdbc.SQLServerDriver