From 7fd25ce869e7862e075adadf9c847a9a3990485d Mon Sep 17 00:00:00 2001
From: Zhao Shu <zhaobenben007@googlemail.com>
Date: Mon, 25 Mar 2019 14:16:58 +0800
Subject: [PATCH] add client credentials for product

---
 .../product/config/UserSecurityConfig.java    | 82 +++++++++++++++++++
 .../product/controller/UserController.java    |  3 +-
 .../src/main/resources/application.yml        |  2 +-
 .../auth/config/AuthServerConfig.java         |  2 +-
 .../src/main/resources/application.yml        |  8 ++
 5 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100644 business/product-service/src/main/java/com/hncy/service/product/config/UserSecurityConfig.java

diff --git a/business/product-service/src/main/java/com/hncy/service/product/config/UserSecurityConfig.java b/business/product-service/src/main/java/com/hncy/service/product/config/UserSecurityConfig.java
new file mode 100644
index 0000000..cd554b4
--- /dev/null
+++ b/business/product-service/src/main/java/com/hncy/service/product/config/UserSecurityConfig.java
@@ -0,0 +1,82 @@
+package com.hncy.service.product.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.client.ClientHttpRequestFactory;
+import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestOperations;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.token.AccessTokenProvider;
+import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
+import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import java.util.List;
+import java.util.ArrayList;
+
+@EnableOAuth2Client
+@Configuration
+public class UserSecurityConfig {
+
+    @Value("${security.oauth2.client.accessTokenUri}")
+    private String accessTokenUrl;
+
+    @Value("${security.oauth2.client.clientId}")
+    private String clientId;
+
+    @Value("${security.oauth2.client.clientSecret}")
+    private String clientSecret;
+
+    @Autowired(required = false)
+    ClientHttpRequestFactory clientHttpRequestFactory;
+
+    private ClientHttpRequestFactory getClientHttpRequestFactory() {
+        if (clientHttpRequestFactory == null) {
+            clientHttpRequestFactory = new SimpleClientHttpRequestFactory();
+        }
+        return clientHttpRequestFactory;
+    }
+
+    @Bean
+    @Qualifier("myClientOnlyRestTemplate")
+    public OAuth2RestOperations clientOnlyRestTemplate() {
+
+        OAuth2RestTemplate template = new OAuth2RestTemplate(fullAccessResourceDetailsClientOnly(), new DefaultOAuth2ClientContext(
+                new DefaultAccessTokenRequest()));
+
+        template.setRequestFactory(getClientHttpRequestFactory());
+        template.setAccessTokenProvider(clientAccessTokenProvider());
+
+        return template;
+    }
+
+    @Bean
+    public AccessTokenProvider clientAccessTokenProvider() {
+        ClientCredentialsAccessTokenProvider accessTokenProvider = new ClientCredentialsAccessTokenProvider();
+        accessTokenProvider.setRequestFactory(getClientHttpRequestFactory());
+        return accessTokenProvider;
+    }
+
+    @Bean
+    @Qualifier("productOnlyFullAcessDetails")
+    public OAuth2ProtectedResourceDetails fullAccessResourceDetailsClientOnly() {
+        ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
+        resource.setAccessTokenUri(accessTokenUrl);
+        resource.setClientId(clientId);
+        resource.setClientSecret(clientSecret);
+        resource.setGrantType("client_credentials");
+
+        List<String> scopesList = new ArrayList<String>();
+        scopesList.add("user_info");
+        resource.setScope(scopesList);
+
+        return resource;
+    }
+
+}
\ No newline at end of file
diff --git a/business/product-service/src/main/java/com/hncy/service/product/controller/UserController.java b/business/product-service/src/main/java/com/hncy/service/product/controller/UserController.java
index 279564d..f535f78 100644
--- a/business/product-service/src/main/java/com/hncy/service/product/controller/UserController.java
+++ b/business/product-service/src/main/java/com/hncy/service/product/controller/UserController.java
@@ -14,6 +14,7 @@ import java.util.Arrays;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.http.ResponseEntity;
 import com.netflix.hystrix.contrib.javanica.annotation.HystrixCommand;
+import org.springframework.security.oauth2.client.OAuth2RestOperations;
 
 @RestController
 @Component
@@ -25,7 +26,7 @@ public class UserController {
     private String userDataUrl;
 
     @Autowired
-    private RestTemplate restTemplate;
+    private OAuth2RestOperations restTemplate;
 
     @RequestMapping(value = "/user/all")
 //    @HystrixCommand(fallbackMethod = "getDefaultUsers")
diff --git a/business/product-service/src/main/resources/application.yml b/business/product-service/src/main/resources/application.yml
index 970bcc2..6ad1075 100644
--- a/business/product-service/src/main/resources/application.yml
+++ b/business/product-service/src/main/resources/application.yml
@@ -17,7 +17,7 @@ security:
       accessTokenUri: http://localhost:8081/auth/oauth/token
       userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
       userLogoutUri: http://localhost:8081/auth/user/logout
-      userDataUri: http://oauth-service/auth/user/all
+      userDataUri: http://localhost:8081/auth/user/all
     resource:
       userInfoUri: http://localhost:8081/auth/user/userinfo
 
diff --git a/server/authorization-server/src/main/java/com/hncy/platform/auth/config/AuthServerConfig.java b/server/authorization-server/src/main/java/com/hncy/platform/auth/config/AuthServerConfig.java
index 2a6747b..9a942e5 100644
--- a/server/authorization-server/src/main/java/com/hncy/platform/auth/config/AuthServerConfig.java
+++ b/server/authorization-server/src/main/java/com/hncy/platform/auth/config/AuthServerConfig.java
@@ -26,7 +26,7 @@ public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
         clients.inMemory()
             .withClient("SampleClientId")
             .secret(passwordEncoder.encode("secret"))
-            .authorizedGrantTypes("authorization_code")
+            .authorizedGrantTypes("authorization_code", "client_credentials")
             .scopes("user_info")
             .autoApprove(true)
             .redirectUris("http://localhost:8083/login","http://localhost:8082/login")
diff --git a/server/authorization-server/src/main/resources/application.yml b/server/authorization-server/src/main/resources/application.yml
index 0ad142d..74a32dc 100644
--- a/server/authorization-server/src/main/resources/application.yml
+++ b/server/authorization-server/src/main/resources/application.yml
@@ -8,6 +8,14 @@ spring:
   application:
     name: oauth-service
 
+security:
+  oauth2:
+    client:
+      client-id: SampleClientId
+      client-secret: secret
+      scope: read
+      auto-approve-scopes: '.*'
+
 ribbon:
   eureka:
     enabled: true
-- 
GitLab