POST /myapp/oauth/token?grant_type=password&username=myuser&password=123456 HTTP

1. POST /myapp/oauth/token?grant_type=password&username=myuser&password=123456 HTTP/1.1
2. Host: localhost:9080
3. Authorization: Basic Z3JlZW5jYXJkLXRydXN0ZWQtY2xpZW50OmdyZWVuY2FyZC1zZWNyZXQ=
4. Cache-Control: no-cache
5. Postman-Token: bcade5f5-fe47-3ea7-9c48-a054206f1c44
6. Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
7.  
8. @Configuration
9. @EnableTransactionManagement
10. public class ConfigurationMySql {
11.  
12. @Bean(name = "datasource")
13. public DriverManagerDataSource dataSource() {
14. DriverManagerDataSource dataSource = new DriverManagerDataSource();
15.  
16. dataSource.setDriverClassName("com.mysql.jdbc.Driver");
17. dataSource.setUrl("jdbc:mysql://localhost:3306/voucher");
18. dataSource.setUsername("greencard");
19. dataSource.setPassword("greencard");
20.  
21. return dataSource;
22. }
23. }
24.  
25. @Configuration
26. @EnableWebSecurity
27. public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
28.  
29. @Autowired
30. private DriverManagerDataSource dataSource;
31.  
32. @Autowired
33. public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
34.  
35. auth.jdbcAuthentication().dataSource(dataSource)
36. .usersByUsernameQuery(
37. "select username,password, enabled from users where username=?")
38. .authoritiesByUsernameQuery(
39. "select username, role from user_roles where username=?");
40. }
41.  
42. @Override
43. protected void configure(HttpSecurity http) throws Exception {
44. http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
45.  
46. }
47.  
48. @Override
49. @Bean
50. public AuthenticationManager authenticationManagerBean() throws Exception {
51. return super.authenticationManagerBean();
52. }
53.  
54. @Bean
55. @Autowired
56. public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
57. TokenApprovalStore store = new TokenApprovalStore();
58. store.setTokenStore(tokenStore);
59. return store;
60. }
61.  
62.  
63. //
64.  
65. @Bean
66. public JdbcTokenStore tokenStore() {
67. return new JdbcTokenStore(dataSource);
68. }
69.  
70. @Bean
71. protected AuthorizationCodeServices authorizationCodeServices() {
72. return new JdbcAuthorizationCodeServices(dataSource);
73. }
74. }
75.  
76. @Configuration
77. @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
78. public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
79. @SuppressWarnings("unused")
80. @Autowired
81. private OAuth2SecurityConfiguration securityConfig;
82.  
83. @Override
84. protected MethodSecurityExpressionHandler createExpressionHandler() {
85. return new OAuth2MethodSecurityExpressionHandler();
86. }
87. }
88.  
89. @Configuration
90. @EnableAuthorizationServer
91. public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
92.  
93. private static String REALM="MY_OAUTH_REALM";
94.  
95. @Autowired
96. private TokenStore tokenStore;
97.  
98. @Autowired
99. @Qualifier("authenticationManagerBean")
100. private AuthenticationManager authenticationManager;
101.  
102. @Autowired
103. private DriverManagerDataSource dataSource;
104.  
105. @Override
106. public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
107.  
108. clients.jdbc(dataSource);
109.  
110. }
111.  
112. @Override
113. public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
114. endpoints.tokenStore(tokenStore).authenticationManager(authenticationManager);
115. }
116.  
117. @Override
118. public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
119. oauthServer.realm(REALM+"/client");
120. }
121.  
122.  
123. }
124.  
125. public class CORSFilter implements Filter {
126.  
127. public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
128. System.out.println("doFilter");
129. HttpServletResponse response = (HttpServletResponse) res;
130. response.setHeader("Access-Control-Allow-Origin", "*");
131. response.setHeader("Access-Control-Allow-Credentials", "true");
132. response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
133. response.setHeader("Access-Control-Max-Age", "3600");
134. response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers");
135.  
136. chain.doFilter(req, res);
137. }
138.  
139. public void init(FilterConfig filterConfig) {
140. System.out.println("filterConfig");
141. }
142.  
143. public void destroy() {
144. System.out.println("destroy");
145. }
146.  
147. }
148.  
149. drop table if exists oauth_client_details;
150.  
151.  
152. create table oauth_client_details (
153. client_id VARCHAR(255) PRIMARY KEY,
154. resource_ids VARCHAR(255),
155. client_secret VARCHAR(255),
156. scope VARCHAR(255),
157. authorized_grant_types VARCHAR(255),
158. web_server_redirect_uri VARCHAR(255),
159. authorities VARCHAR(255),
160. access_token_validity INTEGER,
161. refresh_token_validity INTEGER,
162. additional_information VARCHAR(4096),
163. autoapprove VARCHAR(255)
164. );
165.  
166.  
167.  
168. drop table if exists oauth_client_token;
169. create table oauth_client_token (
170. token_id VARCHAR(255),
171. token LONG VARBINARY,
172. authentication_id VARCHAR(255) PRIMARY KEY,
173. user_name VARCHAR(255),
174. client_id VARCHAR(255)
175. );
176.  
177.  
178. drop table if exists oauth_access_token;
179. create table oauth_access_token (
180. token_id VARCHAR(255),
181. token LONG VARBINARY,
182. authentication_id VARCHAR(255) PRIMARY KEY,
183. user_name VARCHAR(255),
184. client_id VARCHAR(255),
185. authentication LONG VARBINARY,
186. refresh_token VARCHAR(255)
187. );
188.  
189.  
190. drop table if exists oauth_refresh_token;
191. create table oauth_refresh_token (
192. token_id VARCHAR(255),
193. token LONG VARBINARY,
194. authentication LONG VARBINARY
195. );
196.  
197.  
198. drop table if exists oauth_code;
199. create table oauth_code (
200. code VARCHAR(255), authentication LONG VARBINARY
201. );
202.  
203. drop table if exists oauth_approvals;
204. create table oauth_approvals (
205. userId VARCHAR(255),
206. clientId VARCHAR(255),
207. scope VARCHAR(255),
208. status VARCHAR(10),
209. expiresAt TIMESTAMP,
210. lastModifiedAt TIMESTAMP
211. );
212.  
213. drop table if exists ClientDetails;
214. create table ClientDetails (
215. appId VARCHAR(255) PRIMARY KEY,
216. resourceIds VARCHAR(255),
217. appSecret VARCHAR(255),
218. scope VARCHAR(255),
219. grantTypes VARCHAR(255),
220. redirectUrl VARCHAR(255),
221. authorities VARCHAR(255),
222. access_token_validity INTEGER,
223. refresh_token_validity INTEGER,
224. additionalInformation VARCHAR(4096),
225. autoApproveScopes VARCHAR(255)
226. );
227.  
228. CREATE TABLE user_roles (
229. user_role_id int(11) NOT NULL AUTO_INCREMENT,
230. username varchar(45) NOT NULL,
231. role varchar(45) NOT NULL,
232. PRIMARY KEY (user_role_id),
233. UNIQUE KEY uni_username_role (role,username),
234. KEY fk_username_idx (username),
235. CONSTRAINT fk_username FOREIGN KEY (username) REFERENCES users (username));
236.  
237. CREATE TABLE users (
238. username VARCHAR(45) NOT NULL ,
239. password VARCHAR(45) NOT NULL ,
240. enabled TINYINT NOT NULL DEFAULT 1 ,
241. PRIMARY KEY (username));
242.  
243. <properties>
244. <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
245. <springframework.version>4.3.1.RELEASE</springframework.version>
246. <springsecurity.version>4.1.1.RELEASE</springsecurity.version>
247. <springsecurityoauth2.version>2.0.10.RELEASE</springsecurityoauth2.version>
248. <jackson.library>2.7.5</jackson.library>
249. <hibernate.version>4.3.7.Final</hibernate.version>
250. <mysql.connector.version>5.1.31</mysql.connector.version>
251. </properties>
252.  
253. <dependencies>
254. <!-- Spring -->
255. <dependency>
256. <groupId>org.springframework</groupId>
257. <artifactId>spring-core</artifactId>
258. <version>${springframework.version}</version>
259. </dependency>
260. <dependency>
261. <groupId>org.springframework</groupId>
262. <artifactId>spring-web</artifactId>
263. <version>${springframework.version}</version>
264. </dependency>
265. <dependency>
266. <groupId>org.springframework</groupId>
267. <artifactId>spring-webmvc</artifactId>
268. <version>${springframework.version}</version>
269. </dependency>
270.  
271. <!-- Spring Security -->
272. <dependency>
273. <groupId>org.springframework.security</groupId>
274. <artifactId>spring-security-web</artifactId>
275. <version>${springsecurity.version}</version>
276. </dependency>
277. <dependency>
278. <groupId>org.springframework.security</groupId>
279. <artifactId>spring-security-config</artifactId>
280. <version>${springsecurity.version}</version>
281. </dependency>
282.  
283. <!-- Spring Security OAuth2 -->
284. <dependency>
285. <groupId>org.springframework.security.oauth</groupId>
286. <artifactId>spring-security-oauth2</artifactId>
287. <version>${springsecurityoauth2.version}</version>
288. </dependency>
289.  
290. <!-- Jackson libraries -->
291. <dependency>
292. <groupId>com.fasterxml.jackson.core</groupId>
293. <artifactId>jackson-databind</artifactId>
294. <version>${jackson.library}</version>
295. </dependency>
296. <dependency>
297. <groupId>com.fasterxml.jackson.dataformat</groupId>
298. <artifactId>jackson-dataformat-xml</artifactId>
299. <version>${jackson.library}</version>
300. </dependency>
301.  
302. <dependency>
303. <groupId>javax.servlet</groupId>
304. <artifactId>javax.servlet-api</artifactId>
305. <version>3.1.0</version>
306. </dependency>
307. <dependency>
308. <groupId>junit</groupId>
309. <artifactId>junit</artifactId>
310. <version>3.8.1</version>
311. <scope>test</scope>
312. </dependency>
313. <!-- Hibernate >> -->
314.  
315. <dependency>
316. <groupId>org.hibernate</groupId>
317. <artifactId>hibernate-core</artifactId>
318. <version>${hibernate.version}</version>
319. </dependency>
320.  
321. <!-- jsr303 validation -->
322. <dependency>
323. <groupId>javax.validation</groupId>
324. <artifactId>validation-api</artifactId>
325. <version>1.1.0.Final</version>
326. </dependency>
327. <dependency>
328. <groupId>org.hibernate</groupId>
329. <artifactId>hibernate-validator</artifactId>
330. <version>5.1.3.Final</version>
331. </dependency>
332.  
333. <!-- MySQL -->
334. <dependency>
335. <groupId>mysql</groupId>
336. <artifactId>mysql-connector-java</artifactId>
337. <version>${mysql.connector.version}</version>
338. </dependency>
339.  
340. <dependency>
341. <groupId>ch.qos.logback</groupId>
342. <artifactId>logback-classic</artifactId>
343. <version>1.1.7</version>
344. </dependency>
345.  
346. <dependency>
347. <groupId>org.springframework</groupId>
348. <artifactId>spring-tx</artifactId>
349. <version>${springframework.version}</version>
350. </dependency>
351. <dependency>
352. <groupId>org.springframework</groupId>
353. <artifactId>spring-orm</artifactId>
354. <version>${springframework.version}</version>
355. </dependency>
356.  
357. <!-- <dependency> <groupId>org.hsqldb</groupId> <artifactId>hsqldb</artifactId>
358. <version>2.3.2</version> </dependency> -->
359.  
360. <dependency>
361. <groupId>org.hibernate</groupId>
362. <artifactId>hibernate-entitymanager</artifactId>
363. <version>4.3.6.Final</version>
364. </dependency>
365.  
366.  
367.  
368.  
369. </dependencies>