Skip to content

Commit 926056b

Browse files
author
Jacob Ideskog
committed
Initial version of the OAuth API Filter and example server
0 parents  commit 926056b

44 files changed

Lines changed: 3919 additions & 0 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.gitignore

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
target
2+
lib
3+
*.sublime-workspace
4+
5+
# Logs and databases #
6+
######################
7+
*.log
8+
*.sqlite
9+
10+
# Compiled files #
11+
######################
12+
*.pyc
13+
*.class
14+
15+
# OS generated files #
16+
######################
17+
.DS_Store
18+
.DS_Store?
19+
._*
20+
.Spotlight-V100
21+
.Trashes
22+
ehthumbs.db
23+
Thumbs.db
24+
25+
# Eclipse files #
26+
#################
27+
.classpath
28+
.project
29+
.settings
30+
31+
32+
# MS Word files #
33+
~$*.doc*
34+
~WRL*.tmp
35+
36+
# Ignore build dir and dist package
37+
.idea
38+
*.iml
39+
=======
40+
.idea
41+
*.iml
42+

api-example/pom.xml

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
~ Copyright (C) 2016 Curity AB. All rights reserved.
4+
~
5+
~ The contents of this file are the property of Curity AB.
6+
~ You may not copy or use this file, in either source code
7+
~ or executable form, except in compliance with terms
8+
~ set by Curity AB.
9+
~
10+
~ For further information, please contact Curity AB.
11+
-->
12+
13+
<project xmlns="http://maven.apache.org/POM/4.0.0"
14+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
15+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
16+
<parent>
17+
<artifactId>project</artifactId>
18+
<groupId>se.curity.examples.oauth</groupId>
19+
<version>1.0.0</version>
20+
</parent>
21+
<modelVersion>4.0.0</modelVersion>
22+
23+
<artifactId>api-example</artifactId>
24+
<name>OAuth protected API Example</name>
25+
<packaging>jar</packaging>
26+
<version>1.0.0</version>
27+
28+
<build>
29+
<plugins>
30+
<plugin>
31+
<artifactId>maven-compiler-plugin</artifactId>
32+
<version>3.1</version>
33+
<configuration>
34+
<source>1.8</source>
35+
<target>1.8</target>
36+
<optimize>true</optimize>
37+
<debug>true</debug>
38+
<compilerArgs>
39+
<arg>-Xlint:all,-options,-path</arg>
40+
</compilerArgs>
41+
</configuration>
42+
</plugin>
43+
44+
<plugin>
45+
<groupId>org.apache.maven.plugins</groupId>
46+
<artifactId>maven-assembly-plugin</artifactId>
47+
<version>2.4.1</version>
48+
<configuration>
49+
<!-- get all project dependencies -->
50+
<descriptorRefs>
51+
<descriptorRef>jar-with-dependencies</descriptorRef>
52+
</descriptorRefs>
53+
<!-- MainClass in mainfest make a executable jar -->
54+
<archive>
55+
<manifest>
56+
<mainClass>se.curity.examples.spark.SparkServerExample</mainClass>
57+
</manifest>
58+
</archive>
59+
60+
</configuration>
61+
<executions>
62+
<execution>
63+
<id>make-assembly</id>
64+
<!-- bind to the packaging phase -->
65+
<phase>package</phase>
66+
<goals>
67+
<goal>single</goal>
68+
</goals>
69+
</execution>
70+
</executions>
71+
</plugin>
72+
73+
74+
</plugins>
75+
</build>
76+
77+
<dependencies>
78+
<dependency>
79+
<groupId>se.curity.examples.oauth</groupId>
80+
<artifactId>oauth-filter</artifactId>
81+
<version>${project.version}</version>
82+
</dependency>
83+
<dependency>
84+
<groupId>com.sparkjava</groupId>
85+
<artifactId>spark-core</artifactId>
86+
</dependency>
87+
<dependency>
88+
<groupId>org.slf4j</groupId>
89+
<artifactId>slf4j-api</artifactId>
90+
</dependency>
91+
<dependency>
92+
<groupId>javax.servlet</groupId>
93+
<artifactId>javax.servlet-api</artifactId>
94+
</dependency>
95+
<dependency>
96+
<groupId>com.google.guava</groupId>
97+
<artifactId>guava</artifactId>
98+
</dependency>
99+
<dependency>
100+
<groupId>com.google.code.findbugs</groupId>
101+
<artifactId>annotations</artifactId>
102+
</dependency>
103+
<dependency>
104+
<groupId>org.apache.httpcomponents</groupId>
105+
<artifactId>httpclient</artifactId>
106+
</dependency>
107+
<dependency>
108+
<groupId>com.google.code.gson</groupId>
109+
<artifactId>gson</artifactId>
110+
</dependency>
111+
<dependency>
112+
<groupId>org.eclipse.jetty.aggregate</groupId>
113+
<artifactId>jetty-all</artifactId>
114+
</dependency>
115+
<dependency>
116+
<groupId>org.apache.logging.log4j</groupId>
117+
<artifactId>log4j-api</artifactId>
118+
</dependency>
119+
<dependency>
120+
<groupId>org.apache.logging.log4j</groupId>
121+
<artifactId>log4j-core</artifactId>
122+
<scope>runtime</scope>
123+
</dependency>
124+
<dependency>
125+
<groupId>org.apache.logging.log4j</groupId>
126+
<artifactId>log4j-slf4j-impl</artifactId>
127+
<scope>runtime</scope>
128+
</dependency>
129+
<dependency>
130+
<groupId>org.apache.logging.log4j</groupId>
131+
<artifactId>log4j-1.2-api</artifactId>
132+
<scope>runtime</scope>
133+
</dependency>
134+
</dependencies>
135+
</project>

api-example/readme.md

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
# OAuth - authentication using access tokens, Spark Example
2+
3+
This project is an example of a Java web application configured to use an
4+
`OAuth Filter` protecting access to the application.
5+
6+
The application is an extremely simple [Spark](http://sparkjava.com) app,
7+
but it could be built using any framework which supports Java Servlets.
8+
9+
## Building
10+
11+
To build this project, use Maven and run the following command:
12+
13+
```
14+
mvn package
15+
```
16+
17+
This will create a WAR or JAR file in the `target` directory. This file is ready to be deployed,
18+
not requiring any external dependencies.
19+
20+
21+
## Deploying
22+
23+
To deploy the WAR file in Jetty or Tomcat, change the Pom packaging format to `war` and simply drop it in the Jetty's `webapps` directory.
24+
25+
For other servers, please check their documentation on how to deploy WAR files.
26+
27+
## Configuring
28+
29+
The configuration of the OAuthFilter is done in the `web.xml` file which is under
30+
`src/main/webapp/WEB-INF/`.
31+
32+
You can also config a HttpClient to be used by the filter to connect to the authentication server.
33+
34+
This is done in the `src/main/resources/META-INF/services/OAuthFilter.properties` file.
35+
36+
**Make sure to either delete this properties file (which will cause the Filter to use a safe default HttpClient)**
37+
or create your own, safe HttpClient supplier when deploying your server to production**.
38+
39+
## Testing
40+
41+
Once the server is running, you can try it by hitting with your favourite browser
42+
a URL similar to:
43+
44+
```
45+
http://localhost:8080/server-example-1.0.0-SNAPSHOT/hello_world
46+
```
47+
48+
The hostname and port depend on your Server's configuration.
49+
50+
The first path depends on the name of the war file you deployed.
51+
If the file is called `myapp.war`, then the first part of the path be simply `myapp`.
52+
53+
The rest of the path should be endpoints configured with [Spark](http://sparkjava.com).
54+
55+
You can add as many endpoints as you want in the `se.curity.examples.spark.SparkServerExample`.
56+
57+
The only configured endpoint so far is `/hello_world`, which should, once the user is authenticated,
58+
just return `"Welcome to an OAuth protected world"`, or 401 on invalid access tokens.
59+
60+
## More Information
61+
62+
For more information, please contact [Curity](http://curity.io).
63+
64+
Copyright 2016 Curity I/O AB

api-example/src/main/java/se/curity/examples/http/UnsafeHttpClientSupplier.java

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
/*
2+
* Copyright (C) 2016 Curity AB. All rights reserved.
3+
*
4+
* The contents of this file are the property of Curity AB.
5+
* You may not copy or use this file, in either source code
6+
* or executable form, except in compliance with terms
7+
* set by Curity AB.
8+
*
9+
* For further information, please contact Curity AB.
10+
*/
11+
12+
package se.curity.examples.http;
13+
14+
import org.apache.http.client.HttpClient;
15+
import org.apache.http.conn.ssl.NoopHostnameVerifier;
16+
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
17+
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
18+
import org.apache.http.impl.client.HttpClients;
19+
import org.apache.http.ssl.SSLContextBuilder;
20+
import org.slf4j.Logger;
21+
import org.slf4j.LoggerFactory;
22+
23+
import java.util.function.Supplier;
24+
25+
/**
26+
* WARNING: This httpClient supplier is NOT meant to be used in production environments.
27+
* <p>
28+
* It disables SSL Certificate checks, making HTTPS communication completely unsafe.
29+
* <p>
30+
* Delete the file src/main/resources/META-INF/OAuthFilter.properties or set
31+
* a safe HttpClient supplier to use.
32+
*/
33+
public class UnsafeHttpClientSupplier implements Supplier<HttpClient>
34+
{
35+
private static final Logger _logger = LoggerFactory.getLogger(UnsafeHttpClientSupplier.class);
36+
37+
private static HttpClient create()
38+
{
39+
try
40+
{
41+
SSLContextBuilder builder = new SSLContextBuilder();
42+
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
43+
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
44+
builder.build(), NoopHostnameVerifier.INSTANCE);
45+
return HttpClients
46+
.custom()
47+
.disableAuthCaching()
48+
.disableAutomaticRetries()
49+
.disableRedirectHandling()
50+
.setSSLSocketFactory(sslSocketFactory)
51+
.build();
52+
}
53+
catch (Exception e)
54+
{
55+
_logger.error("Unable to create Unsafe HTTP client supplier", e);
56+
throw new RuntimeException("Unable to initialize httpClient", e);
57+
}
58+
}
59+
60+
@Override
61+
public HttpClient get()
62+
{
63+
_logger.info("Creating {}", getClass().getName());
64+
return create();
65+
}
66+
}

0 commit comments

Comments
 (0)