完善OAuth2

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/OAuth2Constants.java

@@ -31,4 +31,6 @@ public interface OAuth2Constants {
     String client_secret = "client_secret";
     String authorization = "Authorization";
     String redirect_uri  = "redirect_uri";
+    String response_type = "response_type";
+    String state         = "state";
 }

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/OAuth2ServerService.java

@@ -31,11 +31,9 @@ public interface OAuth2ServerService {
 
     OAuth2ClientEntity getClient(String clientId, String clientSecret);
 
-    OAuth2AccessEntity getAccessByToken(String accessToken);
+    String requestCode(String clientId, String userId, String scope, String redirectUri);
 
-    String requestCode(String clientId, String userId, String scope);
-
-    OAuth2AccessEntity requestTokenByCode(String code, String clientId, String clientSecret, String scope);
+    OAuth2AccessEntity requestTokenByCode(String code, String clientId, String clientSecret, String scope, String redirectUri);
 
     OAuth2AccessEntity requestTokenByClientCredential(String clientId, String clientSecret);
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/AuthorizationCodeEntity.java

@@ -45,4 +45,8 @@ public interface AuthorizationCodeEntity extends Entity {
     String getScope();
 
     void setScope(String scope);
+
+    String getRedirectUri();
+
+    void setRedirectUri(String redirectUri);
 }

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/OAuth2AccessEntity.java

@@ -41,9 +41,9 @@ public interface OAuth2AccessEntity extends Entity {
 
     void setRefreshToken(String refreshToken);
 
-    Long getExpireIn();
+    Long getExpiresIn();
 
-    void setExpireIn(Long expireIn);
+    void setExpiresIn(Long expiresIn);
 
     Long getCreateTime();
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleAuthorizationCodeEntity.java

@@ -33,6 +33,16 @@ public class SimpleAuthorizationCodeEntity implements AuthorizationCodeEntity {
 
     private String scope;
 
+    private String redirectUri;
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
     public String getScope() {
         return scope;
     }

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleOAuth2AccessEntity.java

@@ -33,7 +33,7 @@ public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
 
     private String refreshToken;
 
-    private Long expireIn;
+    private Long expiresIn;
 
     private Long createTime;
 
@@ -81,14 +81,12 @@ public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
         this.refreshToken = refreshToken;
     }
 
-    @Override
-    public Long getExpireIn() {
-        return expireIn;
+    public Long getExpiresIn() {
+        return expiresIn;
     }
 
-    @Override
-    public void setExpireIn(Long expireIn) {
-        this.expireIn = expireIn;
+    public void setExpiresIn(Long expiresIn) {
+        this.expiresIn = expiresIn;
     }
 
     @Override

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/oauth2sso/OAuth2SSOAuthorizingListener.java

@@ -24,6 +24,7 @@ import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestService;
 import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2CodeAuthBeforeEvent;
 import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2Listener;
+import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
 import org.hswebframework.web.authorization.shiro.SimpleAuthenticationToken;
 
 /**
@@ -57,10 +58,10 @@ public class OAuth2SSOAuthorizingListener
                 .create(userCenterServerId)
                 .byAuthorizationCode(event.getCode())
                 .request(userAuthInfoApi)
-                .get()
+                .get().onError(OAuth2Response.throwOnError)
                 .as(Authentication.class);
 
-        boolean remember = Boolean.valueOf((String) event.getParameter("remember").orElse("false"));
+        boolean remember = Boolean.valueOf(event.getParameter("remember").orElse("false"));
         Subject subject = SecurityUtils.getSubject();
         subject.login(new SimpleAuthenticationToken(authentication, remember));
 

hsweb-core/src/main/java/org/hswebframework/web/NotFoundException.java

@@ -19,7 +19,7 @@
 package org.hswebframework.web;
 
 /**
- * Created by zhouhao on 16-4-29.
+ *
  */
 public class NotFoundException extends BusinessException {
     public NotFoundException(String message) {

hsweb-system/README.md

@@ -17,6 +17,8 @@
 |[hsweb-system-explorer](hsweb-system-menu)|**系统菜单**| 80%|
 |[hsweb-system-file](hsweb-system-file)|文件管理| 0%|
 |[hsweb-system-history](hsweb-system-history)|历史记录管理| 0%|
+|[hsweb-system-oauth2-client](hsweb-system-oauth2-client)|OAuth2 客户端| 10%|
+|[hsweb-system-oauth2-server](hsweb-system-oauth2-server)|OAuth2 服务端| 50%|
 |[hsweb-system-monitor](hsweb-system-monitor)|系统监控| 0%|
 |[hsweb-system-organizational](hsweb-system-organizational)|组织架构| 50%|
 |[hsweb-system-schedule](hsweb-system-schedule)|任务调度| 0%|

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleAuthentication.java

@@ -43,7 +43,6 @@ public class SimpleAuthentication implements Authentication {
 
     public SimpleAuthentication() {
     }
-
     public SimpleAuthentication(UserEntity user,
                                 List<RoleEntity> roleEntities,
                                 List<PermissionRoleEntity> permissionRoleEntities,

hsweb-system/hsweb-system-menu/hsweb-system-menu-entity/src/main/java/org/hswebframework/web/entity/menu/SimpleMenuEntity.java

@@ -56,6 +56,7 @@ public class SimpleMenuEntity extends SimpleTreeSortSupportEntity<String>
     @Override
     @SuppressWarnings("unchecked")
     public List<SimpleMenuEntity> getChildren() {
+        if (children == null) return null;
         return new ArrayList<>(children);
     }
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2ClientController.java

@@ -18,11 +18,14 @@
 
 package org.hswebframework.web.authorization.oauth2.controller;
 
-import org.hswebframework.web.BusinessException;
+import org.hswebframework.web.WebUtil;
+import org.hswebframework.web.authorization.oauth2.client.OAuth2Constants;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestService;
 import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2CodeAuthBeforeEvent;
 import org.hswebframework.web.controller.message.ResponseMessage;
+import org.hswebframework.web.entity.oauth2.client.OAuth2ServerConfigEntity;
 import org.hswebframework.web.id.IDGenerator;
+import org.hswebframework.web.service.oauth2.client.OAuth2ServerConfigService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
@@ -30,6 +33,9 @@ import org.springframework.web.servlet.view.RedirectView;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
 
 /**
  * @author zhouhao
@@ -40,6 +46,13 @@ public class OAuth2ClientController {
 
     private OAuth2RequestService oAuth2RequestService;
 
+    private OAuth2ServerConfigService oAuth2ServerConfigService;
+
+    @Autowired
+    public void setoAuth2ServerConfigService(OAuth2ServerConfigService oAuth2ServerConfigService) {
+        this.oAuth2ServerConfigService = oAuth2ServerConfigService;
+    }
+
     @Autowired
     public void setoAuth2RequestService(OAuth2RequestService oAuth2RequestService) {
         this.oAuth2RequestService = oAuth2RequestService;
@@ -55,20 +68,38 @@ public class OAuth2ClientController {
         return ResponseMessage.ok(state);
     }
 
+    @GetMapping("/boot/{serverId}")
+    public RedirectView boot(@PathVariable String serverId,
+                             @RequestParam(defaultValue = "/") String redirect,
+                             HttpServletRequest request,
+                             HttpSession session) throws UnsupportedEncodingException {
+        OAuth2ServerConfigEntity entity = oAuth2ServerConfigService.selectByPk(serverId);
+        if (entity == null) return new RedirectView("/401.html");
+        String callback = WebUtil.getBasePath(request)
+                .concat("oauth2/callback/")
+                .concat(serverId).concat("/?redirect=")
+                .concat(URLEncoder.encode(redirect, "UTF-8"));
+        RedirectView view = new RedirectView(entity.getRealUrl(entity.getAuthUrl()));
+        view.addStaticAttribute(OAuth2Constants.response_type, "code");
+        view.addStaticAttribute(OAuth2Constants.state, requestState(session).getResult());
+        view.addStaticAttribute(OAuth2Constants.client_id, entity.getClientId());
+        view.addStaticAttribute(OAuth2Constants.redirect_uri, URLEncoder.encode(callback, "UTF-8"));
+        return view;
+    }
+
     @GetMapping("/callback/{serverId}")
     public RedirectView callback(@RequestParam(defaultValue = "/") String redirect,
                                  @PathVariable String serverId,
                                  @RequestParam String code,
                                  @RequestParam String state,
                                  HttpServletRequest request,
-                                 HttpSession session) {
+                                 HttpSession session) throws UnsupportedEncodingException {
         try {
             String cachedState = (String) session.getAttribute(STATE_SESSION_KEY);
-            if (!state.equals(cachedState)) throw new BusinessException("state error");
-
+            //  if (!state.equals(cachedState)) throw new BusinessException("state error");
             oAuth2RequestService.doEvent(serverId, new OAuth2CodeAuthBeforeEvent(code, state, request::getParameter));
             // TODO: 17-4-7 验证并解码redirect
-            return new RedirectView(redirect);
+            return new RedirectView(URLDecoder.decode(redirect, "UTF-8"));
         } finally {
             session.removeAttribute(STATE_SESSION_KEY);
         }

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-entity/src/main/java/org/hswebframework/web/entity/oauth2/client/OAuth2ServerConfigEntity.java

@@ -107,6 +107,13 @@ public interface OAuth2ServerConfigEntity extends GenericEntity<String> {
      */
     String getAuthUrl();
 
+    default String getRealUrl(String url) {
+        String base = getApiBaseUrl();
+        if (url.startsWith("http")) return url;
+        if (!base.endsWith("/") && !url.startsWith("/")) base += "/";
+        return base + url;
+    }
+
     /**
      * 设置 认证地址
      */

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-api/pom.xml

@@ -33,6 +33,11 @@
             <artifactId>hsweb-commons-service-api</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-client</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.hswebframework.web</groupId>
             <artifactId>hsweb-system-oauth2-client-dao-api</artifactId>

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-api/src/main/java/org/hswebframework/web/service/oauth2.client/request/ProviderSupport.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.service.oauth2.client.request;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ProviderSupport {
+    String hsweb      = "hsweb";
+
+    String tencent_qq = "QQ";
+    String sina       = "sina";
+}

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/ResponseConvertHandler.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.service.oauth2.client.simple.request;
+package org.hswebframework.web.service.oauth2.client.request;
 
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/ResponseJudge.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.service.oauth2.client.simple.request;
+package org.hswebframework.web.service.oauth2.client.request;
 
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/definition/ResponseConvertForProviderDefinition.java

@@ -16,9 +16,10 @@
  *
  */
 
-package org.hswebframework.web.service.oauth2.client.simple.request.definition;
+package org.hswebframework.web.service.oauth2.client.request.definition;
 
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseConvertHandler;
+import org.hswebframework.web.service.oauth2.client.request.ProviderSupport;
+import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
 
 /**
  * TODO 完成注释
@@ -26,5 +27,10 @@ import org.hswebframework.web.service.oauth2.client.simple.request.ResponseConve
  * @author zhouhao
  */
 public interface ResponseConvertForProviderDefinition extends ResponseConvertHandler {
+
+    /**
+     * @return 支持的厂商标识
+     * @see ProviderSupport
+     */
     String getProvider();
 }

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/definition/ResponseConvertForServerIdDefinition.java

@@ -16,9 +16,9 @@
  *
  */
 
-package org.hswebframework.web.service.oauth2.client.simple.request.definition;
+package org.hswebframework.web.service.oauth2.client.request.definition;
 
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseConvertHandler;
+import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
 
 /**
  * TODO 完成注释

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/definition/ResponseJudgeForProviderDefinition.java

@@ -16,9 +16,9 @@
  *
  */
 
-package org.hswebframework.web.service.oauth2.client.simple.request.definition;
+package org.hswebframework.web.service.oauth2.client.request.definition;
 
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseJudge;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 
 /**
  *

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/definition/ResponseJudgeForServerIdDefinition.java

@@ -16,9 +16,9 @@
  *
  */
 
-package org.hswebframework.web.service.oauth2.client.simple.request.definition;
+package org.hswebframework.web.service.oauth2.client.request.definition;
 
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseJudge;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 
 /**
  * TODO 完成注释

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/SimpleOAuth2RequestService.java

@@ -19,6 +19,8 @@
 package org.hswebframework.web.service.oauth2.client.simple;
 
 import org.hswebframework.web.NotFoundException;
+import org.hswebframework.web.authorization.listener.AuthorizationListener;
+import org.hswebframework.web.authorization.listener.event.AuthorizationEvent;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestBuilderFactory;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestService;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2SessionBuilder;
@@ -27,9 +29,12 @@ import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2Listene
 import org.hswebframework.web.entity.oauth2.client.OAuth2ServerConfigEntity;
 import org.hswebframework.web.service.oauth2.client.OAuth2ServerConfigService;
 import org.hswebframework.web.service.oauth2.client.OAuth2UserTokenService;
+import org.hswebframwork.utils.ClassUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.*;
+
 /**
  * TODO 完成注释
  *
@@ -43,6 +48,7 @@ public class SimpleOAuth2RequestService implements OAuth2RequestService {
     private OAuth2UserTokenService oAuth2UserTokenService;
 
     private OAuth2RequestBuilderFactory oAuth2RequestBuilderFactory;
+    private Map<String, Map<Class, List<OAuth2Listener>>> listenerStore = new HashMap<>();
 
     @Override
     public OAuth2SessionBuilder create(String serverId) {
@@ -52,18 +58,24 @@ public class SimpleOAuth2RequestService implements OAuth2RequestService {
     }
 
     @Override
+    @SuppressWarnings("unchecked")
     public void registerListener(String serverId, OAuth2Listener<? extends OAuth2Event> listener) {
-
+        Class type = ClassUtils.getGenericType(listener.getClass());
+        listenerStore.computeIfAbsent(serverId, k -> new HashMap<>())
+                .computeIfAbsent(type, k -> new ArrayList<>())
+                .add(listener);
     }
 
     @Override
     public void doEvent(String serverId, OAuth2Event event) {
-
+        doEvent(serverId, event, event.getClass());
     }
 
     @Override
     public void doEvent(String serverId, OAuth2Event event, Class<? extends OAuth2Event> eventType) {
-
+        listenerStore.getOrDefault(serverId, Collections.emptyMap())
+                .getOrDefault(eventType, Collections.emptyList())
+                .forEach(listener -> listener.on(event));
     }
 
     @Autowired

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/provider/HswebResponseConvertSupport.java

@@ -0,0 +1,57 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.service.oauth2.client.simple.provider;
+
+import com.alibaba.fastjson.JSON;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.service.oauth2.client.request.ProviderSupport;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseConvertForProviderDefinition;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@Component
+public class HswebResponseConvertSupport implements ResponseConvertForProviderDefinition {
+    @Override
+    public <T> T convert(OAuth2Response response, Class<T> type) {
+        String json = response.asString();
+
+        if (type == Authentication.class) {
+            return (T) RemoteAuthentication.fromJson(json);
+        }
+        return JSON.parseObject(json, type);
+    }
+
+    @Override
+    public <T> List<T> convertList(OAuth2Response response, Class<T> type) {
+        String json = response.asString();
+        return JSON.parseArray(json, type);
+    }
+
+    @Override
+    public String getProvider() {
+        return ProviderSupport.hsweb;
+    }
+}

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/provider/HswebResponseJudgeSupport.java

@@ -0,0 +1,65 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.service.oauth2.client.simple.provider;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.service.oauth2.client.request.ProviderSupport;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseJudgeForProviderDefinition;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@Component
+public class HswebResponseJudgeSupport implements ResponseJudgeForProviderDefinition {
+    static Map<Integer, OAuth2Response.ErrorType> errorTypeMap = new HashMap<>();
+
+    static {
+        // success
+        errorTypeMap.put(401, OAuth2Response.ErrorType.ILLEGAL_RESPONSE_TYPE);
+        errorTypeMap.put(500, OAuth2Response.ErrorType.ILLEGAL_RESPONSE_TYPE);
+
+    }
+
+    @Override
+    public String getProvider() {
+        return ProviderSupport.hsweb;
+    }
+
+    @Override
+    public OAuth2Response.ErrorType judge(OAuth2Response response) {
+        String result = response.asString();
+        if (result == null) return OAuth2Response.ErrorType.OTHER;
+        JSONObject jsonRes = JSON.parseObject(result);
+        Integer status = jsonRes.getInteger("status");
+        if (status == null && response.status() == 200) return null;
+        if (status != null) {
+            if (status == 200) return null;
+            return errorTypeMap.getOrDefault(status, OAuth2Response.ErrorType.OTHER);
+        }
+        return errorTypeMap.getOrDefault(response.status(), OAuth2Response.ErrorType.OTHER);
+    }
+}

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/provider/RemoteAuthentication.java

@@ -0,0 +1,289 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.service.oauth2.client.simple.provider;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.Role;
+import org.hswebframework.web.authorization.User;
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.access.FieldAccessConfig;
+
+import java.io.Serializable;
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * @author zhouhao
+ */
+public class RemoteAuthentication implements Authentication {
+    private ReadOnlyUser user;
+
+    private List<ReadOnlyRole> roles;
+
+    private List<ReadOnlyPermission> permissions;
+
+    private Map<String, Serializable> attributes = new HashMap<>();
+
+    public static RemoteAuthentication fromJson(String json) {
+        RemoteAuthentication authentication = new RemoteAuthentication();
+
+        JSONObject jsonObject = JSONObject.parseObject(json);
+
+        authentication.setUser(jsonObject.getObject("user", ReadOnlyUser.class));
+        authentication.setRoles(jsonObject.getJSONArray("roles").stream().map(role ->
+                ((JSONObject) role).toJavaObject(ReadOnlyRole.class)
+        ).collect(Collectors.toList()));
+        authentication.setPermissions(jsonObject.getJSONArray("permissions").parallelStream().map(permission ->
+                {
+                    JSONObject permissionObj= ((JSONObject) permission);
+
+                    return permissionObj.toJavaObject(ReadOnlyPermission.class);
+                }
+        ).collect(Collectors.toList()));
+        authentication.setAttributes((Map) jsonObject.getJSONObject("attributes"));
+        return authentication;
+    }
+
+    @Override
+    public ReadOnlyUser getUser() {
+        return user;
+    }
+
+    @Override
+    public List<Role> getRoles() {
+        return new ArrayList<>(roles);
+    }
+
+    @Override
+    public List<Permission> getPermissions() {
+        return new ArrayList<>(permissions);
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public <T extends Serializable> Optional<T> getAttribute(String name) {
+        return Optional.of((T) attributes.get(name));
+    }
+
+    @Override
+    public void setAttribute(String name, Serializable value) {
+        attributes.put(name, value);
+    }
+
+    public void setUser(ReadOnlyUser user) {
+        checkWritable(this.user);
+        this.user = user;
+    }
+
+    public void setRoles(List<ReadOnlyRole> roles) {
+        checkWritable(this.roles);
+        this.roles = roles;
+    }
+
+    public void setPermissions(List<ReadOnlyPermission> permissions) {
+        checkWritable(this.permissions);
+        this.permissions = permissions;
+    }
+
+    public void setAttributes(Map<String, Serializable> attributes) {
+        this.attributes = attributes;
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public <T extends Serializable> T removeAttributes(String name) {
+        return (T) attributes.remove(name);
+    }
+
+    public Map<String, Serializable> getAttributes() {
+        return attributes;
+    }
+
+    public static class ReadOnlyPermission implements Permission {
+        private String                 id;
+        private Set<String>            actions;
+        private Set<SimpleFieldAccess> fieldAccesses;
+        private Set<DataAccessConfig>  dataAccessConfigs;
+
+        public ReadOnlyPermission() {
+        }
+
+        public ReadOnlyPermission(String id, Collection<String> actions) {
+            this.id = id;
+            this.actions = new HashSet<>(actions);
+        }
+
+        @Override
+        public String getId() {
+            return id;
+        }
+
+        public void setId(String id) {
+            checkWritable(this.id);
+            this.id = id;
+        }
+
+        @Override
+        public Set<String> getActions() {
+            if (actions == null) actions = Collections.emptySet();
+            return new HashSet<>(actions);
+        }
+
+        @Override
+        public Set<FieldAccessConfig> getFieldAccesses() {
+            if (fieldAccesses == null) fieldAccesses = Collections.emptySet();
+            return new HashSet<>(fieldAccesses);
+        }
+
+        public Set<DataAccessConfig> getDataAccessConfigs() {
+            if (dataAccessConfigs == null) dataAccessConfigs = Collections.emptySet();
+            return new HashSet<>(dataAccessConfigs);
+        }
+
+        public void setFieldAccesses(Set<SimpleFieldAccess> fieldAccesses) {
+            checkWritable(this.fieldAccesses);
+            this.fieldAccesses = fieldAccesses;
+        }
+
+        public void setDataAccessConfigs(Set<DataAccessConfig> dataAccessConfigs) {
+            checkWritable(this.dataAccessConfigs);
+            this.dataAccessConfigs = dataAccessConfigs;
+        }
+
+        public void setActions(Set<String> actions) {
+            checkWritable(this.actions);
+            this.actions = new HashSet<>(actions);
+        }
+    }
+
+    public static class SimpleFieldAccess implements FieldAccessConfig {
+        private String      field;
+        private Set<String> actions;
+
+        @Override
+        public String getField() {
+            return field;
+        }
+
+        @Override
+        public Set<String> getActions() {
+            return new HashSet<>(actions);
+        }
+
+        public void setField(String field) {
+            checkWritable(this.field);
+            this.field = field;
+        }
+
+        public void setActions(Set<String> actions) {
+            checkWritable(this.actions);
+            this.actions = actions;
+        }
+    }
+
+    public static class ReadOnlyRole implements Role {
+        private String id;
+
+        private String name;
+
+        public ReadOnlyRole() {
+        }
+
+        public ReadOnlyRole(String id, String name) {
+            this.id = id;
+            this.name = name;
+        }
+
+        @Override
+        public String getId() {
+            return id;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        public void setId(String id) {
+            checkWritable(this.id);
+            this.id = id;
+        }
+
+        public void setName(String name) {
+            checkWritable(this.name);
+            this.name = name;
+        }
+    }
+
+    public static class ReadOnlyUser implements User {
+        private String id;
+
+        private String username;
+
+        private String name;
+
+        public ReadOnlyUser() {
+        }
+
+        public ReadOnlyUser(String id, String username, String name) {
+            this.id = id;
+            this.username = username;
+            this.name = name;
+        }
+
+        @Override
+        public String getId() {
+            return id;
+        }
+
+        @Override
+        public String getUsername() {
+            return username;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        public void setId(String id) {
+            checkWritable(this.id);
+            this.id = id;
+        }
+
+        public void setUsername(String username) {
+            checkWritable(this.username);
+            this.username = username;
+        }
+
+        public void setName(String name) {
+            checkWritable(this.name);
+            this.name = name;
+        }
+    }
+
+    static final void checkWritable(Object obj) {
+        if (obj != null) {
+            throw new UnsupportedOperationException();
+        }
+    }
+}

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/SimpleOAuth2Request.java

@@ -23,6 +23,8 @@ import org.hswebframework.expands.request.http.Response;
 import org.hswebframework.web.authorization.oauth2.client.request.OAuth2Request;
 import org.hswebframework.web.authorization.oauth2.client.request.TokenExpiredCallBack;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 
 import java.util.function.Consumer;
 import java.util.function.Supplier;

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/SimpleOAuth2Response.java

@@ -21,6 +21,8 @@ package org.hswebframework.web.service.oauth2.client.simple.request;
 import org.hswebframework.expands.request.http.Response;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
 import org.hswebframework.web.authorization.oauth2.client.response.ResponseConvert;
+import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/builder/SimpleOAuth2RequestBuilder.java

@@ -21,8 +21,8 @@ package org.hswebframework.web.service.oauth2.client.simple.request.builder;
 import org.hswebframework.expands.request.RequestBuilder;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestBuilder;
 import org.hswebframework.web.authorization.oauth2.client.request.OAuth2Request;
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseConvertHandler;
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseJudge;
+import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 import org.hswebframework.web.service.oauth2.client.simple.request.SimpleOAuth2Request;
 
 /**

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/builder/SimpleOAuth2RequestBuilderFactory.java

@@ -21,14 +21,12 @@ package org.hswebframework.web.service.oauth2.client.simple.request.builder;
 import org.hswebframework.expands.request.RequestBuilder;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestBuilder;
 import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestBuilderFactory;
-import org.hswebframework.web.entity.oauth2.client.OAuth2ServerConfigEntity;
-import org.hswebframework.web.service.oauth2.client.OAuth2ServerConfigService;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseConvertForProviderDefinition;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseConvertForServerIdDefinition;
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseConvertHandler;
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseJudge;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseJudgeForProviderDefinition;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseJudgeForServerIdDefinition;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseConvertForProviderDefinition;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseConvertForServerIdDefinition;
+import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseJudgeForProviderDefinition;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseJudgeForServerIdDefinition;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/session/DefaultOAuth2Session.java

@@ -79,14 +79,13 @@ public class DefaultOAuth2Session implements OAuth2Session {
     }
 
     protected String encodeAuthorization(String auth) {
-        String code = "basic ".concat(auth);
-        return Base64.encodeBase64String(code.getBytes());
+        return "basic ".concat(Base64.encodeBase64String(auth.getBytes()));
     }
 
     protected void applyBasicAuthParam(OAuth2Request request) {
         request.param(client_id, configEntity.getClientId());
         request.param(client_secret, configEntity.getClientSecret());
-
+        request.param(redirect_uri, configEntity.getRedirectUri());
         request.header(authorization, encodeAuthorization(configEntity.getClientId().concat(":").concat(configEntity.getClientSecret())));
     }
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/main/java/org/hswebframework/web/service/oauth2/client/starter/DefaultResponseJudge.java

@@ -19,7 +19,7 @@
 package org.hswebframework.web.service.oauth2.client.starter;
 
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
-import org.hswebframework.web.service.oauth2.client.simple.request.ResponseJudge;
+import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 
 import java.util.*;
 import java.util.stream.Collectors;

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/test/java/org/hswebframework/web/starter/oauth2/client/OAuth2ServerConfigTests.java

@@ -46,36 +46,36 @@ public class OAuth2ServerConfigTests extends SimpleWebApplicationTests {
     @Autowired
     private OAuth2RequestService oAuth2RequestService;
 
-    @Test
-    public void testOAuth2() throws Exception {
-        OAuth2ServerConfigEntity entity = entityFactory.newInstance(OAuth2ServerConfigEntity.class);
-        //https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=123&redirect_uri=www.baidu.com
-        entity.setId("my_qq_test");
-        entity.setName("QQ OAuth2");
-        entity.setApiBaseUrl("https://graph.qq.com/oauth2.0/");
-        entity.setAuthUrl("authorize");
-        entity.setAccessTokenUrl("token");
-        entity.setClientId("911ab25b8a87684beba8f394f47d3de9");
-        entity.setClientSecret("2cce659031d5e1495e102be0de9e9cb0");
-        entity.setRedirectUri("http://demo.hsweb.me");
-        entity.setProvider("QQ");
-        entity.setEnabled(true);
-        //add
-        String requestBody = JSON.toJSONString(entity);
-        JSONObject result = testPost("/oauth2-server-config")
-                .setUp(setup -> setup.contentType(MediaType.APPLICATION_JSON)
-                        .content(requestBody)).exec().resultAsJson();
-        Assert.assertEquals(200, result.get("status"));
-
-        try {
-            Map meInfo = oAuth2RequestService.create("my_qq_test")
-                    .byAuthorizationCode("D8C3B5E8B55E4AAAC8EA1FB8DC0AFCEC")
-                    .request("me").get().as(Map.class);
-            System.out.println(meInfo);
-        } catch (OAuth2RequestException e) {
-            System.out.println(e.getErrorType() + ":" + e.getResponse().as(Map.class));
-        }
-    }
+//    @Test
+//    public void testOAuth2() throws Exception {
+//        OAuth2ServerConfigEntity entity = entityFactory.newInstance(OAuth2ServerConfigEntity.class);
+//        //https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=123&redirect_uri=www.baidu.com
+//        entity.setId("my_qq_test");
+//        entity.setName("QQ OAuth2");
+//        entity.setApiBaseUrl("https://graph.qq.com/oauth2.0/");
+//        entity.setAuthUrl("authorize");
+//        entity.setAccessTokenUrl("token");
+//        entity.setClientId("911ab25b8a87684beba8f394f47d3de9");
+//        entity.setClientSecret("2cce659031d5e1495e102be0de9e9cb0");
+//        entity.setRedirectUri("http://demo.hsweb.me");
+//        entity.setProvider("QQ");
+//        entity.setEnabled(true);
+//        //add
+//        String requestBody = JSON.toJSONString(entity);
+//        JSONObject result = testPost("/oauth2-server-config")
+//                .setUp(setup -> setup.contentType(MediaType.APPLICATION_JSON)
+//                        .content(requestBody)).exec().resultAsJson();
+//        Assert.assertEquals(200, result.get("status"));
+//
+//        try {
+//            Map meInfo = oAuth2RequestService.create("my_qq_test")
+//                    .byAuthorizationCode("D8C3B5E8B55E4AAAC8EA1FB8DC0AFCEC")
+//                    .request("me").get().as(Map.class);
+//            System.out.println(meInfo);
+//        } catch (OAuth2RequestException e) {
+//            System.out.println(e.getErrorType() + ":" + e.getResponse().as(Map.class));
+//        }
+//    }
 
     @Test
     public void testCrud() throws Exception {

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/test/java/org/hswebframework/web/starter/oauth2/client/QQResponseConvertSupport.java

@@ -20,8 +20,7 @@ package org.hswebframework.web.starter.oauth2.client;
 
 import com.alibaba.fastjson.JSON;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseConvertForProviderDefinition;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseConvertForServerIdDefinition;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseConvertForProviderDefinition;
 import org.springframework.stereotype.Component;
 
 import java.util.List;

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/test/java/org/hswebframework/web/starter/oauth2/client/QQResponseJudgeSupport.java

@@ -21,7 +21,7 @@ package org.hswebframework.web.starter.oauth2.client;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
-import org.hswebframework.web.service.oauth2.client.simple.request.definition.ResponseJudgeForProviderDefinition;
+import org.hswebframework.web.service.oauth2.client.request.definition.ResponseJudgeForProviderDefinition;
 import org.springframework.stereotype.Component;
 
 import java.util.HashMap;

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizeController.java

@@ -0,0 +1,86 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.controller;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.hswebframework.web.AuthorizeException;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.annotation.Authorize;
+import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
+import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
+import org.hswebframework.web.oauth2.model.AuthorizationCodeModel;
+import org.hswebframework.web.oauth2.model.ImplicitAccessTokenModel;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@RestController
+@Api(tags = "hsweb-oauth2", description = "OAuth2授权", hidden = true)
+@RequestMapping("${hsweb.web.mappings.authorize-oauth2:oauth2/authorize}")
+public class OAuth2AuthorizeController {
+
+    @Resource
+    private OAuth2ServerService oAuth2ServerService;
+
+
+    @GetMapping(params = "response_type=code")
+    @ApiOperation("登录用户获取OAuth2.0授权码")
+    @Authorize
+    public AuthorizationCodeModel requestCode(
+            @RequestParam("client_id") String clientId,
+            @RequestParam("redirect_uri") String redirectUri,
+            @RequestParam(value = "scope", required = false) String scope,
+            @RequestParam(value = "state", required = false) String state) {
+        Authentication authentication = Authentication.current().orElseThrow(AuthorizeException::new);
+        String code = oAuth2ServerService.requestCode(clientId, authentication.getUser().getId(), scope,redirectUri);
+        AuthorizationCodeModel model = new AuthorizationCodeModel();
+        model.setCode(code);
+        model.setRedirectUri(redirectUri);
+        model.setState(state);
+        return model;
+    }
+
+
+    @GetMapping(params = "response_type=token")
+    @ApiOperation("implicit方式授权")
+    public ImplicitAccessTokenModel authorizeByImplicit(
+            @RequestParam(value = "client_id") String client_id,
+            @RequestParam(value = "redirect_uri") String redirect_uri,
+            @RequestParam(value = "state") String state,
+            @RequestParam(value = "scope", required = false) String scope) {
+
+        // TODO: 17-4-7  用户是否为当前登录的用户,而非client绑定的用户?
+        // TODO: 17-3-6  validate redirect_uri
+        OAuth2AccessEntity accessEntity = oAuth2ServerService.requestTokenByImplicit(client_id, scope);
+        ImplicitAccessTokenModel model = new ImplicitAccessTokenModel();
+        model.setState(state);
+        model.setToken_type("example");
+        model.setAccess_token(accessEntity.getAccessToken());
+        model.setExpires_in(accessEntity.getExpiresIn());
+        model.setRedirect_uri(redirect_uri);
+        return model;
+    }
+
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizationController.java

@@ -21,14 +21,10 @@ package org.hswebframework.web.authorization.oauth2.controller;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.codec.binary.Base64;
-import org.hswebframework.web.AuthorizeException;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
 import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
 import org.hswebframework.web.oauth2.model.AccessTokenModel;
-import org.hswebframework.web.oauth2.model.AuthorizationCodeModel;
-import org.hswebframework.web.oauth2.model.ImplicitAccessTokenModel;
+import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -36,72 +32,34 @@ import javax.annotation.Resource;
 import static org.springframework.util.StringUtils.isEmpty;
 
 /**
- *
  * @author zhouhao
  */
 @RestController
-@Api(tags = "hsweb-authorization", description = "OAuth2授权", hidden = true)
-@RequestMapping("${hsweb.web.mappings.authorize-oauth2:oauth2/authorize}")
-public class OAuth2AuthorizationController {
+@Api(tags = "hsweb-oauth2", description = "OAuth2授权token获取", hidden = true)
+@RequestMapping("${hsweb.web.mappings.authorize-oauth2:oauth2/token}")
+public class OAuth2TokenController {
 
     @Resource
     private OAuth2ServerService oAuth2ServerService;
 
-    @RequestMapping(params = "response_type=code", method = RequestMethod.GET)
-    @ApiOperation("登录用户获取OAuth2.0授权码")
-    @Authorize
-    public AuthorizationCodeModel requestCode(
-            @RequestParam("client_id") String clientId,
-            @RequestParam("redirect_uri") String redirectUri,
-            @RequestParam(value = "scope", required = false) String scope,
-            @RequestParam(value = "state", required = false) String state) {
-        Authentication authentication = Authentication.current().orElseThrow(AuthorizeException::new);
-        String code = oAuth2ServerService.requestCode(clientId, authentication.getUser().getId(), scope);
-        AuthorizationCodeModel model = new AuthorizationCodeModel();
-        model.setCode(code);
-        model.setRedirectUri(redirectUri);
-        model.setState(state);
-        return model;
-    }
-
-
-    @RequestMapping(params = "response_type=token", method = RequestMethod.GET)
-    @ApiOperation("implicit方式授权")
-    public ImplicitAccessTokenModel authorizeByImplicit(
-            @RequestParam(value = "client_id") String client_id,
-            @RequestParam(value = "redirect_uri") String redirect_uri,
-            @RequestParam(value = "state") String state,
-            @RequestParam(value = "scope", required = false) String scope) {
-
-        // OAuth2ClientEntity clientEntity = oAuth2ServerService.getClient(client_id);
-        // TODO: 17-3-6  validate redirect_uri
-        OAuth2AccessEntity accessEntity = oAuth2ServerService.requestTokenByImplicit(client_id, scope);
-        ImplicitAccessTokenModel model = new ImplicitAccessTokenModel();
-        model.setState(state);
-        model.setToken_type("example");
-        model.setAccess_token(accessEntity.getAccessToken());
-        model.setExpire_in(accessEntity.getExpireIn());
-        return model;
-    }
-
-    @RequestMapping(params = "grant_type=authorization_code", method = RequestMethod.POST)
+    @PostMapping(params = "grant_type=authorization_code")
     @ApiOperation("authorization_code方式授权")
     public AccessTokenModel authorizeByCode(
             @RequestParam("code") String code,
             @RequestParam(value = "client_id", required = false) String clientId,
             @RequestParam(value = "client_secret", required = false) String clientSecret,
+            @RequestParam(value = "redirect_uri") String redirect_uri,
             @RequestHeader(value = "Authorization", required = false) String authorization,
             @RequestParam(value = "scope", required = false) String scope) {
 
         String[] clientCredentials = getClientCredentials(clientId, clientSecret, authorization);
         clientId = clientCredentials[0];
         clientSecret = clientCredentials[1];
-
-        AccessTokenModel model = entityToModel(oAuth2ServerService.requestTokenByCode(code, clientId, clientSecret, scope));
+        AccessTokenModel model = entityToModel(oAuth2ServerService.requestTokenByCode(code, clientId, clientSecret, scope, redirect_uri));
         return model;
     }
 
-    @RequestMapping(params = "grant_type=client_credentials", method = RequestMethod.POST)
+    @PostMapping(params = "grant_type=client_credentials")
     @ApiOperation("client_credentials方式授权")
     public AccessTokenModel authorizeByClientCredentials(
             @RequestParam(value = "client_id", required = false) String clientId,
@@ -114,7 +72,7 @@ public class OAuth2AuthorizationController {
         return model;
     }
 
-    @RequestMapping(params = "grant_type=password", method = RequestMethod.POST)
+    @PostMapping(params = "grant_type=password")
     @ApiOperation("password方式授权")
     public AccessTokenModel authorizeByPassword(
             @RequestParam(value = "username") String username,
@@ -127,7 +85,7 @@ public class OAuth2AuthorizationController {
         return model;
     }
 
-    @RequestMapping(params = "grant_type=refresh_token", method = RequestMethod.POST)
+    @PostMapping(params = "grant_type=refresh_token")
     @ApiOperation("刷新授权码")
     public AccessTokenModel refreshToken(
             @RequestHeader(value = "Authorization", required = false) String authorization,
@@ -150,6 +108,7 @@ public class OAuth2AuthorizationController {
         }
         if (!isEmpty(authorization)) {
             String[] creds = decodeClientAuthenticationHeader(authorization);
+            Assert.notNull(creds, "");
             if (creds.length > 1) {
                 clientId = creds[0];
                 clientSecret = creds[1];
@@ -157,6 +116,8 @@ public class OAuth2AuthorizationController {
                 clientSecret = creds[0];
             }
         }
+        Assert.hasLength(clientId, "");
+        Assert.hasLength(clientSecret, "");
         return new String[]{clientId, clientSecret};
     }
 
@@ -164,7 +125,7 @@ public class OAuth2AuthorizationController {
         AccessTokenModel model = new AccessTokenModel();
         model.setAccess_token(entity.getAccessToken());
         model.setRefresh_token(entity.getRefreshToken());
-        model.setExpire_in(entity.getExpireIn());
+        model.setExpires_in(entity.getExpiresIn());
         model.setScope(entity.getScope());
         model.setToken_type("bearer");
         return model;

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2UserInfoController.java

@@ -0,0 +1,71 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.controller;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.hswebframework.web.AuthorizeException;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.AuthenticationHolder;
+import org.hswebframework.web.authorization.annotation.Authorize;
+import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
+import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
+import org.hswebframework.web.oauth2.model.AuthorizationCodeModel;
+import org.hswebframework.web.oauth2.model.ImplicitAccessTokenModel;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@RestController
+@Api(tags = "hsweb-oauth2", description = "OAuth2授权", hidden = true)
+@RequestMapping("${hsweb.web.mappings.oauth2-auth-info:oauth2/user-auth-info}")
+public class OAuth2UserInfoController {
+
+    @Resource
+    private OAuth2ServerService oAuth2ServerService;
+
+    @GetMapping
+    @ApiOperation("根据accessToken获取用户信息")
+    public Authentication getLoginUser(@RequestParam("access_token") String access_token) {
+        OAuth2AccessEntity auth2AccessEntity = oAuth2ServerService.getAccessToken(access_token);
+        if (null == auth2AccessEntity) {
+            throw new AuthorizeException();
+        }
+        return AuthenticationHolder.get(auth2AccessEntity.getUserId());
+    }
+
+
+    @GetMapping("/{userId}")
+    @ApiOperation("根据accessToken获取用户信息")
+    public Authentication getUserById(
+            @PathVariable("userId") String userId,
+            @RequestParam("access_token") String access_token) {
+        OAuth2AccessEntity auth2AccessEntity = oAuth2ServerService.getAccessToken(access_token);
+        if (null == auth2AccessEntity) {
+            throw new AuthorizeException();
+        }
+        return AuthenticationHolder.get(userId);
+    }
+
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-dao/hsweb-system-oauth2-server-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/oauth2/OAuth2AccessMapper.xml

@@ -26,7 +26,7 @@
         <result property="clientId" column="client_id" javaType="String" jdbcType="VARCHAR"/>
         <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
         <result property="accessToken" column="access_token" javaType="String" jdbcType="VARCHAR"/>
-        <result property="expireIn" column="expire_in" javaType="Long" jdbcType="NUMERIC"/>
+        <result property="expiresIn" column="expires_in" javaType="Long" jdbcType="NUMERIC"/>
         <result property="refreshToken" column="refresh_token" javaType="String" jdbcType="VARCHAR"/>
         <result property="createTime" column="create_time" javaType="Long" jdbcType="NUMERIC"/>
         <result property="updateTime" column="update_time" javaType="Long" jdbcType="NUMERIC"/>

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-dao/hsweb-system-oauth2-server-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/oauth2/OAuth2CodeMapper.xml

@@ -28,6 +28,7 @@
         <result property="code" column="code" javaType="String" jdbcType="VARCHAR"/>
         <result property="createTime" column="create_time" javaType="Long" jdbcType="NUMERIC"/>
         <result property="scope" column="scope" javaType="String" jdbcType="VARCHAR"/>
+        <result property="redirectUri" column="redirect_uri" javaType="String" jdbcType="VARCHAR"/>
     </resultMap>
 
     <!--用于动态生成sql所需的配置-->

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-model/src/main/java/org/hswebframework/web/oauth2/model/AccessTokenModel.java

@@ -33,7 +33,7 @@ public class AccessTokenModel implements Model {
 
     private String token_type;
 
-    private Long expire_in;
+    private Long expires_in;
 
     private String scope;
 
@@ -69,11 +69,11 @@ public class AccessTokenModel implements Model {
         this.token_type = token_type;
     }
 
-    public Long getExpire_in() {
-        return expire_in;
+    public Long getExpires_in() {
+        return expires_in;
     }
 
-    public void setExpire_in(Long expire_in) {
-        this.expire_in = expire_in;
+    public void setExpires_in(Long expires_in) {
+        this.expires_in = expires_in;
     }
 }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-model/src/main/java/org/hswebframework/web/oauth2/model/ImplicitAccessTokenModel.java

@@ -30,10 +30,20 @@ public class ImplicitAccessTokenModel implements Model {
 
     private String token_type;
 
-    private Long expire_in;
+    private Long expires_in;
 
     private String state;
 
+    private String redirect_uri;
+
+    public String getRedirect_uri() {
+        return redirect_uri;
+    }
+
+    public void setRedirect_uri(String redirect_uri) {
+        this.redirect_uri = redirect_uri;
+    }
+
     public String getState() {
         return state;
     }
@@ -58,11 +68,11 @@ public class ImplicitAccessTokenModel implements Model {
         this.token_type = token_type;
     }
 
-    public Long getExpire_in() {
-        return expire_in;
+    public Long getExpires_in() {
+        return expires_in;
     }
 
-    public void setExpire_in(Long expire_in) {
-        this.expire_in = expire_in;
+    public void setExpires_in(Long expires_in) {
+        this.expires_in = expires_in;
     }
 }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/service/SimpleOAuth2ServerService.java

@@ -81,15 +81,7 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
     }
 
     @Override
-    public OAuth2AccessEntity getAccessByToken(String accessToken) {
-        return createQuery(oAuth2AccessDao)
-                // TODO: 17-2-28 key (accessToken) 应该为常量
-                .where("accessToken", accessToken)
-                .single();
-    }
-
-    @Override
-    public String requestCode(String clientId, String userId, String scope) {
+    public String requestCode(String clientId, String userId, String scope, String redirectUri) {
         String code = IDGenerator.MD5.generate();
         //删除旧的code
         createDelete(authorizationCodeDao)
@@ -103,6 +95,7 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
         codeEntity.setUserId(userId);
         codeEntity.setCode(code);
         codeEntity.setScope(scope);
+        codeEntity.setRedirectUri(redirectUri);
         authorizationCodeDao.insert(codeEntity);
         return code;
     }
@@ -116,7 +109,11 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
     }
 
     @Override
-    public OAuth2AccessEntity requestTokenByCode(String code, String clientId, String clientSecret, String scope) {
+    public OAuth2AccessEntity requestTokenByCode(String code,
+                                                 String clientId,
+                                                 String clientSecret,
+                                                 String scope,
+                                                 String redirectUri) {
         AuthorizationCodeEntity codeEntity =
                 createQuery(authorizationCodeDao)
                         .where("code", code)
@@ -126,8 +123,12 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
             throw new NotFoundException("code not found!");
         }
         try {
-            //授权码已经创建超时(20s)
-            if (System.currentTimeMillis() - codeEntity.getCreateTime() < 20 * 1000) {
+//            if (!redirectUri.equals(codeEntity.getRedirectUri())) {
+//                // redirectUri error
+//                throw new IllegalArgumentException("redirectUri error!");
+//            }
+            //授权码已经创建超时(10分钟)
+            if (System.currentTimeMillis() - codeEntity.getCreateTime() > 10 * 60 * 1000) {
                 throw new NotFoundException("time out!");
             }
             // TODO: 17-2-28  验证scope
@@ -135,7 +136,7 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
             OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
             if (null == clientEntity) {
                 // TODO: 17-2-28 自定义异常
-                throw new NotFoundException("client not found!");
+                throw new IllegalArgumentException("client not found!");
             }
             if (!clientEntity.grantTypeIsSupport("authorization_code")) {
                 throw new UnsupportedOperationException("grant_type:authorization_code not support!");
@@ -144,7 +145,7 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
             accessEntity.setUserId(codeEntity.getUserId());
             accessEntity.setClientId(clientId);
             // TODO: 17-2-28 过期时间应该可配置
-            accessEntity.setExpireIn(3600L);
+            accessEntity.setExpiresIn(3600L);
             accessEntity.setScope(scope);
             oAuth2AccessDao.insert(accessEntity);
             return accessEntity;
@@ -179,10 +180,10 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
         OAuth2AccessEntity newEntity = createNewAccess();
         if (oldEntity != null) {
             newEntity.setScope(oldEntity.getScope());
-            newEntity.setExpireIn(oldEntity.getExpireIn());
+            newEntity.setExpiresIn(oldEntity.getExpiresIn());
             newEntity.setRefreshToken(oldEntity.getRefreshToken());
         } else {
-            newEntity.setExpireIn(3600L);
+            newEntity.setExpiresIn(3600L);
             newEntity.setScope("public");
         }
         newEntity.setClientId(clientEntity.getId());
@@ -220,7 +221,7 @@ public class SimpleOAuth2ServerService implements OAuth2ServerService {
         OAuth2AccessEntity accessEntity = createNewAccess();
         accessEntity.setUserId(entity.getId());
         accessEntity.setScope("public");
-        accessEntity.setExpireIn(3600L);
+        accessEntity.setExpiresIn(3600L);
         accessEntity.setClientId(clientEntity.getId());
         oAuth2AccessDao.insert(accessEntity);
         return accessEntity;

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/resources/hsweb-starter.js

@@ -54,7 +54,7 @@ function install(context) {
         .addColumn().name("client_id").varchar(32).notNull().comment("client_id").commit()
         .addColumn().name("user_id").varchar(32).notNull().comment("授权对应的用户ID").commit()
         .addColumn().name("access_token").varchar(32).notNull().comment("授权码").commit()
-        .addColumn().name("expire_in").varchar(32).notNull().comment("有效期").commit()
+        .addColumn().name("expires_in").varchar(32).notNull().comment("有效期").commit()
         .addColumn().name("refresh_token").varchar(32).notNull().comment("用于更新授权的token").commit()
         .addColumn().name("create_time").number(32).notNull().comment("创建时间").commit()
         .addColumn().name("update_time").number(32).comment("更新时间").commit()
@@ -67,6 +67,7 @@ function install(context) {
         .addColumn().name("code").varchar(32).notNull().comment("授权码").commit()
         .addColumn().name("create_time").number(32).notNull().comment("创建时间").commit()
         .addColumn().name("scope").clob().notNull().comment("授权范围").commit()
+        .addColumn().name("redirect_uri").varchar(1024).notNull().comment("重定向URI").commit()
         .comment("OAuth2授权码信息").commit();
 }