优化 OAuth2 server

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~  Copyright 2016 http://www.hswebframework.org
+  ~
+  ~  Licensed under the Apache License, Version 2.0 (the "License");
+  ~  you may not use this file except in compliance with the License.
+  ~  You may obtain a copy of the License at
+  ~
+  ~        http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  ~
+  ~
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-authorization-oauth2</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-authorization-oauth2-auth-server</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-commons-entity</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-commons-utils</artifactId>
+            <version>3.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+</project>

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/AuthorizationCodeEntity.java

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.api.entity;
+
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
+import org.hswebframework.web.commons.entity.Entity;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeEntity extends AuthorizationCode, Entity {
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/OAuth2AccessEntity.java

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.api.entity;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.commons.entity.Entity;
+
+/**
+ * @author zhouhao
+ */
+public interface OAuth2AccessEntity extends OAuth2AccessToken, Entity {
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/OAuth2ClientEntity.java

@@ -18,15 +18,16 @@
 
 package org.hswebframework.web.authorization.oauth2.api.entity;
 
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
 import org.hswebframework.web.commons.entity.GenericEntity;
 import org.hswebframework.web.commons.entity.RecordCreationEntity;
 
-import java.util.List;
+import java.util.Set;
 
 /**
  * @author zhouhao
  */
-public interface OAuth2ClientEntity extends GenericEntity<String>, RecordCreationEntity {
+public interface OAuth2ClientEntity extends GenericEntity<String>, OAuth2Client, RecordCreationEntity {
 
     // client_id
     @Override
@@ -62,12 +63,13 @@ public interface OAuth2ClientEntity extends GenericEntity<String>, RecordCreatio
 
     void setType(String type);
 
-    List<String> getSupportGrantType();
+    Set<String> getSupportGrantTypes();
 
-    void setSupportGrantType(List<String> supportGrantType);
+    Set<String> getDefaultGrantScope();
 
-    default boolean grantTypeIsSupport(String grantType) {
-        if (getSupportGrantType() == null) return false;
-        return getSupportGrantType().contains(grantType) || getSupportGrantType().contains("*");
-    }
+    void setDefaultGrantScope(Set<String> defaultGrantScope);
+
+    void setSupportGrantTypes(Set<String> supportGrantType);
+
+    void setEnabled(Boolean enabled);
 }

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleAuthorizationCodeEntity.java

@@ -19,6 +19,8 @@
 package org.hswebframework.web.authorization.oauth2.api.entity;
 
 
+import java.util.Set;
+
 /**
  * @author zhouhao
  */
@@ -31,7 +33,7 @@ public class SimpleAuthorizationCodeEntity implements AuthorizationCodeEntity {
 
     private Long createTime;
 
-    private String scope;
+    private Set<String> scope;
 
     private String redirectUri;
 
@@ -43,11 +45,11 @@ public class SimpleAuthorizationCodeEntity implements AuthorizationCodeEntity {
         this.redirectUri = redirectUri;
     }
 
-    public String getScope() {
+    public Set<String> getScope() {
         return scope;
     }
 
-    public void setScope(String scope) {
+    public void setScope(Set<String> scope) {
         this.scope = scope;
     }
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleOAuth2AccessEntity.java

@@ -18,6 +18,8 @@
 
 package org.hswebframework.web.authorization.oauth2.api.entity;
 
+import java.util.Set;
+
 /**
  * TODO 完成注释
  *
@@ -27,19 +29,21 @@ public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
 
     private String clientId;
 
-    private String userId;
+    private String ownerId;
 
     private String accessToken;
 
     private String refreshToken;
 
-    private Long expiresIn;
+    private Integer expiresIn;
 
     private Long createTime;
 
     private Long updateTime;
 
-    private String scope;
+    private Set<String> scope;
+
+    private String grantType;
 
     @Override
     public String getClientId() {
@@ -52,13 +56,13 @@ public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
     }
 
     @Override
-    public String getUserId() {
-        return userId;
+    public String getOwnerId() {
+        return ownerId;
     }
 
     @Override
-    public void setUserId(String userId) {
-        this.userId = userId;
+    public void setOwnerId(String ownerId) {
+        this.ownerId = ownerId;
     }
 
     @Override
@@ -81,11 +85,11 @@ public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
         this.refreshToken = refreshToken;
     }
 
-    public Long getExpiresIn() {
+    public Integer getExpiresIn() {
         return expiresIn;
     }
 
-    public void setExpiresIn(Long expiresIn) {
+    public void setExpiresIn(Integer expiresIn) {
         this.expiresIn = expiresIn;
     }
 
@@ -110,13 +114,22 @@ public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
     }
 
     @Override
-    public String getScope() {
+    public Set<String> getScope() {
         return scope;
     }
 
     @Override
-    public void setScope(String scope) {
+    public void setScope(Set<String> scope) {
         this.scope = scope;
     }
 
+    @Override
+    public String getGrantType() {
+        return grantType;
+    }
+
+    @Override
+    public void setGrantType(String grantType) {
+        this.grantType = grantType;
+    }
 }

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleOAuth2ClientEntity.java

@@ -21,6 +21,7 @@ package org.hswebframework.web.authorization.oauth2.api.entity;
 import org.hswebframework.web.commons.entity.SimpleGenericEntity;
 
 import java.util.List;
+import java.util.Set;
 
 /**
  * @author zhouhao
@@ -42,7 +43,11 @@ public class SimpleOAuth2ClientEntity extends SimpleGenericEntity<String> implem
 
     private String describe;
 
-    private List<String> supportGrantType;
+    private Set<String> supportGrantType;
+
+    private Set<String> defaultGrantScope;
+
+    private Boolean enabled;
 
     public String getDescribe() {
         return describe;
@@ -117,12 +122,31 @@ public class SimpleOAuth2ClientEntity extends SimpleGenericEntity<String> implem
     }
 
     @Override
-    public List<String> getSupportGrantType() {
+    public Set<String> getSupportGrantTypes() {
         return supportGrantType;
     }
 
     @Override
-    public void setSupportGrantType(List<String> supportGrantType) {
+    public void setSupportGrantTypes(Set<String> supportGrantType) {
         this.supportGrantType = supportGrantType;
     }
+
+    @Override
+    public Set<String> getDefaultGrantScope() {
+        return defaultGrantScope;
+    }
+
+    @Override
+    public void setDefaultGrantScope(Set<String> defaultGrantScope) {
+        this.defaultGrantScope = defaultGrantScope;
+    }
+
+    @Override
+    public Boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(Boolean enabled) {
+        this.enabled = enabled;
+    }
 }

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/AuthorizationService.java

@@ -0,0 +1,27 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationService {
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/OAuth2AccessEntity.java

@@ -16,35 +16,36 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server;
 
-import org.hswebframework.web.commons.entity.Entity;
+import org.hibernate.validator.constraints.NotBlank;
+
+import javax.validation.constraints.NotNull;
+import java.util.Set;
 
 /**
+ * TODO 完成注释
+ *
  * @author zhouhao
  */
-public interface OAuth2AccessEntity extends Entity {
+public interface OAuth2AccessToken {
 
+    @NotBlank
     String getClientId();
 
     void setClientId(String clientId);
 
-    String getUserId();
-
-    void setUserId(String userId);
-
+    @NotBlank
     String getAccessToken();
 
     void setAccessToken(String accessToken);
 
+    @NotBlank
     String getRefreshToken();
 
     void setRefreshToken(String refreshToken);
 
-    Long getExpiresIn();
-
-    void setExpiresIn(Long expiresIn);
-
+    @NotNull
     Long getCreateTime();
 
     void setCreateTime(Long createTime);
@@ -53,9 +54,22 @@ public interface OAuth2AccessEntity extends Entity {
 
     void setUpdateTime(Long updateTime);
 
-    String getScope();
+    @NotNull
+    String getOwnerId();
+
+    void setOwnerId(String ownerId);
+
+    @NotNull
+    Integer getExpiresIn();
+
+    void setExpiresIn(Integer expiresIn);
+
+    Set<String> getScope();
 
-    void setScope(String scope);
+    void setScope(Set<String> scope);
 
+    @NotNull
+    String getGrantType();
 
-}
+    void setGrantType(String grantType);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/OAuth2Authorization.java

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class OAuth2Authorization {
+    private String userId;
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/TokenRequest.java

@@ -0,0 +1,35 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server;
+
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface TokenRequest {
+    default Optional<String> getParameter(String name) {
+        return Optional.ofNullable(getParameters().get(name));
+    }
+
+    Map<String, String> getParameters();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/client/OAuth2Client.java

@@ -0,0 +1,55 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.client;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Client {
+    String getId();
+
+    String getSecret();
+
+    String getName();
+
+    String getRedirectUri();
+
+    String getOwnerId();
+
+    Long getCreateTime();
+
+    Boolean isEnabled();
+
+    /**
+     * @return 客户端支持的认证类型
+     * @see org.hswebframework.web.oauth2.core.GrantType
+     */
+    Set<String> getSupportGrantTypes();
+
+    Set<String> getDefaultGrantScope();
+
+    default boolean isSupportGrantType(String grantType) {
+        Set<String> supports = getSupportGrantTypes();
+        return supports != null && (supports.contains(grantType) || supports.contains("*"));
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/client/OAuth2ClientService.java

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.client;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2ClientService {
+    OAuth2Client getClientById(String id);
+
+    OAuth2Client getClientByOwnerId(String ownerId);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/exception/GrantTokenException.java

@@ -0,0 +1,41 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.exception;
+
+import org.hswebframework.web.oauth2.core.ErrorType;
+
+/**
+ * @author zhouhao
+ */
+public class GrantTokenException extends RuntimeException {
+    private ErrorType errorType;
+
+    public GrantTokenException(ErrorType errorType) {
+        this(errorType, errorType.message());
+    }
+
+    public GrantTokenException(ErrorType errorType, String message) {
+        super(message);
+        this.errorType = errorType;
+    }
+
+    public ErrorType getErrorType() {
+        return errorType;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/AbstractAuthorizationService.java

@@ -0,0 +1,92 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2ClientService;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
+import org.hswebframework.web.oauth2.core.ErrorType;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public abstract class AbstractAuthorizationService {
+    protected AccessTokenService  accessTokenService;
+    protected OAuth2ClientService clientService;
+
+    public AccessTokenService getAccessTokenService() {
+        return accessTokenService;
+    }
+
+    public void setAccessTokenService(AccessTokenService accessTokenService) {
+        this.accessTokenService = accessTokenService;
+    }
+
+    public OAuth2ClientService getClientService() {
+        return clientService;
+    }
+
+    public void setClientService(OAuth2ClientService clientService) {
+        this.clientService = clientService;
+    }
+
+    protected void assertGrantTypeSupport(OAuth2Client client, String grantType) {
+        if (!client.isSupportGrantType(grantType)) {
+            throw new GrantTokenException(UNSUPPORTED_GRANT_TYPE);
+        }
+    }
+
+    protected void assertParameterNotBlank(String parameter, ErrorType type) {
+        if (null == parameter || parameter.isEmpty()) {
+            throw new GrantTokenException(type);
+        }
+    }
+
+    protected OAuth2Client getClient(String clientId, String clientSecret) {
+        OAuth2Client client = getClient(clientId);
+        if (!client.getSecret().equals(clientSecret)) {
+            throw new GrantTokenException(ILLEGAL_CLIENT_SECRET);
+        }
+        return client;
+    }
+
+    protected OAuth2Client checkClient(OAuth2Client client) {
+        if (client == null) {
+            throw new GrantTokenException(CLIENT_NOT_EXIST);
+        }
+        if (Boolean.TRUE != client.isEnabled()) {
+            throw new GrantTokenException(CLIENT_DISABLED);
+        }
+        return client;
+    }
+
+    protected OAuth2Client getClientByOwnerId(String ownerId) {
+        return checkClient(clientService.getClientByOwnerId(ownerId));
+    }
+
+    protected OAuth2Client getClient(String clientId) {
+        return checkClient(clientService.getClientById(clientId));
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/DefaultOAuth2Granter.java

@@ -0,0 +1,115 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeTokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.client.ClientCredentialRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.client.ClientCredentialGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.refresh.RefreshTokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.refresh.RefreshTokenGranter;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.ILLEGAL_GRANT_TYPE;
+import static org.hswebframework.web.oauth2.core.ErrorType.UNSUPPORTED_GRANT_TYPE;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultOAuth2Granter implements OAuth2Granter {
+
+    private Map<String, Granter> supportGranter = new HashMap<>(5);
+
+    public DefaultOAuth2Granter addAuthorizationCodeSupport(AuthorizationCodeGranter authorizationCodeService) {
+        return addGranter(GrantType.authorization_code, AuthorizationCodeTokenRequest.class, authorizationCodeService::requestToken);
+    }
+
+    public DefaultOAuth2Granter addRefreshTokenSupport(RefreshTokenGranter refreshTokenGranter) {
+        return addGranter(GrantType.refresh_token, RefreshTokenRequest.class, refreshTokenGranter::refreshToken);
+    }
+
+    public DefaultOAuth2Granter addClientCredentialSupport(ClientCredentialGranter clientCredentialGranter) {
+        return addGranter(GrantType.client_credentials, ClientCredentialRequest.class, clientCredentialGranter::requestToken);
+    }
+
+    public DefaultOAuth2Granter addPasswordSupport(PasswordGranter passwordGranter) {
+        return addGranter(GrantType.password, PasswordRequest.class, passwordGranter::requestToken);
+    }
+
+    public DefaultOAuth2Granter addImplicitSupport(ImplicitGranter implicitGranter) {
+        return addGranter(GrantType.implicit, ImplicitRequest.class, implicitGranter::requestToken);
+    }
+
+    private <R extends TokenRequest> DefaultOAuth2Granter addGranter(String grantType, Class<R> tokenRequestType, Function<R, OAuth2AccessToken> granterService) {
+        supportGranter.put(grantType, Granter.build(tokenRequestType, granterService));
+        return this;
+    }
+
+    @Override
+    public OAuth2AccessToken grant(String grantType, TokenRequest request) {
+        assertParameterNotBlank(grantType, ILLEGAL_GRANT_TYPE);
+        Granter granter = supportGranter.get(grantType);
+        if (granter == null) {
+            throw new GrantTokenException(UNSUPPORTED_GRANT_TYPE);
+        }
+        return granter.grant(request);
+    }
+
+    private void assertParameterNotBlank(String parameter, ErrorType type) {
+        if (null == parameter || parameter.isEmpty()) {
+            throw new GrantTokenException(type);
+        }
+    }
+
+    static class Granter<R extends TokenRequest> {
+        Class<R> tokenRequestType;
+
+        Function<R, OAuth2AccessToken> granterService;
+
+        OAuth2AccessToken grant(TokenRequest request) {
+            if (!tokenRequestType.isInstance(request)) {
+                throw new UnsupportedOperationException("AuthorizationRequest must instanceof  " + tokenRequestType);
+            }
+            return granterService.apply(tokenRequestType.cast(request));
+        }
+
+        static <R extends TokenRequest> Granter<R> build(Class<R> tokenRequestType, Function<R, OAuth2AccessToken> granterService) {
+            Granter<R> granter = new Granter<>();
+            granter.tokenRequestType = tokenRequestType;
+            granter.granterService = granterService;
+            return granter;
+        }
+
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/HttpTokenRequest.java

@@ -0,0 +1,122 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.WebUtil;
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+import org.hswebframwork.utils.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpTokenRequest implements TokenRequest {
+
+    protected Map<String, String> parameters;
+    protected Map<String, String> headers;
+    protected Set<String>         scope;
+
+    protected ClientCredentials clientCredentials;
+
+    public HttpTokenRequest(HttpServletRequest request) {
+        this.parameters = WebUtil.getParameters(request);
+        this.headers = WebUtil.getHeaders(request);
+        String clientId = parameters.get(OAuth2Constants.client_id);
+        String clientSecret = parameters.get(OAuth2Constants.client_secret);
+        String authorization = headers.get(OAuth2Constants.authorization);
+        clientCredentials = getClientCredentials(clientId, clientSecret, authorization);
+
+        this.scope = getParameter(OAuth2Constants.scope)
+                .filter(Objects::nonNull)
+                .map(scope -> new HashSet<>(Arrays.asList(scope.split("[, \n]"))))
+                .orElseGet(HashSet::new);
+    }
+
+    @Override
+    public Map<String, String> getParameters() {
+        return parameters;
+    }
+
+    protected class ClientCredentials {
+        private String principal;
+        private String credentials;
+
+        public ClientCredentials(String principal, String credentials) {
+            this.principal = principal;
+            this.credentials = credentials;
+        }
+
+        public String getPrincipal() {
+            return principal;
+        }
+
+        public String getCredentials() {
+            return credentials;
+        }
+    }
+
+    protected ClientCredentials getClientCredentials(String principal, String credentials, String authorization) {
+        if ((principal == null || credentials == null) && authorization == null) {
+            return null;
+        }
+        if (authorization != null && !authorization.isEmpty()) {
+            String[] decodeCredentials = decodeClientAuthenticationHeader(authorization);
+            if (decodeCredentials.length > 1) {
+                principal = decodeCredentials[0];
+                credentials = decodeCredentials[1];
+            } else {
+                credentials = decodeCredentials[0];
+            }
+        }
+        return new ClientCredentials(principal, credentials);
+    }
+
+
+    protected String[] decodeClientAuthenticationHeader(String authenticationHeader) {
+        if (StringUtils.isNullOrEmpty(authenticationHeader)) {
+            return null;
+        } else {
+            String[] tokens = authenticationHeader.split(" ");
+            if (tokens.length != 2) {
+                return null;
+            } else {
+                String authType = tokens[0];
+                if (!"basic".equalsIgnoreCase(authType)) {
+                    return ErrorType.OTHER.throwThis(GrantTokenException::new, "authentication " + authType + " not support!");
+                } else {
+                    String encodedCreds = tokens[1];
+                    return decodeBase64EncodedCredentials(encodedCreds);
+                }
+            }
+        }
+    }
+
+    protected String[] decodeBase64EncodedCredentials(String encodedCredentials) {
+        String decodedCredentials = new String(Base64.getDecoder().decode(encodedCredentials));
+        String[] credentials = decodedCredentials.split(":", 2);
+        return credentials.length != 2 ? null : (!StringUtils.isNullOrEmpty(credentials[0]) && !StringUtils.isNullOrEmpty(credentials[1]) ? credentials : null);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/OAuth2Granter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Granter {
+    OAuth2AccessToken grant(String grantType, TokenRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/ClientCredentialGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ClientCredentialGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(ClientCredentialRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/ClientCredentialRequest.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface ClientCredentialRequest extends TokenRequest {
+    String getClientId();
+
+    String getClientSecret();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/DefaultClientCredentialGranter.java

@@ -0,0 +1,57 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultClientCredentialGranter extends AbstractAuthorizationService implements ClientCredentialGranter {
+
+    @Override
+    public OAuth2AccessToken requestToken(ClientCredentialRequest request) {
+        String clientId = request.getClientId();
+        String clientSecret = request.getClientSecret();
+
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+        assertParameterNotBlank(clientSecret, ILLEGAL_CLIENT_SECRET);
+
+        OAuth2Client client = getClient(clientId, clientSecret);
+        assertGrantTypeSupport(client, GrantType.client_credentials);
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        // 设置自定义的属性,其他属性在create的时候已经被设置
+        accessToken.setOwnerId(client.getOwnerId());
+        accessToken.setExpiresIn(3600);
+        accessToken.setScope(client.getDefaultGrantScope());
+        accessToken.setClientId(client.getId());
+        accessToken.setGrantType(GrantType.client_credentials);
+
+        //保存token
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/client/HttpClientCredentialRequest.java

@@ -0,0 +1,50 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.client;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author zhouhao
+ */
+public class HttpClientCredentialRequest extends HttpTokenRequest implements ClientCredentialRequest {
+    public HttpClientCredentialRequest(HttpServletRequest request) {
+        super(request);
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new, "missing parameter:" + OAuth2Constants.client_id + "," + OAuth2Constants.client_secret + "," + OAuth2Constants.authorization);
+
+            //throw new GrantTokenException(ErrorType.OTHER, "missing parameter:" + OAuth2Constants.client_id + "," + OAuth2Constants.client_secret + "," + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getClientId() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getClientSecret() {
+        return clientCredentials.getCredentials();
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/AuthorizationCodeEntity.java

@@ -16,16 +16,15 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.support.code;
 
-import org.hswebframework.web.commons.entity.Entity;
+import java.util.Set;
 
 /**
- * TODO 完成注释
  *
  * @author zhouhao
  */
-public interface AuthorizationCodeEntity extends Entity {
+public interface AuthorizationCode {
     String getClientId();
 
     void setClientId(String clientId);
@@ -42,9 +41,9 @@ public interface AuthorizationCodeEntity extends Entity {
 
     void setCreateTime(Long createTime);
 
-    String getScope();
+    Set<String> getScope();
 
-    void setScope(String scope);
+    void setScope(Set<String> scope);
 
     String getRedirectUri();
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(AuthorizationCodeTokenRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeRequest.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeRequest {
+    String getClientId();
+
+    String getUserId();
+
+    Set<String> getScope();
+
+    String getRedirectUri();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeService.java

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeService {
+    String createAuthorizationCode(AuthorizationCodeRequest request);
+
+    AuthorizationCode consumeAuthorizationCode(String code);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/AuthorizationCodeTokenRequest.java

@@ -0,0 +1,40 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeTokenRequest extends TokenRequest {
+    String getCode();
+
+    String getClientId();
+
+    String getClientSecret();
+
+    Set<String> getScope();
+
+    String getRedirectUri();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/DefaultAuthorizationCodeGranter.java

@@ -0,0 +1,86 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultAuthorizationCodeGranter extends AbstractAuthorizationService implements AuthorizationCodeGranter {
+
+    //默认有效时间为10分钟
+    private long codeTimeOut = 10 * 60 * 1000;
+
+    private AuthorizationCodeService authorizationCodeService;
+
+    public DefaultAuthorizationCodeGranter(AuthorizationCodeService authorizationCodeService) {
+        this.authorizationCodeService = authorizationCodeService;
+    }
+
+    public void setCodeTimeOut(long codeTimeOut) {
+        this.codeTimeOut = codeTimeOut;
+    }
+
+    @Override
+    public OAuth2AccessToken requestToken(AuthorizationCodeTokenRequest request) {
+        String clientId = request.getClientId();
+        String clientSecret = request.getClientSecret();
+        String code = request.getCode();
+        String redirectUri = request.getRedirectUri();
+
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+        assertParameterNotBlank(clientSecret, ILLEGAL_CLIENT_SECRET);
+        assertParameterNotBlank(code, ILLEGAL_CODE);
+        assertParameterNotBlank(redirectUri, ILLEGAL_REDIRECT_URI);
+
+        OAuth2Client client = getClient(clientId, clientSecret);
+        assertGrantTypeSupport(client, GrantType.authorization_code);
+
+        AuthorizationCode authorizationCode = authorizationCodeService.consumeAuthorizationCode(code);
+        if (authorizationCode == null) {
+            throw new GrantTokenException(ErrorType.ILLEGAL_CODE);
+        }
+        if (System.currentTimeMillis() - authorizationCode.getCreateTime() > codeTimeOut) {
+            throw new GrantTokenException(ErrorType.EXPIRED_CODE);
+        }
+        // TODO: 17-5-3  验证redirect_uri
+        //验证redirect_uri
+        if (!redirectUri.equals(authorizationCode.getRedirectUri())) {
+            //   throw new GrantTokenException(ILLEGAL_REDIRECT_URI);
+        }
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        accessToken.setGrantType(GrantType.authorization_code);
+        accessToken.setScope(authorizationCode.getScope());
+        accessToken.setOwnerId(authorizationCode.getUserId());
+        accessToken.setExpiresIn(3600);
+        accessToken.setClientId(clientId);
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/HttpAuthorizationCodeRequest.java

@@ -0,0 +1,63 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpAuthorizationCodeRequest extends HttpTokenRequest implements AuthorizationCodeRequest {
+    private String userId;
+
+    public HttpAuthorizationCodeRequest(String userId, HttpServletRequest request) {
+        super(request);
+        this.userId = userId;
+    }
+
+    @Override
+    public String getClientId() {
+        return getParameter(OAuth2Constants.client_id)
+                .orElseThrow(() -> new GrantTokenException(ErrorType.ILLEGAL_CLIENT_ID));
+    }
+
+    @Override
+    public String getUserId() {
+        return userId;
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+
+    @Override
+    public String getRedirectUri() {
+        return getParameter(OAuth2Constants.redirect_uri).orElse(null);
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/code/HttpAuthorizationCodeTokenRequest.java

@@ -0,0 +1,67 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.code;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpAuthorizationCodeTokenRequest extends HttpTokenRequest implements AuthorizationCodeTokenRequest {
+
+    public HttpAuthorizationCodeTokenRequest(HttpServletRequest request) {
+        super(request);
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new, "missing parameter:" + OAuth2Constants.client_id + "," + OAuth2Constants.client_secret + "," + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getCode() {
+        return getParameter(OAuth2Constants.code).orElse(null);
+    }
+
+    @Override
+    public String getClientId() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getClientSecret() {
+        return clientCredentials.getCredentials();
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+
+    @Override
+    public String getRedirectUri() {
+        return getParameter(OAuth2Constants.redirect_uri).orElse(null);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/DefaultImplicitGranter.java

@@ -0,0 +1,69 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.Set;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultImplicitGranter extends AbstractAuthorizationService implements ImplicitGranter {
+
+    @Override
+    public OAuth2AccessToken requestToken(ImplicitRequest request) {
+        String clientId = request.getClientId();
+        Set<String> scope = request.getScope();
+
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+
+        OAuth2Client client = getClient(clientId);
+        assertGrantTypeSupport(client, GrantType.implicit);
+        if (scope == null || scope.isEmpty())
+            scope = client.getDefaultGrantScope();
+        if (!client.getDefaultGrantScope().containsAll(scope)) {
+            throw new GrantTokenException(SCOPE_OUT_OF_RANGE);
+        }
+        if (!client.getRedirectUri().equals(request.getRedirectUri())) {
+            throw new GrantTokenException(ILLEGAL_REDIRECT_URI);
+        }
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        accessToken.setGrantType(GrantType.implicit);
+        accessToken.setScope(scope);
+        accessToken.setOwnerId(client.getOwnerId());
+        accessToken.setExpiresIn(3600);
+        accessToken.setClientId(clientId);
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/HttpImplicitRequest.java

@@ -0,0 +1,55 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpImplicitRequest extends HttpTokenRequest implements ImplicitRequest {
+
+    public HttpImplicitRequest(HttpServletRequest request) {
+        super(request);
+    }
+
+    @Override
+    public String getClientId() {
+        return getParameter(OAuth2Constants.client_id)
+                .orElseThrow(ErrorType.ILLEGAL_CLIENT_ID.throwThis(GrantTokenException::new));
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+
+    @Override
+    public String getRedirectUri() {
+        return getParameter(OAuth2Constants.redirect_uri).orElse(null);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/ImplicitGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ImplicitGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(ImplicitRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/implicit/ImplicitRequest.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.implicit;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ImplicitRequest extends TokenRequest {
+    String getClientId();
+
+    Set<String> getScope();
+
+    String getRedirectUri();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/DefaultPasswordGranter.java

@@ -0,0 +1,74 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitRequest;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.Set;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultPasswordGranter extends AbstractAuthorizationService implements PasswordGranter {
+    private PasswordService passwordService;
+
+    public DefaultPasswordGranter(PasswordService passwordService) {
+        this.passwordService = passwordService;
+    }
+
+    @Override
+    public OAuth2AccessToken requestToken(PasswordRequest request) {
+        String username = request.getUsername();
+        String password = request.getPassword();
+        Set<String> scope = request.getScope();
+
+        assertParameterNotBlank(username, ILLEGAL_USERNAME);
+        assertParameterNotBlank(password, ILLEGAL_PASSWORD);
+
+        String userId = passwordService.getUserIdByUsernameAndPassword(username, password);
+
+        assertParameterNotBlank(userId, USER_NOT_EXIST);
+
+        OAuth2Client client = getClientByOwnerId(userId);
+        assertGrantTypeSupport(client, GrantType.implicit);
+        if (scope == null || scope.isEmpty())
+            scope = client.getDefaultGrantScope();
+        if (!client.getDefaultGrantScope().containsAll(scope)) {
+            throw new GrantTokenException(SCOPE_OUT_OF_RANGE);
+        }
+
+        OAuth2AccessToken accessToken = accessTokenService.createToken();
+        accessToken.setGrantType(GrantType.password);
+        accessToken.setScope(scope);
+        accessToken.setOwnerId(userId);
+        accessToken.setExpiresIn(3600);
+        accessToken.setClientId(client.getId());
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/HttpPasswordRequest.java

@@ -0,0 +1,58 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * @author zhouhao
+ */
+public class HttpPasswordRequest extends HttpTokenRequest implements PasswordRequest {
+    public HttpPasswordRequest(HttpServletRequest request) {
+        super(request);
+        clientCredentials = getClientCredentials(
+                parameters.get(OAuth2Constants.username),
+                parameters.get(OAuth2Constants.password),
+                headers.get(OAuth2Constants.authorization));
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new, "missing parameter:" + OAuth2Constants.username + "," + OAuth2Constants.password + "," + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getUsername() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getPassword() {
+        return clientCredentials.getCredentials();
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface PasswordGranter extends AuthorizationService {
+    OAuth2AccessToken requestToken(PasswordRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordRequest.java

@@ -0,0 +1,34 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * @author zhouhao
+ */
+public interface PasswordRequest extends TokenRequest {
+    String getUsername();
+
+    String getPassword();
+
+    Set<String> getScope();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/password/PasswordService.java

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.password;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface PasswordService {
+    String getUserIdByUsernameAndPassword(String username, String password);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java

@@ -0,0 +1,78 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
+
+import java.util.Set;
+
+import static org.hswebframework.web.oauth2.core.ErrorType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class DefaultRefreshTokenGranter extends AbstractAuthorizationService implements RefreshTokenGranter {
+
+    //默认有效时间为1年
+    private long refreshTokenTimeOut = 1 * 365 * 24 * 60 * 60 * 1000;
+
+    public void setRefreshTokenTimeOut(long refreshTokenTimeOut) {
+        this.refreshTokenTimeOut = refreshTokenTimeOut;
+    }
+
+    @Override
+    public OAuth2AccessToken refreshToken(RefreshTokenRequest request) {
+        String clientId = request.getClientId();
+        String clientSecret = request.getClientSecret();
+        String refreshToken = request.getRefreshToken();
+        assertParameterNotBlank(clientId, ILLEGAL_CLIENT_ID);
+        assertParameterNotBlank(clientSecret, ILLEGAL_CLIENT_SECRET);
+        assertParameterNotBlank(refreshToken, ILLEGAL_REFRESH_TOKEN);
+
+        OAuth2Client client = getClient(clientId, clientSecret);
+        assertGrantTypeSupport(client, GrantType.refresh_token);
+
+        OAuth2AccessToken accessToken = accessTokenService.getTokenByRefreshToken(refreshToken);
+        if (accessToken == null) {
+            throw new GrantTokenException(ILLEGAL_REFRESH_TOKEN);
+        }
+        if (System.currentTimeMillis() - accessToken.getCreateTime() > refreshTokenTimeOut) {
+            throw new GrantTokenException(EXPIRED_REFRESH_TOKEN);
+        }
+        Set<String> newRange = request.getScope() != null ? request.getScope() : accessToken.getScope();
+        if (!accessToken.getScope().containsAll(newRange)) {
+            throw new GrantTokenException(ErrorType.SCOPE_OUT_OF_RANGE);
+        }
+        accessToken.setAccessToken(accessTokenService.createToken().getAccessToken());
+        accessToken.setScope(newRange);
+        accessToken.setUpdateTime(System.currentTimeMillis());
+        return accessTokenService.saveOrUpdateToken(accessToken);
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/HttpRefreshTokenRequest.java

@@ -0,0 +1,66 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.HttpTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.OAuth2Constants;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class HttpRefreshTokenRequest extends HttpTokenRequest implements RefreshTokenRequest {
+
+    public HttpRefreshTokenRequest(HttpServletRequest request) {
+        super(request);
+        if (clientCredentials == null) {
+            ErrorType.OTHER.throwThis(GrantTokenException::new,
+                    "missing parameter:"
+                            + OAuth2Constants.client_id + ","
+                            + OAuth2Constants.client_secret + ","
+                            + OAuth2Constants.authorization);
+        }
+    }
+
+    @Override
+    public String getClientId() {
+        return clientCredentials.getPrincipal();
+    }
+
+    @Override
+    public String getClientSecret() {
+        return clientCredentials.getCredentials();
+    }
+
+    @Override
+    public String getRefreshToken() {
+        return getParameter(OAuth2Constants.refresh_token).orElse(null);
+    }
+
+    @Override
+    public Set<String> getScope() {
+        return scope;
+    }
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/RefreshTokenGranter.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.AuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface RefreshTokenGranter extends AuthorizationService {
+    OAuth2AccessToken refreshToken(RefreshTokenRequest request);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/RefreshTokenRequest.java

@@ -0,0 +1,38 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.support.refresh;
+
+import org.hswebframework.web.authorization.oauth2.server.TokenRequest;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface RefreshTokenRequest extends TokenRequest {
+    String getClientId();
+
+    String getClientSecret();
+
+    String getRefreshToken();
+
+    Set<String> getScope();
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/token/AccessTokenService.java

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.server.token;
+
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AccessTokenService {
+    OAuth2AccessToken createToken();
+
+    OAuth2AccessToken getTokenByRefreshToken(String refreshToken);
+
+    OAuth2AccessToken getTokenByAccessToken(String accessToken);
+
+    OAuth2AccessToken saveOrUpdateToken(OAuth2AccessToken token);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/pom.xml

@@ -36,5 +36,10 @@
             <artifactId>hsweb-authorization-api</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
     </dependencies>
 </project>

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/exception/OAuth2RequestException.java

@@ -19,23 +19,23 @@
 package org.hswebframework.web.authorization.oauth2.client.exception;
 
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.oauth2.core.ErrorType;
 
 /**
- *
  * @author zhouhao
  */
 public class OAuth2RequestException extends RuntimeException {
-    OAuth2Response.ErrorType errorType;
+    ErrorType errorType;
 
     OAuth2Response response;
 
-    public OAuth2RequestException(OAuth2Response.ErrorType errorType, OAuth2Response response) {
+    public OAuth2RequestException(ErrorType errorType, OAuth2Response response) {
         super(errorType.name());
         this.errorType = errorType;
         this.response = response;
     }
 
-    public OAuth2Response.ErrorType getErrorType() {
+    public ErrorType getErrorType() {
         return errorType;
     }
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-client/src/main/java/org/hswebframework/web/authorization/oauth2/client/response/OAuth2Response.java

@@ -19,6 +19,7 @@
 package org.hswebframework.web.authorization.oauth2.client.response;
 
 import org.hswebframework.web.authorization.oauth2.client.exception.OAuth2RequestException;
+import org.hswebframework.web.oauth2.core.ErrorType;
 
 import java.util.List;
 import java.util.function.BiConsumer;
@@ -29,24 +30,6 @@ import java.util.function.BiConsumer;
  * @author zhouhao
  */
 public interface OAuth2Response {
-    enum ErrorType {
-        ILLEGAL_CODE, //错误的授权码
-        ILLEGAL_ACCESS_TOKEN, //错误的access_token
-        ILLEGAL_CLIENT_ID,//客户端信息错误
-        ILLEGAL_CLIENT_SECRET,//客户端信息错误
-        ILLEGAL_GRANT_TYPE, //错误的授权方式
-        ILLEGAL_RESPONSE_TYPE,//response_type 错误
-        ILLEGAL_AUTHORIZATION,//Authorization 错误
-        ILLEGAL_REFRESH_TOKEN,//refresh_token 错误
-        ILLEGAL_REDIRECT_URI, //redirect_url 错误
-        UNAUTHORIZED_CLIENT, //无权限
-        EXPIRED_TOKEN, //TOKEN过期
-        INVALID_TOKEN, //TOKEN已失效
-        UNSUPPORTED_GRANT_TYPE, //不支持的认证类型
-        UNSUPPORTED_RESPONSE_TYPE, //不支持的响应类型
-        ACCESS_DENIED, //访问被拒绝
-        OTHER //其他错误
-    }
 
     /**
      * @return 结果转为字符串

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/pom.xml

@@ -24,15 +24,11 @@
         <artifactId>hsweb-authorization-oauth2</artifactId>
         <groupId>org.hswebframework.web</groupId>
         <version>3.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
-    <artifactId>hsweb-authorization-oauth2-server</artifactId>
-    <dependencies>
-        <dependency>
-            <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-commons-entity</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-    </dependencies>
+    <artifactId>hsweb-authorization-oauth2-core</artifactId>
+
+
 </project>

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-core/src/main/java/org/hswebframework/web/oauth2/core/ErrorType.java

@@ -0,0 +1,99 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.core;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import java.util.function.Supplier;
+import java.util.stream.Collectors;
+
+public enum ErrorType {
+    ILLEGAL_CODE(1001), //错误的授权码
+    ILLEGAL_ACCESS_TOKEN(1002), //错误的access_token
+    ILLEGAL_CLIENT_ID(1003),//客户端信息错误
+    ILLEGAL_CLIENT_SECRET(1004),//客户端密钥错误
+    ILLEGAL_GRANT_TYPE(1005), //错误的授权方式
+    ILLEGAL_RESPONSE_TYPE(1006),//response_type 错误
+    ILLEGAL_AUTHORIZATION(1007),//Authorization 错误
+    ILLEGAL_REFRESH_TOKEN(1008),//refresh_token 错误
+    ILLEGAL_REDIRECT_URI(1009), //redirect_url 错误
+    ILLEGAL_SCOPE(1010), //scope 错误
+    ILLEGAL_USERNAME(1011), //username 错误
+    ILLEGAL_PASSWORD(1012), //password 错误
+
+    SCOPE_OUT_OF_RANGE(2010), //scope超出范围
+
+    UNAUTHORIZED_CLIENT(4010), //无权限
+    EXPIRED_TOKEN(4011), //TOKEN过期
+    INVALID_TOKEN(4012), //TOKEN已失效
+    UNSUPPORTED_GRANT_TYPE(4013), //不支持的认证类型
+    UNSUPPORTED_RESPONSE_TYPE(4014), //不支持的响应类型
+
+    EXPIRED_CODE(4015), //AUTHORIZATION_CODE过期
+    EXPIRED_REFRESH_TOKEN(4020), //AUTHORIZATION_CODE过期
+
+    CLIENT_DISABLED(4016),//客户端已被禁用
+
+    CLIENT_NOT_EXIST(4040),//客户端不存在
+
+    USER_NOT_EXIST(4041),//客户端不存在
+
+    ACCESS_DENIED(503), //访问被拒绝
+    OTHER(5001); //其他错误 ;
+
+    private final String message;
+    private final int    code;
+    static final Map<Integer, ErrorType> codeMapping = Arrays.stream(ErrorType.values())
+            .collect(Collectors.toMap(ErrorType::code, type -> type));
+
+    ErrorType(int code) {
+        this.code = code;
+        message = this.name().toLowerCase();
+    }
+
+    ErrorType(int code, String message) {
+        this.message = message;
+        this.code = code;
+    }
+
+    public String message() {
+        if (message == null) return this.name();
+        return message;
+    }
+
+    public int code() {
+        return code;
+    }
+
+    public <T> T throwThis(Function<ErrorType, ? extends RuntimeException> errorTypeFunction) {
+        throw errorTypeFunction.apply(this);
+    }
+
+    public <T> T throwThis(BiFunction<ErrorType, String, ? extends RuntimeException> errorTypeFunction, String message) {
+        throw errorTypeFunction.apply(this, message);
+    }
+
+    public static Optional<ErrorType> fromCode(int code) {
+        return Optional.ofNullable(codeMapping.get(code));
+    }
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-core/src/main/java/org/hswebframework/web/oauth2/core/GrantType.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.core;
+
+/**
+ *
+ * @author zhouhao
+ */
+public interface GrantType {
+    String authorization_code = "authorization_code";
+    String implicit           = "implicit";
+    String password           = "password";
+    String client_credentials = "client_credentials";
+    String refresh_token      = "refresh_token";
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-core/src/main/java/org/hswebframework/web/oauth2/core/OAuth2Constants.java

@@ -0,0 +1,41 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.core;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2Constants {
+    String access_token  = "access_token";
+    String refresh_token = "refresh_token";
+    String grant_type    = "grant_type";
+    String scope         = "scope";
+    String client_id     = "client_id";
+    String client_secret = "client_secret";
+    String authorization = "Authorization";
+    String redirect_uri  = "redirect_uri";
+    String response_type = "response_type";
+    String state         = "state";
+    String code          = "code";
+    String username      = "username";
+    String password      = "password";
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-core/src/main/java/org/hswebframework/web/oauth2/core/ResponseType.java

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.core;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface ResponseType {
+    String code  = "code";
+    String token = "token";
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-resource-server/pom.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~  Copyright 2016 http://www.hswebframework.org
+  ~
+  ~  Licensed under the Apache License, Version 2.0 (the "License");
+  ~  you may not use this file except in compliance with the License.
+  ~  You may obtain a copy of the License at
+  ~
+  ~        http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  ~
+  ~
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-authorization-oauth2</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-authorization-oauth2-resource-server</artifactId>
+
+
+</project>

hsweb-authorization/hsweb-authorization-oauth2/pom.xml

@@ -12,8 +12,10 @@
     <artifactId>hsweb-authorization-oauth2</artifactId>
     <packaging>pom</packaging>
     <modules>
-        <module>hsweb-authorization-oauth2-server</module>
+        <module>hsweb-authorization-oauth2-auth-server</module>
         <module>hsweb-authorization-oauth2-client</module>
+        <module>hsweb-authorization-oauth2-resource-server</module>
+        <module>hsweb-authorization-oauth2-core</module>
     </modules>
 
 

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/FieldAccessAnnotationMethodInterceptor.java

@@ -67,7 +67,9 @@ public class FieldAccessAnnotationMethodInterceptor extends AuthorizingAnnotatio
             }
             RequiresFieldAccess accessAnn = ((RequiresFieldAccess) a);
             MethodInterceptorParamContext context = holder.createParamContext();
-            Authentication authentication = Authentication.current().orElseThrow(AuthorizationException::new);
+            Authentication authentication = Authentication
+                    .current()
+                    .orElseThrow(AuthorizationException::new);
             
             String permission = accessAnn.permission();
             Permission permissionInfo = authentication.getPermission(permission);

hsweb-commons/hsweb-commons-dao/hsweb-commons-dao-mybatis/src/main/java/org/hswebframework/web/dao/mybatis/handler/JsonSetHandler.java

@@ -32,48 +32,48 @@ import java.util.Set;
 @Alias("jsonSetHandler")
 @MappedTypes({Set.class})
 @MappedJdbcTypes({JdbcType.VARCHAR, JdbcType.CLOB})
-public class JsonSetHandler extends BaseTypeHandler<Set<Object>> {
+public class JsonSetHandler extends BaseTypeHandler<Set> {
 
     @Override
-    public Set<Object> getResult(ResultSet rs, int columnIndex) throws SQLException {
+    public Set getResult(ResultSet rs, int columnIndex) throws SQLException {
         String s = rs.getString(columnIndex);
-        return new HashSet<>(JSON.parseArray(s));
+        return JSON.parseObject(s, Set.class);
     }
 
     @Override
-    public Set<Object> getResult(ResultSet rs, String columnName) throws SQLException {
+    public Set getResult(ResultSet rs, String columnName) throws SQLException {
         String s = rs.getString(columnName);
-        return new HashSet<>(JSON.parseArray(s));
+        return JSON.parseObject(s, Set.class);
     }
 
     @Override
-    public Set<Object> getResult(CallableStatement cs, int columnIndex) throws SQLException {
+    public Set getResult(CallableStatement cs, int columnIndex) throws SQLException {
         String s = cs.getString(columnIndex);
-        return new HashSet<>(JSON.parseArray(s));
+        return JSON.parseObject(s, Set.class);
     }
 
     @Override
-    public void setParameter(PreparedStatement ps, int i, Set<Object> parameter, JdbcType jdbcType) throws SQLException {
+    public void setParameter(PreparedStatement ps, int i, Set parameter, JdbcType jdbcType) throws SQLException {
         ps.setString(i, JSON.toJSONString(parameter, SerializerFeature.WriteClassName));
     }
 
     @Override
-    public void setNonNullParameter(PreparedStatement ps, int i, Set<Object> parameter, JdbcType jdbcType) throws SQLException {
+    public void setNonNullParameter(PreparedStatement ps, int i, Set parameter, JdbcType jdbcType) throws SQLException {
         ps.setString(i, "[]");
     }
 
     @Override
-    public Set<Object> getNullableResult(ResultSet rs, String columnName) throws SQLException {
+    public Set getNullableResult(ResultSet rs, String columnName) throws SQLException {
         return new HashSet<>();
     }
 
     @Override
-    public Set<Object> getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
+    public Set getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
         return new HashSet<>();
     }
 
     @Override
-    public Set<Object> getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
+    public Set getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
         return new HashSet<>();
     }
 }

hsweb-commons/hsweb-commons-entity/src/main/java/org/hswebframework/web/commons/entity/TreeSupportEntity.java

@@ -23,11 +23,11 @@ import org.hswebframework.web.id.IDGenerator;
 import org.hswebframwork.utils.RandomUtil;
 import org.hswebframwork.utils.StringUtils;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.function.BiConsumer;
+import java.util.function.Consumer;
+import java.util.function.Function;
+import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 public interface TreeSupportEntity<PK> extends GenericEntity<PK> {
@@ -115,17 +115,48 @@ public interface TreeSupportEntity<PK> extends GenericEntity<PK> {
      * @return 树形结构集合
      */
     static <T extends TreeSupportEntity<PK>, PK> List<T> list2tree(Collection<T> dataList, BiConsumer<T, List<T>> childAccepter) {
+        return list2tree(dataList, childAccepter, (Function<RootNodePredicate<T, PK>, Predicate<T>>) predicate -> node -> node == null || predicate.getNode(node.getParentId()) == null);
+    }
+
+    static <T extends TreeSupportEntity<PK>, PK> List<T> list2tree(Collection<T> dataList,
+                                                                   BiConsumer<T, List<T>> childAccepter,
+                                                                   Predicate<T> rootNodePredicate) {
+        return list2tree(dataList, childAccepter, (Function<RootNodePredicate<T, PK>, Predicate<T>>) predicate -> rootNodePredicate);
+    }
+
+    static <T extends TreeSupportEntity<PK>, PK> List<T> list2tree(Collection<T> dataList,
+                                                                   BiConsumer<T, List<T>> childAccepter,
+                                                                   Function<RootNodePredicate<T, PK>, Predicate<T>> predicateFunction) {
         // id,obj
         Map<PK, T> cache = new HashMap<>();
         // parentId,children
         Map<PK, List<T>> treeCache = dataList.parallelStream()
                 .peek(node -> cache.put(node.getId(), node))
                 .collect(Collectors.groupingBy(TreeSupportEntity::getParentId));
+
+        Predicate<T> rootNodePredicate = predicateFunction.apply(new RootNodePredicate<T, PK>() {
+            @Override
+            public List<T> getChildren(PK parentId) {
+                return treeCache.get(parentId);
+            }
+
+            @Override
+            public T getNode(PK id) {
+                return cache.get(id);
+            }
+        });
+
         return dataList.parallelStream()
                 //设置每个节点的子节点
                 .peek(node -> childAccepter.accept(node, treeCache.get(node.getId())))
                 //获取根节点
-                .filter(node -> node.getParentId() == null || cache.get(node.getParentId()) == null)
+                .filter(rootNodePredicate)
                 .collect(Collectors.toList());
     }
+
+    interface RootNodePredicate<T, PK> {
+        List<T> getChildren(PK parentId);
+
+        T getNode(PK id);
+    }
 }

hsweb-commons/hsweb-commons-utils/src/main/java/org/hswebframework/web/WebUtil.java

@@ -23,6 +23,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -46,6 +47,16 @@ public class WebUtil {
         }
     }
 
+    public static Map<String, String> getParameters(HttpServletRequest request) {
+        Map<String, String> parameters = new HashMap<>();
+        Enumeration enumeration = request.getParameterNames();
+        while (enumeration.hasMoreElements()) {
+            String name = String.valueOf(enumeration.nextElement());
+            parameters.put(name, request.getParameter(name));
+        }
+        return parameters;
+    }
+
     public static Map<String, String> getHeaders(HttpServletRequest request) {
         Map<String, String> map = new LinkedHashMap<>();
         Enumeration<String> enumeration = request.getHeaderNames();

hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-client/src/main/resources/static/login.html

@@ -34,12 +34,12 @@
         var uri = getRequest()["redirect"];
         if (!uri) uri = "/";
         window.open('/oauth2/boot/hsweb-oauth-server?redirect=' + uri);
-        var clientId = "hsweb_oauth2_example";
+        var principal = "hsweb_oauth2_example";
 //        var api = "http://localhost:8080/oauth2/login.html";
 //        //申请一个state
 //        doAjax("GET", "/oauth2/state", {}, function (e) {
 //            if (e) {
-//                window.open(api + "?client_id=" + clientId + "&response_type=code&state=" + e.result + "&redirect_uri="
+//                window.open(api + "?client_id=" + principal + "&response_type=code&state=" + e.result + "&redirect_uri="
 //                    + escape("http://localhost:8808/oauth2/callback/hsweb-oauth-server/?redirect=" + uri))
 //            }
 //        });

hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-server/src/main/java/org/hswebframework/web/example/oauth2/OAuth2ServerApplication.java

@@ -41,13 +41,14 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.jdbc.datasource.DataSourceUtils;
 
 import javax.sql.DataSource;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
 
 /**
  * TODO 完成注释
@@ -155,7 +156,8 @@ public class OAuth2ServerApplication implements CommandLineRunner {
         // 这里与 hsweb-examples-oauth2-client 的回调地址对应
         clientEntity.setRedirectUri("http://localhost:8808/oauth2/callback/hsweb");
         clientEntity.setCreateTime(System.currentTimeMillis());
-        clientEntity.setSupportGrantType(Arrays.asList("*"));
+        clientEntity.setSupportGrantTypes(new HashSet<>(Collections.singletonList("*")));
+        clientEntity.setEnabled(true);
         oAuth2ClientDao.insert(clientEntity);
     }
 

hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java

@@ -58,6 +58,7 @@ import javax.sql.DataSource;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.util.Arrays;
+import java.util.Collections;
 
 /**
  * TODO 完成注释
@@ -192,7 +193,7 @@ public class SpringBootExample implements CommandLineRunner {
         clientEntity.setCreatorId("admin");
         clientEntity.setRedirectUri("http://localhost");
         clientEntity.setCreateTime(System.currentTimeMillis());
-        clientEntity.setSupportGrantType(Arrays.asList("*"));
+        clientEntity.setSupportGrantTypes(Collections.singleton("*"));
         oAuth2ClientDao.insert(clientEntity);
     }
 }

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-api/src/main/java/org/hswebframework/web/service/oauth2.client/request/ResponseJudge.java

@@ -19,10 +19,11 @@
 package org.hswebframework.web.service.oauth2.client.request;
 
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.oauth2.core.ErrorType;
 
 /**
  * @author zhouhao
  */
 public interface ResponseJudge {
-    OAuth2Response.ErrorType judge(OAuth2Response response);
+    ErrorType judge(OAuth2Response response);
 }

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/provider/HswebResponseJudgeSupport.java

@@ -21,6 +21,7 @@ package org.hswebframework.web.service.oauth2.client.simple.provider;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.oauth2.core.ErrorType;
 import org.hswebframework.web.service.oauth2.client.request.ProviderSupport;
 import org.hswebframework.web.service.oauth2.client.request.definition.ResponseJudgeForProviderDefinition;
 import org.springframework.stereotype.Component;
@@ -35,14 +36,6 @@ import java.util.Map;
  */
 @Component
 public class HswebResponseJudgeSupport implements ResponseJudgeForProviderDefinition {
-    static Map<Integer, OAuth2Response.ErrorType> errorTypeMap = new HashMap<>();
-
-    static {
-        // success
-        errorTypeMap.put(401, OAuth2Response.ErrorType.ILLEGAL_RESPONSE_TYPE);
-        errorTypeMap.put(500, OAuth2Response.ErrorType.ILLEGAL_RESPONSE_TYPE);
-
-    }
 
     @Override
     public String getProvider() {
@@ -50,16 +43,19 @@ public class HswebResponseJudgeSupport implements ResponseJudgeForProviderDefini
     }
 
     @Override
-    public OAuth2Response.ErrorType judge(OAuth2Response response) {
+    public ErrorType judge(OAuth2Response response) {
         String result = response.asString();
-        if (result == null) return OAuth2Response.ErrorType.OTHER;
+        if (result == null) return ErrorType.OTHER;
         JSONObject jsonRes = JSON.parseObject(result);
         Integer status = jsonRes.getInteger("status");
         if (status == null && response.status() == 200) return null;
         if (status != null) {
             if (status == 200) return null;
-            return errorTypeMap.getOrDefault(status, OAuth2Response.ErrorType.OTHER);
+            return ErrorType.fromCode(status).orElse(ErrorType.OTHER);
+        }
+        if (jsonRes.get("message") != null) {
+            return ErrorType.valueOf(jsonRes.getString("message"));
         }
-        return errorTypeMap.getOrDefault(response.status(), OAuth2Response.ErrorType.OTHER);
+        return null;
     }
 }

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/provider/RemoteAuthentication.java

@@ -18,7 +18,6 @@
 
 package org.hswebframework.web.service.oauth2.client.simple.provider;
 
-import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.Permission;

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/request/SimpleOAuth2Response.java

@@ -21,6 +21,7 @@ package org.hswebframework.web.service.oauth2.client.simple.request;
 import org.hswebframework.expands.request.http.Response;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
 import org.hswebframework.web.authorization.oauth2.client.response.ResponseConvert;
+import org.hswebframework.web.oauth2.core.ErrorType;
 import org.hswebframework.web.service.oauth2.client.request.ResponseConvertHandler;
 import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 import org.slf4j.Logger;

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/main/java/org/hswebframework/web/service/oauth2/client/starter/DefaultResponseJudge.java

@@ -19,9 +19,11 @@
 package org.hswebframework.web.service.oauth2.client.starter;
 
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.oauth2.core.ErrorType;
 import org.hswebframework.web.service.oauth2.client.request.ResponseJudge;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.List;
 import java.util.stream.Collectors;
 
 /**
@@ -30,15 +32,15 @@ import java.util.stream.Collectors;
  * @author zhouhao
  */
 public class DefaultResponseJudge implements ResponseJudge {
-    private static List<OAuth2Response.ErrorType> errorTypes = Arrays.stream(OAuth2Response.ErrorType.values())
-            .filter(errorType -> errorType != OAuth2Response.ErrorType.OTHER)
+    private static List<ErrorType> errorTypes = Arrays.stream(ErrorType.values())
+            .filter(errorType -> errorType != ErrorType.OTHER)
             .collect(Collectors.toList());
 
     @Override
-    public OAuth2Response.ErrorType judge(OAuth2Response response) {
+    public ErrorType judge(OAuth2Response response) {
         if (response.status() == 200) return null;
         String result = response.asString();
-        if (result == null) return OAuth2Response.ErrorType.OTHER;
+        if (result == null) return ErrorType.OTHER;
         return errorTypes.stream()
                 .filter(errorType -> result.contains(errorType.name().toLowerCase()))
                 .findAny().orElse(null);

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/test/java/org/hswebframework/web/starter/oauth2/client/OAuth2ServerConfigTests.java

@@ -98,7 +98,7 @@ public class OAuth2ServerConfigTests extends SimpleWebApplicationTests {
         Assert.assertNotNull(result.getJSONObject("result"));
 
         Assert.assertEquals(fastJsonHttpMessageConverter.converter(entity),
-                fastJsonHttpMessageConverter.converter(result.getObject("data", entityFactory.getInstanceType(OAuth2ServerConfigEntity.class))));
+                fastJsonHttpMessageConverter.converter(result.getObject("result", entityFactory.getInstanceType(OAuth2ServerConfigEntity.class))));
         //todo 修改测试属性
         OAuth2ServerConfigEntity newEntity = entityFactory.newInstance(OAuth2ServerConfigEntity.class);
         newEntity.setName("test2");

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-starter/src/test/java/org/hswebframework/web/starter/oauth2/client/QQResponseJudgeSupport.java

@@ -21,6 +21,7 @@ package org.hswebframework.web.starter.oauth2.client;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
+import org.hswebframework.web.oauth2.core.ErrorType;
 import org.hswebframework.web.service.oauth2.client.request.definition.ResponseJudgeForProviderDefinition;
 import org.springframework.stereotype.Component;
 
@@ -34,7 +35,7 @@ import java.util.Map;
  */
 @Component
 public class QQResponseJudgeSupport implements ResponseJudgeForProviderDefinition {
-    static Map<String, OAuth2Response.ErrorType> errorTypeMap = new HashMap<>();
+    static Map<String, ErrorType> errorTypeMap = new HashMap<>();
 
     static {
         /*
@@ -43,25 +44,25 @@ public class QQResponseJudgeSupport implements ResponseJudgeForProviderDefinitio
         // success
         errorTypeMap.put("0", null);
 
-        errorTypeMap.put("100000", OAuth2Response.ErrorType.ILLEGAL_RESPONSE_TYPE);
-        errorTypeMap.put("100001", OAuth2Response.ErrorType.ILLEGAL_CLIENT_ID);
+        errorTypeMap.put("100000", ErrorType.ILLEGAL_RESPONSE_TYPE);
+        errorTypeMap.put("100001", ErrorType.ILLEGAL_CLIENT_ID);
         // missing
-        errorTypeMap.put("100002", OAuth2Response.ErrorType.ILLEGAL_CLIENT_SECRET);
-        errorTypeMap.put("100003", OAuth2Response.ErrorType.ILLEGAL_AUTHORIZATION);
-        errorTypeMap.put("100004", OAuth2Response.ErrorType.ILLEGAL_GRANT_TYPE);
-        errorTypeMap.put("100005", OAuth2Response.ErrorType.ILLEGAL_CODE);
-        errorTypeMap.put("100006", OAuth2Response.ErrorType.ILLEGAL_REFRESH_TOKEN);
-        errorTypeMap.put("100007", OAuth2Response.ErrorType.ILLEGAL_ACCESS_TOKEN);
+        errorTypeMap.put("100002", ErrorType.ILLEGAL_CLIENT_SECRET);
+        errorTypeMap.put("100003", ErrorType.ILLEGAL_AUTHORIZATION);
+        errorTypeMap.put("100004", ErrorType.ILLEGAL_GRANT_TYPE);
+        errorTypeMap.put("100005", ErrorType.ILLEGAL_CODE);
+        errorTypeMap.put("100006", ErrorType.ILLEGAL_REFRESH_TOKEN);
+        errorTypeMap.put("100007", ErrorType.ILLEGAL_ACCESS_TOKEN);
         //param error
-        errorTypeMap.put("100009", OAuth2Response.ErrorType.ILLEGAL_CLIENT_SECRET);
-        errorTypeMap.put("100010", OAuth2Response.ErrorType.ILLEGAL_REDIRECT_URI);
-        errorTypeMap.put("100013", OAuth2Response.ErrorType.ILLEGAL_ACCESS_TOKEN);
-        errorTypeMap.put("100014", OAuth2Response.ErrorType.EXPIRED_TOKEN);
-        errorTypeMap.put("100015", OAuth2Response.ErrorType.INVALID_TOKEN);
+        errorTypeMap.put("100009", ErrorType.ILLEGAL_CLIENT_SECRET);
+        errorTypeMap.put("100010", ErrorType.ILLEGAL_REDIRECT_URI);
+        errorTypeMap.put("100013", ErrorType.ILLEGAL_ACCESS_TOKEN);
+        errorTypeMap.put("100014", ErrorType.EXPIRED_TOKEN);
+        errorTypeMap.put("100015", ErrorType.INVALID_TOKEN);
 
-        errorTypeMap.put("100016", OAuth2Response.ErrorType.ILLEGAL_ACCESS_TOKEN);
+        errorTypeMap.put("100016", ErrorType.ILLEGAL_ACCESS_TOKEN);
 
-        errorTypeMap.put("100019", OAuth2Response.ErrorType.ILLEGAL_CODE);
+        errorTypeMap.put("100019", ErrorType.ILLEGAL_CODE);
 
     }
 
@@ -71,9 +72,9 @@ public class QQResponseJudgeSupport implements ResponseJudgeForProviderDefinitio
     }
 
     @Override
-    public OAuth2Response.ErrorType judge(OAuth2Response response) {
+    public ErrorType judge(OAuth2Response response) {
         String result = response.asString();
-        if (result == null) return OAuth2Response.ErrorType.OTHER;
+        if (result == null) return ErrorType.OTHER;
         if (result.contains("callback(")) {
             result = result.substring("callback(".length(), result.length() - 3);
         }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/pom.xml

@@ -42,9 +42,15 @@
         </dependency>
         <dependency>
             <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-authorization-oauth2-server</artifactId>
+            <artifactId>hsweb-authorization-oauth2-auth-server</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <optional>true</optional>
+        </dependency>
         <!--<dependency>-->
             <!--<groupId>org.apache.oltu.oauth2</groupId>-->
             <!--<artifactId>org.apache.oltu.oauth2.authzserver</artifactId>-->

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizeController.java

@@ -25,11 +25,20 @@ import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
 import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.support.OAuth2Granter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.HttpAuthorizationCodeRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.HttpImplicitRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitRequest;
+import org.hswebframework.web.oauth2.core.GrantType;
 import org.hswebframework.web.oauth2.model.AuthorizationCodeModel;
 import org.hswebframework.web.oauth2.model.ImplicitAccessTokenModel;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * TODO 完成注释
@@ -42,19 +51,25 @@ import javax.annotation.Resource;
 public class OAuth2AuthorizeController {
 
     @Resource
-    private OAuth2ServerService oAuth2ServerService;
+    private AuthorizationCodeService authorizationCodeService;
+
+    @Resource
+    private OAuth2Granter oAuth2Granter;
 
 
     @GetMapping(params = "response_type=code")
     @ApiOperation("登录用户获取OAuth2.0授权码")
     @Authorize
     public AuthorizationCodeModel requestCode(
-            @RequestParam("client_id") String clientId,
             @RequestParam("redirect_uri") String redirectUri,
-            @RequestParam(value = "scope", required = false) String scope,
-            @RequestParam(value = "state", required = false) String state) {
+            @RequestParam(value = "state", required = false) String state,
+            HttpServletRequest request) {
         Authentication authentication = Authentication.current().orElseThrow(AuthorizeException::new);
-        String code = oAuth2ServerService.requestCode(clientId, authentication.getUser().getId(), scope,redirectUri);
+
+        AuthorizationCodeRequest codeRequest = new HttpAuthorizationCodeRequest(authentication.getUser().getId(), request);
+
+        String code = authorizationCodeService.createAuthorizationCode(codeRequest);
+
         AuthorizationCodeModel model = new AuthorizationCodeModel();
         model.setCode(code);
         model.setRedirectUri(redirectUri);
@@ -66,19 +81,18 @@ public class OAuth2AuthorizeController {
     @GetMapping(params = "response_type=token")
     @ApiOperation("implicit方式授权")
     public ImplicitAccessTokenModel authorizeByImplicit(
-            @RequestParam(value = "client_id") String client_id,
             @RequestParam(value = "redirect_uri") String redirect_uri,
             @RequestParam(value = "state") String state,
-            @RequestParam(value = "scope", required = false) String scope) {
+            HttpServletRequest request) {
+
+        ImplicitRequest implicitRequest = new HttpImplicitRequest(request);
+        OAuth2AccessToken accessToken = oAuth2Granter.grant(GrantType.implicit, implicitRequest);
 
-        // TODO: 17-4-7  用户是否为当前登录的用户,而非client绑定的用户?
-        // TODO: 17-3-6  validate redirect_uri
-        OAuth2AccessEntity accessEntity = oAuth2ServerService.requestTokenByImplicit(client_id, scope);
         ImplicitAccessTokenModel model = new ImplicitAccessTokenModel();
         model.setState(state);
         model.setToken_type("example");
-        model.setAccess_token(accessEntity.getAccessToken());
-        model.setExpires_in(accessEntity.getExpiresIn());
+        model.setAccess_token(accessToken.getAccessToken());
+        model.setExpires_in(accessToken.getExpiresIn());
         model.setRedirect_uri(redirect_uri);
         return model;
     }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2TokenController.java

@@ -19,17 +19,24 @@
 package org.hswebframework.web.authorization.oauth2.controller;
 
 import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import org.apache.commons.codec.binary.Base64;
-import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
-import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.exception.GrantTokenException;
+import org.hswebframework.web.authorization.oauth2.server.support.OAuth2Granter;
+import org.hswebframework.web.authorization.oauth2.server.support.client.HttpClientCredentialRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.code.HttpAuthorizationCodeTokenRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.HttpImplicitRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.password.HttpPasswordRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.refresh.HttpRefreshTokenRequest;
+import org.hswebframework.web.oauth2.core.ErrorType;
+import org.hswebframework.web.oauth2.core.GrantType;
 import org.hswebframework.web.oauth2.model.AccessTokenModel;
-import org.springframework.util.Assert;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
-
-import static org.springframework.util.StringUtils.isEmpty;
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * @author zhouhao
@@ -40,120 +47,47 @@ import static org.springframework.util.StringUtils.isEmpty;
 public class OAuth2TokenController {
 
     @Resource
-    private OAuth2ServerService oAuth2ServerService;
-
-    @PostMapping(params = "grant_type=authorization_code")
-    @ApiOperation("authorization_code方式授权")
-    public AccessTokenModel authorizeByCode(
-            @RequestParam("code") String code,
-            @RequestParam(value = "client_id", required = false) String clientId,
-            @RequestParam(value = "client_secret", required = false) String clientSecret,
-            @RequestParam(value = "redirect_uri") String redirect_uri,
-            @RequestHeader(value = "Authorization", required = false) String authorization,
-            @RequestParam(value = "scope", required = false) String scope) {
-
-        String[] clientCredentials = getClientCredentials(clientId, clientSecret, authorization);
-        clientId = clientCredentials[0];
-        clientSecret = clientCredentials[1];
-        AccessTokenModel model = entityToModel(oAuth2ServerService.requestTokenByCode(code, clientId, clientSecret, scope, redirect_uri));
-        return model;
-    }
-
-    @PostMapping(params = "grant_type=client_credentials")
-    @ApiOperation("client_credentials方式授权")
-    public AccessTokenModel authorizeByClientCredentials(
-            @RequestParam(value = "client_id", required = false) String clientId,
-            @RequestParam(value = "client_secret", required = false) String clientSecret,
-            @RequestHeader(value = "Authorization", required = false) String authorization) {
-        String[] clientCredentials = getClientCredentials(clientId, clientSecret, authorization);
-        clientId = clientCredentials[0];
-        clientSecret = clientCredentials[1];
-        AccessTokenModel model = entityToModel(oAuth2ServerService.requestTokenByClientCredential(clientId, clientSecret));
-        return model;
-    }
-
-    @PostMapping(params = "grant_type=password")
-    @ApiOperation("password方式授权")
-    public AccessTokenModel authorizeByPassword(
-            @RequestParam(value = "username") String username,
-            @RequestParam(value = "password") String password,
-            @RequestHeader(value = "Authorization", required = false) String authorization) {
-        String[] clientCredentials = getClientCredentials(username, password, authorization);
-        username = clientCredentials[0];
-        password = clientCredentials[1];
-        AccessTokenModel model = entityToModel(oAuth2ServerService.requestTokenByPassword(username, password));
-        return model;
-    }
-
-    @PostMapping(params = "grant_type=refresh_token")
-    @ApiOperation("刷新授权码")
-    public AccessTokenModel refreshToken(
-            @RequestHeader(value = "Authorization", required = false) String authorization,
-            @RequestParam(value = "client_id", required = false) String clientId,
-            @RequestParam(value = "client_secret", required = false) String clientSecret,
-            @RequestParam(value = "refresh_token") String refreshToken,
-            @RequestParam(value = "scope", required = false) String scope) {
-
-        String[] clientCredentials = getClientCredentials(clientId, clientSecret, authorization);
-        clientId = clientCredentials[0];
-        clientSecret = clientCredentials[1];
-
-        AccessTokenModel model = entityToModel(oAuth2ServerService.refreshToken(clientId, clientSecret, refreshToken, scope));
-        return model;
-    }
-
-    protected String[] getClientCredentials(String clientId, String clientSecret, String authorization) {
-        if ((clientId == null || clientSecret == null) && authorization == null) {
-            throw new IllegalArgumentException("authorization error!");
-        }
-        if (!isEmpty(authorization)) {
-            String[] creds = decodeClientAuthenticationHeader(authorization);
-            Assert.notNull(creds, "");
-            if (creds.length > 1) {
-                clientId = creds[0];
-                clientSecret = creds[1];
-            } else {
-                clientSecret = creds[0];
-            }
+    private OAuth2Granter oAuth2Granter;
+
+    @PostMapping
+    public AccessTokenModel requestToken(
+            @RequestParam("grant_type") String grant_type,
+            HttpServletRequest request) {
+        OAuth2AccessToken accessToken = null;
+        switch (grant_type) {
+            case GrantType.authorization_code:
+                accessToken = oAuth2Granter.grant(GrantType.authorization_code, new HttpAuthorizationCodeTokenRequest(request));
+                break;
+            case GrantType.client_credentials:
+                accessToken = oAuth2Granter.grant(GrantType.client_credentials, new HttpClientCredentialRequest(request));
+                break;
+            case GrantType.implicit:
+                accessToken = oAuth2Granter.grant(GrantType.implicit, new HttpImplicitRequest(request));
+                break;
+            case GrantType.password:
+                accessToken = oAuth2Granter.grant(GrantType.password, new HttpPasswordRequest(request));
+                break;
+            case GrantType.refresh_token:
+                accessToken = oAuth2Granter.grant(GrantType.refresh_token, new HttpRefreshTokenRequest(request));
+                break;
+            default:
+                ErrorType.UNSUPPORTED_GRANT_TYPE.throwThis(GrantTokenException::new);
         }
-        Assert.hasLength(clientId, "");
-        Assert.hasLength(clientSecret, "");
-        return new String[]{clientId, clientSecret};
+        return entityToModel(accessToken);
     }
 
-    protected AccessTokenModel entityToModel(OAuth2AccessEntity entity) {
+
+    protected AccessTokenModel entityToModel(OAuth2AccessToken token) {
         AccessTokenModel model = new AccessTokenModel();
-        model.setAccess_token(entity.getAccessToken());
-        model.setRefresh_token(entity.getRefreshToken());
-        model.setExpires_in(entity.getExpiresIn());
-        model.setScope(entity.getScope());
+        model.setAccess_token(token.getAccessToken());
+        model.setRefresh_token(token.getRefreshToken());
+        model.setExpires_in(token.getExpiresIn());
+        if (token.getScope() != null)
+            model.setScope(token.getScope().stream().reduce((t1, t2) -> t1.concat(",").concat(t2)).orElse(""));
+        else
+            model.setScope("public");
         model.setToken_type("bearer");
         return model;
     }
 
-
-    protected static String[] decodeClientAuthenticationHeader(String authenticationHeader) {
-        if (isEmpty(authenticationHeader)) {
-            return null;
-        } else {
-            String[] tokens = authenticationHeader.split(" ");
-            if (tokens.length != 2) {
-                return null;
-            } else {
-                String authType = tokens[0];
-                if (!"basic".equalsIgnoreCase(authType)) {
-                    return null;
-                } else {
-                    String encodedCreds = tokens[1];
-                    return decodeBase64EncodedCredentials(encodedCreds);
-                }
-            }
-        }
-    }
-
-    protected static String[] decodeBase64EncodedCredentials(String encodedCreds) {
-        String decodedCreds = new String(Base64.decodeBase64(encodedCreds));
-        String[] creds = decodedCreds.split(":", 2);
-        return creds.length != 2 ? null : (!isEmpty(creds[0]) && !isEmpty(creds[1]) ? creds : null);
-    }
 }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2UserInfoController.java

@@ -26,6 +26,8 @@ import org.hswebframework.web.authorization.AuthenticationHolder;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
 import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
 import org.hswebframework.web.oauth2.model.AuthorizationCodeModel;
 import org.hswebframework.web.oauth2.model.ImplicitAccessTokenModel;
 import org.springframework.web.bind.annotation.*;
@@ -42,26 +44,26 @@ import javax.annotation.Resource;
 @RequestMapping("${hsweb.web.mappings.oauth2-auth-info:oauth2/user-auth-info}")
 public class OAuth2UserInfoController {
 
+
     @Resource
-    private OAuth2ServerService oAuth2ServerService;
+    private AccessTokenService accessTokenService;
 
     @GetMapping
     @ApiOperation("根据accessToken获取用户信息")
     public Authentication getLoginUser(@RequestParam("access_token") String access_token) {
-        OAuth2AccessEntity auth2AccessEntity = oAuth2ServerService.getAccessToken(access_token);
+        OAuth2AccessToken auth2AccessEntity = accessTokenService.getTokenByAccessToken(access_token);
         if (null == auth2AccessEntity) {
             throw new AuthorizeException();
         }
-        return AuthenticationHolder.get(auth2AccessEntity.getUserId());
+        return AuthenticationHolder.get(auth2AccessEntity.getOwnerId());
     }
 
-
     @GetMapping("/{userId}")
     @ApiOperation("根据accessToken获取用户信息")
     public Authentication getUserById(
             @PathVariable("userId") String userId,
             @RequestParam("access_token") String access_token) {
-        OAuth2AccessEntity auth2AccessEntity = oAuth2ServerService.getAccessToken(access_token);
+        OAuth2AccessToken auth2AccessEntity = accessTokenService.getTokenByAccessToken(access_token);
         if (null == auth2AccessEntity) {
             throw new AuthorizeException();
         }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-dao/hsweb-system-oauth2-server-dao-api/pom.xml

@@ -37,7 +37,7 @@
         </dependency>
         <dependency>
             <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-authorization-oauth2-server</artifactId>
+            <artifactId>hsweb-authorization-oauth2-auth-server</artifactId>
             <version>${project.version}</version>
         </dependency>
     </dependencies>

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-dao/hsweb-system-oauth2-server-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/oauth2/OAuth2AccessMapper.xml

@@ -24,13 +24,13 @@
 <mapper namespace="org.hswebframework.web.dao.oauth2.OAuth2AccessDao">
     <resultMap id="OAuth2AccessResultMap" type="org.hswebframework.web.authorization.oauth2.api.entity.SimpleOAuth2AccessEntity">
         <result property="clientId" column="client_id" javaType="String" jdbcType="VARCHAR"/>
-        <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="ownerId" column="owner_id" javaType="String" jdbcType="VARCHAR"/>
         <result property="accessToken" column="access_token" javaType="String" jdbcType="VARCHAR"/>
-        <result property="expiresIn" column="expires_in" javaType="Long" jdbcType="NUMERIC"/>
+        <result property="expiresIn" column="expires_in" javaType="Integer" jdbcType="NUMERIC"/>
         <result property="refreshToken" column="refresh_token" javaType="String" jdbcType="VARCHAR"/>
         <result property="createTime" column="create_time" javaType="Long" jdbcType="NUMERIC"/>
         <result property="updateTime" column="update_time" javaType="Long" jdbcType="NUMERIC"/>
-        <result property="scope" column="scope" javaType="String" jdbcType="VARCHAR"/>
+        <result property="scope" column="scope" javaType="java.util.Set" jdbcType="VARCHAR"/>
     </resultMap>
 
     <!--用于动态生成sql所需的配置-->

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-dao/hsweb-system-oauth2-server-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/oauth2/OAuth2ClientMapper.xml

@@ -32,7 +32,9 @@
         <result property="creatorId" column="creator_id" javaType="String" jdbcType="VARCHAR"/>
         <result property="redirectUri" column="redirect_uri" javaType="String" jdbcType="VARCHAR"/>
         <result property="createTime" column="create_time" javaType="Long" jdbcType="NUMERIC"/>
-        <result property="supportGrantType" column="support_grant_type" javaType="java.util.List" jdbcType="VARCHAR"/>
+        <result property="supportGrantType" column="support_grant_type" javaType="java.util.Set" jdbcType="VARCHAR"/>
+        <result property="defaultGrantScope" column="default_grant_scope" javaType="java.util.Set" jdbcType="VARCHAR"/>
+        <result property="enabled" column="enabled" javaType="Boolean" jdbcType="NUMERIC"/>
     </resultMap>
 
     <!--用于动态生成sql所需的配置-->

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-dao/hsweb-system-oauth2-server-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/oauth2/OAuth2CodeMapper.xml

@@ -27,7 +27,7 @@
         <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
         <result property="code" column="code" javaType="String" jdbcType="VARCHAR"/>
         <result property="createTime" column="create_time" javaType="Long" jdbcType="NUMERIC"/>
-        <result property="scope" column="scope" javaType="String" jdbcType="VARCHAR"/>
+        <result property="scope" column="scope" javaType="java.util.Set" jdbcType="VARCHAR"/>
         <result property="redirectUri" column="redirect_uri" javaType="String" jdbcType="VARCHAR"/>
     </resultMap>
 

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-model/src/main/java/org/hswebframework/web/oauth2/model/AccessTokenModel.java

@@ -33,7 +33,7 @@ public class AccessTokenModel implements Model {
 
     private String token_type;
 
-    private Long expires_in;
+    private Integer expires_in;
 
     private String scope;
 
@@ -69,11 +69,11 @@ public class AccessTokenModel implements Model {
         this.token_type = token_type;
     }
 
-    public Long getExpires_in() {
+    public Integer getExpires_in() {
         return expires_in;
     }
 
-    public void setExpires_in(Long expires_in) {
+    public void setExpires_in(Integer expires_in) {
         this.expires_in = expires_in;
     }
 }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-model/src/main/java/org/hswebframework/web/oauth2/model/ImplicitAccessTokenModel.java

@@ -30,7 +30,7 @@ public class ImplicitAccessTokenModel implements Model {
 
     private String token_type;
 
-    private Long expires_in;
+    private Integer expires_in;
 
     private String state;
 
@@ -68,11 +68,11 @@ public class ImplicitAccessTokenModel implements Model {
         this.token_type = token_type;
     }
 
-    public Long getExpires_in() {
+    public Integer getExpires_in() {
         return expires_in;
     }
 
-    public void setExpires_in(Long expires_in) {
+    public void setExpires_in(Integer expires_in) {
         this.expires_in = expires_in;
     }
 }

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/pom.xml

@@ -46,5 +46,9 @@
             <artifactId>hsweb-system-oauth2-server-dao-api</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
     </dependencies>
 </project>

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/CodeGenerator.java

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface CodeGenerator {
+    String generate();
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/OAuth2GranterAutoConfiguration.java

@@ -0,0 +1,162 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2ClientService;
+import org.hswebframework.web.authorization.oauth2.server.support.AbstractAuthorizationService;
+import org.hswebframework.web.authorization.oauth2.server.support.DefaultOAuth2Granter;
+import org.hswebframework.web.authorization.oauth2.server.support.client.ClientCredentialGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.client.DefaultClientCredentialGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.authorization.oauth2.server.support.code.DefaultAuthorizationCodeGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.DefaultImplicitGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.implicit.ImplicitGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.password.DefaultPasswordGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordGranter;
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordService;
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
+import org.hswebframework.web.commons.entity.factory.EntityFactory;
+import org.hswebframework.web.dao.oauth2.AuthorizationCodeDao;
+import org.hswebframework.web.dao.oauth2.OAuth2AccessDao;
+import org.hswebframework.web.dao.oauth2.OAuth2ClientDao;
+import org.hswebframework.web.service.authorization.UserService;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@Configuration
+public class OAuth2GranterAutoConfiguration {
+
+    @Autowired(required = false)
+    private CodeGenerator codeGenerator;
+
+    @Autowired(required = false)
+    private TokenGenerator tokenGenerator;
+
+    @ConditionalOnMissingBean(AuthorizationCodeService.class)
+    @Bean
+    public SimpleAuthorizationCodeService simpleAuthorizationCodeService(AuthorizationCodeDao authorizationCodeDao,
+                                                                         EntityFactory entityFactory) {
+        return new SimpleAuthorizationCodeService(authorizationCodeDao, entityFactory)
+                .setCodeGenerator(codeGenerator);
+    }
+
+    @ConditionalOnMissingBean(OAuth2ClientService.class)
+    @Bean
+    public SimpleClientService simpleClientService(OAuth2ClientDao oAuth2ClientDao) {
+        return new SimpleClientService(oAuth2ClientDao);
+    }
+
+    @ConditionalOnMissingBean(PasswordService.class)
+    @Bean
+    public SimplePasswordService simplePasswordService(UserService userService) {
+        return new SimplePasswordService(userService);
+    }
+
+    @ConditionalOnMissingBean(AccessTokenService.class)
+    @Bean
+    public SimpleAccessTokenService simpleAccessTokenService(OAuth2AccessDao oAuth2AccessDao, EntityFactory entityFactory) {
+        return new SimpleAccessTokenService(oAuth2AccessDao, entityFactory)
+                .setTokenGenerator(tokenGenerator);
+    }
+
+    @Configuration
+    public static class OAuth2GranterConfiguration {
+        @Autowired
+        private AuthorizationCodeService authorizationCodeService;
+        @Autowired
+        private OAuth2ClientService      oAuth2ClientService;
+        @Autowired
+        private AccessTokenService       accessTokenService;
+        @Autowired
+        private PasswordService          passwordService;
+
+        private <T extends AbstractAuthorizationService> T setProperty(T abstractAuthorizationService) {
+            abstractAuthorizationService.setAccessTokenService(accessTokenService);
+            abstractAuthorizationService.setClientService(oAuth2ClientService);
+            return abstractAuthorizationService;
+        }
+
+        @Bean
+        @ConditionalOnMissingBean(AuthorizationCodeGranter.class)
+        public AuthorizationCodeGranter authorizationCodeGranter() {
+            return setProperty(new DefaultAuthorizationCodeGranter(authorizationCodeService));
+        }
+
+        @Bean
+        @ConditionalOnMissingBean(ClientCredentialGranter.class)
+        public ClientCredentialGranter clientCredentialGranter() {
+            return setProperty(new DefaultClientCredentialGranter());
+        }
+
+        @Bean
+        @ConditionalOnMissingBean(PasswordGranter.class)
+        public PasswordGranter passwordGranter() {
+            return setProperty(new DefaultPasswordGranter(passwordService));
+        }
+
+        @Bean
+        @ConditionalOnMissingBean(ImplicitGranter.class)
+        public ImplicitGranter implicitGranter() {
+            return setProperty(new DefaultImplicitGranter());
+        }
+
+    }
+
+    @Bean
+    public AutoSettingOAuth2Granter autoSettingOAuth2Granter() {
+        return new AutoSettingOAuth2Granter();
+    }
+
+    class AutoSettingOAuth2Granter extends DefaultOAuth2Granter implements BeanPostProcessor {
+        @Override
+        public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
+            if (bean instanceof AuthorizationCodeGranter) {
+                addAuthorizationCodeSupport(((AuthorizationCodeGranter) bean));
+            }
+            if (bean instanceof ClientCredentialGranter) {
+                addClientCredentialSupport(((ClientCredentialGranter) bean));
+            }
+            if (bean instanceof PasswordGranter) {
+                addPasswordSupport(((PasswordGranter) bean));
+            }
+            if (bean instanceof ImplicitGranter) {
+                addImplicitSupport(((ImplicitGranter) bean));
+            }
+            return bean;
+        }
+
+        @Override
+        public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
+            return bean;
+        }
+    }
+
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/SimpleAccessTokenService.java

@@ -0,0 +1,99 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
+import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
+import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService;
+import org.hswebframework.web.commons.entity.factory.EntityFactory;
+import org.hswebframework.web.dao.oauth2.OAuth2AccessDao;
+import org.hswebframework.web.id.IDGenerator;
+import org.hswebframework.web.service.DefaultDSLQueryService;
+import org.hswebframework.web.service.DefaultDSLUpdateService;
+import org.springframework.util.Assert;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleAccessTokenService implements AccessTokenService {
+
+    private TokenGenerator tokenGenerator = IDGenerator.MD5::generate;
+
+    private OAuth2AccessDao oAuth2AccessDao;
+
+    private EntityFactory entityFactory;
+
+    public SimpleAccessTokenService(OAuth2AccessDao oAuth2AccessDao, EntityFactory entityFactory) {
+        this.oAuth2AccessDao = oAuth2AccessDao;
+        this.entityFactory = entityFactory;
+    }
+
+    public SimpleAccessTokenService setTokenGenerator(TokenGenerator tokenGenerator) {
+        if (tokenGenerator != null)
+            this.tokenGenerator = tokenGenerator;
+        return this;
+    }
+
+    @Override
+    public OAuth2AccessToken createToken() {
+        OAuth2AccessEntity accessEntity = entityFactory.newInstance(OAuth2AccessEntity.class);
+        accessEntity.setAccessToken(tokenGenerator.generate());
+        accessEntity.setRefreshToken(tokenGenerator.generate());
+        accessEntity.setCreateTime(System.currentTimeMillis());
+        return accessEntity;
+    }
+
+    @Override
+    public OAuth2AccessToken getTokenByRefreshToken(String refreshToken) {
+        Assert.notNull(refreshToken, "refreshToken can not be null!");
+        return DefaultDSLQueryService.createQuery(oAuth2AccessDao)
+                .where("refreshToken", refreshToken).single();
+    }
+
+    @Override
+    public OAuth2AccessToken getTokenByAccessToken(String accessToken) {
+        Assert.notNull(accessToken, "accessToken can not be null!");
+        return DefaultDSLQueryService.createQuery(oAuth2AccessDao)
+                .where("accessToken", accessToken).single();
+    }
+
+    @Override
+    public OAuth2AccessToken saveOrUpdateToken(OAuth2AccessToken token) {
+        Assert.notNull(token, "token can not be null!");
+        int total = DefaultDSLQueryService
+                .createQuery(oAuth2AccessDao)
+                .where("clientId", token.getClientId())
+                .and("grantType", token.getGrantType())
+                .and("ownerId", token.getOwnerId()).total();
+        if (total > 0) {
+            DefaultDSLUpdateService
+                    .createUpdate(oAuth2AccessDao, token)
+                    .where("clientId", token.getClientId())
+                    .and("grantType", token.getGrantType())
+                    .and("ownerId", token.getOwnerId())
+                    .exec();
+        } else {
+            oAuth2AccessDao.insert(((OAuth2AccessEntity) token));
+        }
+
+        return token;
+    }
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/SimpleAuthorizationCodeService.java

@@ -0,0 +1,77 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+import com.alibaba.fastjson.JSON;
+import org.hswebframework.web.authorization.oauth2.api.entity.AuthorizationCodeEntity;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeRequest;
+import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeService;
+import org.hswebframework.web.commons.entity.factory.EntityFactory;
+import org.hswebframework.web.dao.oauth2.AuthorizationCodeDao;
+import org.hswebframework.web.id.IDGenerator;
+import org.hswebframework.web.service.DefaultDSLDeleteService;
+import org.hswebframework.web.service.DefaultDSLQueryService;
+
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleAuthorizationCodeService implements AuthorizationCodeService {
+    private AuthorizationCodeDao authorizationCodeDao;
+    private EntityFactory        entityFactory;
+    private CodeGenerator codeGenerator = IDGenerator.MD5::generate;
+
+    public SimpleAuthorizationCodeService(AuthorizationCodeDao authorizationCodeDao, EntityFactory entityFactory) {
+        this.authorizationCodeDao = authorizationCodeDao;
+        this.entityFactory = entityFactory;
+    }
+
+    public SimpleAuthorizationCodeService setCodeGenerator(CodeGenerator codeGenerator) {
+        if (codeGenerator != null)
+            this.codeGenerator = codeGenerator;
+        return this;
+    }
+
+    @Override
+    public String createAuthorizationCode(AuthorizationCodeRequest request) {
+        AuthorizationCodeEntity codeEntity = entityFactory.newInstance(AuthorizationCodeEntity.class);
+        codeEntity.setClientId(request.getClientId());
+        codeEntity.setRedirectUri(request.getRedirectUri());
+        codeEntity.setCreateTime(System.currentTimeMillis());
+        codeEntity.setUserId(request.getUserId());
+        codeEntity.setScope(request.getScope());
+        codeEntity.setCode(codeGenerator.generate());
+        authorizationCodeDao.insert(codeEntity);
+        return codeEntity.getCode();
+    }
+
+    @Override
+    public AuthorizationCode consumeAuthorizationCode(String code) {
+        AuthorizationCodeEntity codeEntity = DefaultDSLQueryService
+                .createQuery(authorizationCodeDao)
+                .where("code", code).single();
+        //delete
+        DefaultDSLDeleteService.createDelete(authorizationCodeDao)
+                .where("code", code).exec();
+        return codeEntity;
+    }
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/SimpleClientService.java

@@ -0,0 +1,47 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
+import org.hswebframework.web.authorization.oauth2.server.client.OAuth2ClientService;
+import org.hswebframework.web.dao.oauth2.OAuth2ClientDao;
+import org.hswebframework.web.service.DefaultDSLQueryService;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleClientService implements OAuth2ClientService {
+    private OAuth2ClientDao oAuth2ClientDao;
+
+    public SimpleClientService(OAuth2ClientDao oAuth2ClientDao) {
+        this.oAuth2ClientDao = oAuth2ClientDao;
+    }
+
+    @Override
+    public OAuth2Client getClientById(String id) {
+        return DefaultDSLQueryService.createQuery(oAuth2ClientDao).where("id", id).single();
+    }
+
+    @Override
+    public OAuth2Client getClientByOwnerId(String ownerId) {
+        return DefaultDSLQueryService.createQuery(oAuth2ClientDao).where("ownerId", ownerId).single();
+    }
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/SimplePasswordService.java

@@ -0,0 +1,46 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+import org.hswebframework.web.authorization.oauth2.server.support.password.PasswordService;
+import org.hswebframework.web.entity.authorization.UserEntity;
+import org.hswebframework.web.service.authorization.UserService;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimplePasswordService implements PasswordService {
+    private UserService userService;
+
+    public SimplePasswordService(UserService userService) {
+        this.userService = userService;
+    }
+
+    @Override
+    public String getUserIdByUsernameAndPassword(String username, String password) {
+        UserEntity userEntity = userService.selectByUsername(username);
+        if (userEntity == null) return null;
+        if (!userService.encodePassword(password, userEntity.getSalt()).equals(userEntity.getPassword())) {
+            return null;
+        }
+        return userEntity.getId();
+    }
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/server/simple/TokenGenerator.java

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.oauth2.server.simple;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface TokenGenerator {
+    String generate();
+}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-simple/src/main/java/org/hswebframework/web/oauth2/service/SimpleOAuth2ServerService.java

@@ -1,267 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.oauth2.service;
-
-import org.hswebframework.web.AuthorizeForbiddenException;
-import org.hswebframework.web.NotFoundException;
-import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
-import org.hswebframework.web.authorization.oauth2.api.entity.AuthorizationCodeEntity;
-import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
-import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2ClientEntity;
-import org.hswebframework.web.dao.oauth2.AuthorizationCodeDao;
-import org.hswebframework.web.dao.oauth2.OAuth2AccessDao;
-import org.hswebframework.web.dao.oauth2.OAuth2ClientDao;
-import org.hswebframework.web.commons.entity.GenericEntity;
-import org.hswebframework.web.commons.entity.factory.EntityFactory;
-import org.hswebframework.web.entity.authorization.UserEntity;
-import org.hswebframework.web.id.IDGenerator;
-import org.hswebframework.web.service.DefaultDSLQueryService;
-import org.hswebframework.web.service.authorization.UserService;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import javax.annotation.Resource;
-
-import static org.hswebframework.web.service.DefaultDSLDeleteService.createDelete;
-import static org.hswebframework.web.service.DefaultDSLQueryService.createQuery;
-import static org.hswebframework.web.service.DefaultDSLUpdateService.createUpdate;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-@Service("oAuth2ServerService")
-@Transactional(rollbackFor = Throwable.class)
-public class SimpleOAuth2ServerService implements OAuth2ServerService {
-
-    private static final String cacheName = "hsweb.oauth2";
-    @Resource
-    private OAuth2ClientDao      oAuth2ClientDao;
-    @Resource
-    private OAuth2AccessDao      oAuth2AccessDao;
-    @Resource
-    private AuthorizationCodeDao authorizationCodeDao;
-    @Resource
-    private EntityFactory        entityFactory;
-
-    @Resource
-    private UserService userService;
-
-    @Override
-    public OAuth2ClientEntity getClient(String clientId) {
-        return createQuery(oAuth2ClientDao)
-                .where(GenericEntity.id, clientId)
-                .single();
-    }
-
-    @Override
-    public OAuth2ClientEntity getClient(String clientId, String clientSecret) {
-        return createQuery(oAuth2ClientDao)
-                .where(GenericEntity.id, clientId)
-                // TODO: 17-2-28 key (clientSecret) 应该为常量
-                .where("clientSecret", clientSecret)
-                .single();
-    }
-
-    @Override
-    public String requestCode(String clientId, String userId, String scope, String redirectUri) {
-        String code = IDGenerator.MD5.generate();
-        //删除旧的code
-        createDelete(authorizationCodeDao)
-                // TODO: 17-2-28 key  应该为常量
-                .where("userId", userId)
-                .and("clientId", userId)
-                .exec();
-        AuthorizationCodeEntity codeEntity = entityFactory.newInstance(AuthorizationCodeEntity.class);
-        codeEntity.setCreateTime(System.currentTimeMillis());
-        codeEntity.setClientId(clientId);
-        codeEntity.setUserId(userId);
-        codeEntity.setCode(code);
-        codeEntity.setScope(scope);
-        codeEntity.setRedirectUri(redirectUri);
-        authorizationCodeDao.insert(codeEntity);
-        return code;
-    }
-
-    protected OAuth2AccessEntity createNewAccess() {
-        OAuth2AccessEntity entity = entityFactory.newInstance(OAuth2AccessEntity.class);
-        entity.setCreateTime(System.currentTimeMillis());
-        entity.setAccessToken(IDGenerator.MD5.generate());
-        entity.setRefreshToken(IDGenerator.MD5.generate());
-        return entity;
-    }
-
-    @Override
-    public OAuth2AccessEntity requestTokenByCode(String code,
-                                                 String clientId,
-                                                 String clientSecret,
-                                                 String scope,
-                                                 String redirectUri) {
-        AuthorizationCodeEntity codeEntity =
-                createQuery(authorizationCodeDao)
-                        .where("code", code)
-                        .and("clientId", clientId)
-                        .single();
-        if (codeEntity == null) {
-            throw new NotFoundException("code not found!");
-        }
-        try {
-//            if (!redirectUri.equals(codeEntity.getRedirectUri())) {
-//                // redirectUri error
-//                throw new IllegalArgumentException("redirectUri error!");
-//            }
-            //授权码已经创建超时(10分钟)
-            if (System.currentTimeMillis() - codeEntity.getCreateTime() > 10 * 60 * 1000) {
-                throw new NotFoundException("time out!");
-            }
-            // TODO: 17-2-28  验证scope
-
-            OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
-            if (null == clientEntity) {
-                // TODO: 17-2-28 自定义异常
-                throw new IllegalArgumentException("client not found!");
-            }
-            if (!clientEntity.grantTypeIsSupport("authorization_code")) {
-                throw new UnsupportedOperationException("grant_type:authorization_code not support!");
-            }
-            OAuth2AccessEntity accessEntity = createNewAccess();
-            accessEntity.setUserId(codeEntity.getUserId());
-            accessEntity.setClientId(clientId);
-            // TODO: 17-2-28 过期时间应该可配置
-            accessEntity.setExpiresIn(3600L);
-            accessEntity.setScope(scope);
-            oAuth2AccessDao.insert(accessEntity);
-            return accessEntity;
-        } finally {
-            //删除使用过的授权码
-            createDelete(authorizationCodeDao)
-                    .where("code", code)
-                    .and("clientId", clientId)
-                    .exec();
-        }
-    }
-
-    @Override
-    public OAuth2AccessEntity requestTokenByClientCredential(String clientId, String clientSecret) {
-        OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
-        if (null == clientEntity) {
-            // TODO: 17-2-28 自定义异常
-            throw new NotFoundException("client not found!");
-        }
-        if (!clientEntity.grantTypeIsSupport("client_credential")) {
-            throw new UnsupportedOperationException("grant_type:client_credential not support!");
-        }
-        return createNewTokenAndRemoveOld(clientEntity);
-    }
-
-    protected OAuth2AccessEntity createNewTokenAndRemoveOld(OAuth2ClientEntity clientEntity) {
-        OAuth2AccessEntity oldEntity = DefaultDSLQueryService
-                .createQuery(oAuth2AccessDao)
-                .where("clientId", clientEntity.getId())
-                .and("userId", clientEntity.getOwnerId())
-                .single();
-        OAuth2AccessEntity newEntity = createNewAccess();
-        if (oldEntity != null) {
-            newEntity.setScope(oldEntity.getScope());
-            newEntity.setExpiresIn(oldEntity.getExpiresIn());
-            newEntity.setRefreshToken(oldEntity.getRefreshToken());
-        } else {
-            newEntity.setExpiresIn(3600L);
-            newEntity.setScope("public");
-        }
-        newEntity.setClientId(clientEntity.getId());
-        newEntity.setUserId(clientEntity.getOwnerId());
-        oAuth2AccessDao.insert(newEntity);
-        return newEntity;
-    }
-
-    @Override
-    public OAuth2AccessEntity requestTokenByImplicit(String clientId, String scope) {
-        OAuth2ClientEntity clientEntity = getClient(clientId);
-        if (null == clientEntity) {
-            // TODO: 17-2-28 自定义异常
-            throw new NotFoundException("client not found!");
-        }
-        if (!clientEntity.grantTypeIsSupport("implicit")) {
-            throw new UnsupportedOperationException("grant_type:implicit not support!");
-        }
-        return createNewTokenAndRemoveOld(clientEntity);
-    }
-
-    @Override
-    public OAuth2AccessEntity requestTokenByPassword(String username, String password) {
-        UserEntity entity = userService.selectByUsername(username);
-        if (null == entity) throw new NotFoundException("user not found");
-        if (!userService.encodePassword(password, entity.getSalt()).equals(entity.getPassword()))
-            throw new AuthorizeForbiddenException("password error");
-        OAuth2ClientEntity clientEntity = DefaultDSLQueryService.createQuery(oAuth2ClientDao).where("user_id", entity.getId()).single();
-        if (clientEntity == null) {
-            throw new NotFoundException("client not found");
-        }
-        if (!clientEntity.grantTypeIsSupport("password")) {
-            throw new UnsupportedOperationException("grant_type:password not support!");
-        }
-        OAuth2AccessEntity accessEntity = createNewAccess();
-        accessEntity.setUserId(entity.getId());
-        accessEntity.setScope("public");
-        accessEntity.setExpiresIn(3600L);
-        accessEntity.setClientId(clientEntity.getId());
-        oAuth2AccessDao.insert(accessEntity);
-        return accessEntity;
-    }
-
-    @Override
-    public OAuth2AccessEntity refreshToken(String clientId, String clientSecret, String refreshToken, String scope) {
-        OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
-        if (null == clientEntity) {
-            // TODO: 17-2-28 自定义异常
-            throw new NotFoundException("client not found!");
-        }
-        if (!clientEntity.grantTypeIsSupport("refresh_token")) {
-            throw new UnsupportedOperationException("grant_type:refresh_token not support!");
-        }
-        OAuth2AccessEntity accessEntity = DefaultDSLQueryService.createQuery(oAuth2AccessDao)
-                .where("refreshToken", refreshToken)
-                .and("clientId", clientId)
-                .single();
-        if (null == accessEntity) {
-            throw new NotFoundException("access not found!");
-        }
-        //30天过期
-        long refreshTokenTimeOut = 30 * 24 * 60 * 60 * 1000L;
-        if (System.currentTimeMillis() - accessEntity.getCreateTime() > refreshTokenTimeOut) {
-            throw new NotFoundException("refresh_token time out");
-        }
-        accessEntity.setAccessToken(IDGenerator.MD5.generate());
-        accessEntity.setUpdateTime(System.currentTimeMillis());
-        accessEntity.setScope(scope);
-        createUpdate(oAuth2AccessDao, accessEntity)
-                .includes("accessToken", "updateTime", "scope")
-                .where("refreshToken", refreshToken)
-                .and("clientId", clientId)
-                .exec();
-        return accessEntity;
-    }
-
-    @Override
-    public OAuth2AccessEntity getAccessToken(String accessToken) {
-        return DefaultDSLQueryService.createQuery(oAuth2AccessDao).where("accessToken", accessToken).single();
-    }
-}

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/resources/META-INF/spring.factories

@@ -0,0 +1,3 @@
+# Auto Configure
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+org.hswebframework.web.oauth2.server.simple.OAuth2GranterAutoConfiguration

hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-starter/src/main/resources/hsweb-starter.js

@@ -48,11 +48,14 @@ function install(context) {
         .addColumn().name("redirect_uri").varchar(1024).notNull().comment("redirect_uri").commit()
         .addColumn().name("create_time").number(32).notNull().comment("创建时间").commit()
         .addColumn().name("support_grant_type").clob().notNull().comment("支持的授权列表").commit()
+        .addColumn().name("default_expires_in").number(16).comment("默认认证过期时间").commit()
+        .addColumn().name("default_grant_scope").clob().comment("默认认证范围").commit()
+        .addColumn().name("enabled").number(4).comment("是否启用").commit()
         .comment("OAuth2客户端").commit();
 
     database.createOrAlter("s_oauth2_access")
         .addColumn().name("client_id").varchar(32).notNull().comment("client_id").commit()
-        .addColumn().name("user_id").varchar(32).notNull().comment("授权对应的用户ID").commit()
+        .addColumn().name("owner_id").varchar(32).notNull().comment("授权对应的用户ID").commit()
         .addColumn().name("access_token").varchar(32).notNull().comment("授权码").commit()
         .addColumn().name("expires_in").varchar(32).notNull().comment("有效期").commit()
         .addColumn().name("refresh_token").varchar(32).notNull().comment("用于更新授权的token").commit()

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-dao/hsweb-system-organizational-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/organizational/PersonMapper.xml

@@ -26,7 +26,7 @@
             <result property="email" column="email" javaType="String" jdbcType="VARCHAR"/>
             <result property="phone" column="phone" javaType="String" jdbcType="VARCHAR"/>
             <result property="photo" column="photo" javaType="String" jdbcType="VARCHAR"/>
-            <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
+            <result property="ownerId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
             <result property="status" column="status" javaType="Byte" jdbcType="DECIMAL"/>
             <result property="remark" column="remark" javaType="String" jdbcType="VARCHAR"/>
     </resultMap>