新增OAuth2支持

hsweb-web-oauth2/hsweb-web-oauth2-controller/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-web-oauth2</artifactId>
+        <groupId>org.hsweb</groupId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-web-oauth2-controller</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.oltu.oauth2</groupId>
+            <artifactId>org.apache.oltu.oauth2.authzserver</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-oauth2-core</artifactId>
+        </dependency>
+    </dependencies>
+</project>

hsweb-web-oauth2/hsweb-web-oauth2-controller/src/main/java/org/hsweb/web/oauth2/controller/OAuth2Controller.java

@@ -0,0 +1,107 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.controller;
+
+import org.apache.oltu.oauth2.as.issuer.MD5Generator;
+import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
+import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
+import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
+import org.apache.oltu.oauth2.as.response.OAuthASResponse;
+import org.apache.oltu.oauth2.common.OAuth;
+import org.apache.oltu.oauth2.common.error.OAuthError;
+import org.apache.oltu.oauth2.common.message.OAuthResponse;
+import org.apache.oltu.oauth2.common.message.types.GrantType;
+import org.hsweb.web.bean.common.QueryParam;
+import org.hsweb.web.core.exception.AuthorizeException;
+import org.hsweb.web.core.logger.annotation.AccessLogger;
+import org.hsweb.web.core.message.ResponseMessage;
+import org.hsweb.web.oauth2.po.OAuth2Access;
+import org.hsweb.web.oauth2.po.OAuth2Client;
+import org.hsweb.web.oauth2.service.OAuth2ClientService;
+import org.hsweb.web.oauth2.service.OAuth2Service;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Date;
+
+/**
+ * @author zhouhao
+ */
+@RestController
+@RequestMapping("/oauth2")
+@AccessLogger("oauth2授权")
+public class OAuth2Controller {
+
+    @Autowired(required = false)
+    private OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
+
+    @Resource
+    private OAuth2ClientService oAuth2ClientService;
+
+    @Resource
+    private OAuth2Service oAuth2Service;
+
+    @RequestMapping(value = "/access_token", method = {RequestMethod.POST})
+    @AccessLogger("获取access_token")
+    public ResponseMessage accessToken(@RequestParam(value = OAuth.OAUTH_GRANT_TYPE, defaultValue = "client_credentials") String grantType,
+                                       HttpServletRequest request) {
+        try {
+            OAuthTokenRequest tokenRequest = new OAuthTokenRequest(request);
+            //获取OAuth客户端
+            String clientId = tokenRequest.getClientId();
+            String clientSecret = tokenRequest.getClientSecret();
+            OAuth2Client client = oAuth2ClientService.selectSingle(QueryParam.build()
+                    .where("id", clientId)
+                    .and("secret", clientSecret).and("status", 1));
+            //验证客户端
+            if (null == client) {
+                throw new AuthorizeException(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
+            }
+            //目前只支持client_credentials方式
+            if (grantType.equals(GrantType.CLIENT_CREDENTIALS.toString())) {
+                String userId = client.getUserId();
+                String accessToken = oauthIssuerImpl.accessToken();
+                String refreshToken = oauthIssuerImpl.refreshToken();
+                OAuth2Access access = new OAuth2Access();
+                access.setExpireIn(oAuth2Service.getDefaultExpireIn());
+                access.setCreateDate(new Date());
+                access.setAccessToken(accessToken);
+                access.setRefreshToken(refreshToken);
+                access.setUserId(userId);
+                access.setClientId(clientId);
+                oAuth2Service.addAccessToken(access);
+                OAuthResponse response = OAuthASResponse
+                        .tokenResponse(HttpServletResponse.SC_OK)
+                        .setAccessToken(accessToken)
+                        .setExpiresIn(String.valueOf(oAuth2Service.getDefaultExpireIn()))
+                        .setRefreshToken(refreshToken)
+                        .buildJSONMessage();
+                return ResponseMessage.ok(response.getBody()).onlyData();
+            } else {
+                throw new AuthorizeException(OAuthError.TokenResponse.UNSUPPORTED_GRANT_TYPE);
+            }
+        } catch (Exception e) {
+            throw new AuthorizeException(e.getMessage(), e, 401);
+        }
+    }
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/pom.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-web-oauth2</artifactId>
+        <groupId>org.hsweb</groupId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-web-oauth2-core</artifactId>
+
+
+</project>

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/dao/OAuth2AccessMapper.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.dao;
+
+import org.hsweb.web.dao.GenericMapper;
+import org.hsweb.web.oauth2.po.OAuth2Access;
+
+/**
+ * OAuth2认证信息数据映射接口
+ * Created by generator
+ */
+public interface OAuth2AccessMapper extends GenericMapper<OAuth2Access,String> {
+
+    int deleteById(String id);
+
+    OAuth2Access selectByAccessToken(String accessToken);
+
+    OAuth2Access selectByRefreshToken(String refreshToken);
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/dao/OAuth2ClientMapper.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.dao;
+
+import org.hsweb.web.dao.GenericMapper;
+import org.hsweb.web.oauth2.po.OAuth2Client;
+
+/**
+* OAuth2客户端数据映射接口
+* Created by generator 
+*/
+public interface OAuth2ClientMapper extends GenericMapper<OAuth2Client,String> {
+
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/exception/AccessTimeoutException.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.exception;
+
+/**
+ * @author zhouhao
+ * @TODO
+ */
+public class AccessTimeoutException extends RuntimeException {
+    public AccessTimeoutException() {
+    }
+
+    public AccessTimeoutException(String message) {
+        super(message);
+    }
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/po/OAuth2Access.java

@@ -0,0 +1,148 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.hsweb.web.oauth2.po;
+
+import org.hsweb.web.bean.po.GenericPo;
+import org.hsweb.web.bean.po.user.User;
+
+/**
+ * OAuth2认证信息
+ * Created by hsweb-generator Aug 16, 2016 9:27:59 AM
+ */
+public class OAuth2Access extends GenericPo<String> {
+    //客户端ID
+    private String clientId;
+    //关联用户
+    private String userId;
+    //认证码
+    private String accessToken;
+    //刷新码
+    private String refreshToken;
+    //过期时间
+    private int expireIn;
+    //生成日期
+    private java.util.Date createDate;
+
+    //关联用户实体
+    private User user;
+
+    /**
+     * 获取 客户端ID
+     *
+     * @return String 客户端ID
+     */
+    public String getClientId() {
+        return this.clientId;
+    }
+
+    /**
+     * 设置 客户端ID
+     *
+     * @param clientId 客户端ID
+     */
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    /**
+     * 获取 关联用户
+     *
+     * @return String 关联用户
+     */
+    public String getUserId() {
+        return this.userId;
+    }
+
+    /**
+     * 设置 关联用户
+     *
+     * @param userId 关联用户
+     */
+    public void setUserId(String userId) {
+        this.userId = userId;
+    }
+
+    /**
+     * 获取 认证码
+     *
+     * @return String 认证码
+     */
+    public String getAccessToken() {
+        return this.accessToken;
+    }
+
+    /**
+     * 设置 认证码
+     *
+     * @param accessToken 认证码
+     */
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
+
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+
+    /**
+     * 获取 过期时间
+     *
+     * @return int 过期时间
+     */
+    public int getExpireIn() {
+        return this.expireIn;
+    }
+
+    /**
+     * 设置 过期时间
+     *
+     * @param expireIn 过期时间
+     */
+    public void setExpireIn(int expireIn) {
+        this.expireIn = expireIn;
+    }
+
+    /**
+     * 获取 生成日期
+     *
+     * @return java.util.Date 生成日期
+     */
+    public java.util.Date getCreateDate() {
+        return this.createDate;
+    }
+
+    /**
+     * 设置 生成日期
+     *
+     * @param createDate 生成日期
+     */
+    public void setCreateDate(java.util.Date createDate) {
+        this.createDate = createDate;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/po/OAuth2Client.java

@@ -0,0 +1,112 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.po;
+
+import org.hsweb.web.bean.po.GenericPo;
+
+/**
+* OAuth2客户端
+* Created by hsweb-generator Aug 16, 2016 7:39:55 AM
+*/
+public class OAuth2Client extends GenericPo<String> {
+  		//关联用户
+        private String userId;
+  		//客户端名称
+        private String name;
+  		//密钥
+        private String secret;
+  		//备注
+        private String comment;
+  		//状态
+        private int status;
+
+        /**
+        * 获取 关联用户
+        * @return String 关联用户
+        */
+        public String getUserId(){
+			return this.userId;
+        }
+
+        /**
+        * 设置 关联用户
+        * @param userId 关联用户
+        */
+        public void setUserId(String userId){
+        	this.userId=userId;
+        }
+        /**
+        * 获取 客户端名称
+        * @return String 客户端名称
+        */
+        public String getName(){
+			return this.name;
+        }
+
+        /**
+        * 设置 客户端名称
+        * @param name 客户端名称
+        */
+        public void setName(String name){
+        	this.name=name;
+        }
+        /**
+        * 获取 密钥
+        * @return String 密钥
+        */
+        public String getSecret(){
+			return this.secret;
+        }
+
+        /**
+        * 设置 密钥
+        * @param secret 密钥
+        */
+        public void setSecret(String secret){
+        	this.secret=secret;
+        }
+        /**
+        * 获取 备注
+        * @return String 备注
+        */
+        public String getComment(){
+			return this.comment;
+        }
+
+        /**
+        * 设置 备注
+        * @param comment 备注
+        */
+        public void setComment(String comment){
+        	this.comment=comment;
+        }
+        /**
+        * 获取 状态
+        * @return int 状态
+        */
+        public int getStatus(){
+			return this.status;
+        }
+
+        /**
+        * 设置 状态
+        * @param status 状态
+        */
+        public void setStatus(int status){
+        	this.status=status;
+        }
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/service/OAuth2ClientService.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.service;
+
+import org.hsweb.web.oauth2.po.OAuth2Client;
+import org.hsweb.web.service.GenericService;
+
+/**
+ * OAuth2客户端服务类
+ * Created by generator
+ */
+public interface OAuth2ClientService extends GenericService<OAuth2Client, String> {
+}

hsweb-web-oauth2/hsweb-web-oauth2-core/src/main/java/org/hsweb/web/oauth2/service/OAuth2Service.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.service;
+
+import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.oauth2.po.OAuth2Access;
+
+public interface OAuth2Service {
+    void addAccessToken(OAuth2Access auth2Access);
+
+    void refreshToken(OAuth2Access auth2Access);
+
+    User getUserByAccessToken(String accessToken);
+
+    int getDefaultExpireIn();
+
+}

hsweb-web-oauth2/hsweb-web-oauth2-mybatis/pom.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-web-oauth2</artifactId>
+        <groupId>org.hsweb</groupId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-web-oauth2-mybatis</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-dao-impl-mybatis</artifactId>
+        </dependency>
+    </dependencies>
+</project>

hsweb-web-oauth2/hsweb-web-oauth2-mybatis/src/main/resources/org/hsweb/web/dao/impl/mybatis/mapper/mysql/OAuth2AccessMapper.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://www.mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="org.hsweb.web.oauth2.dao.OAuth2AccessMapper">
+    <resultMap id="OAuth2AccessResultMap" type="org.hsweb.web.oauth2.po.OAuth2Access">
+        <id property="id" column="u_id" javaType="string" jdbcType="VARCHAR"/>
+        <result property="clientId" column="client_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="accessToken" column="access_token" javaType="String" jdbcType="VARCHAR"/>
+        <result property="refreshToken" column="refresh_token" javaType="String" jdbcType="VARCHAR"/>
+        <result property="expireIn" column="expire_in" javaType="int" jdbcType="NUMERIC"/>
+        <result property="createDate" column="create_date" javaType="java.util.Date" jdbcType="TIMESTAMP"/>
+    </resultMap>
+
+    <!--用于动态生成sql所需的配置-->
+    <sql id="config">
+        <bind name="resultMapId" value="'OAuth2AccessResultMap'"/>
+        <bind name="tableName" value="'s_oauth2_access'"/>
+    </sql>
+    <insert id="insert" parameterType="org.hsweb.web.bean.common.InsertParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildInsertSql"/>
+    </insert>
+
+    <delete id="deleteById" parameterType="String">
+        delete from s_oauth2_access where u_id=#{id}
+    </delete>
+
+    <select id="selectByPk" parameterType="string" resultMap="OAuth2AccessResultMap">
+        select * from s_oauth2_access where u_id=#{id}
+    </select>
+
+    <select id="select" parameterType="org.hsweb.web.bean.common.QueryParam" resultMap="OAuth2AccessResultMap">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildSelectSql"/>
+    </select>
+
+    <select id="total" parameterType="org.hsweb.web.bean.common.QueryParam" resultType="int">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildTotalSql"/>
+    </select>
+</mapper>

hsweb-web-oauth2/hsweb-web-oauth2-mybatis/src/main/resources/org/hsweb/web/dao/impl/mybatis/mapper/mysql/OAuth2ClientMapper.xml

@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://www.mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="org.hsweb.web.oauth2.dao.OAuth2ClientMapper">
+    <resultMap id="OAuth2ClientResultMap" type="org.hsweb.web.oauth2.po.OAuth2Client">
+        <id property="id" column="u_id" javaType="string" jdbcType="VARCHAR"/>
+        <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="name" column="name" javaType="String" jdbcType="VARCHAR"/>
+        <result property="secret" column="secret" javaType="String" jdbcType="VARCHAR"/>
+        <result property="comment" column="comment" javaType="String" jdbcType="VARCHAR"/>
+        <result property="status" column="status" javaType="int" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!--用于动态生成sql所需的配置-->
+    <sql id="config">
+        <bind name="resultMapId" value="'OAuth2ClientResultMap'"/>
+        <bind name="tableName" value="'s_oauth2_client'"/>
+    </sql>
+    <insert id="insert" parameterType="org.hsweb.web.bean.common.InsertParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildInsertSql"/>
+    </insert>
+
+    <delete id="delete" parameterType="org.hsweb.web.bean.common.DeleteParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildDeleteSql"/>
+    </delete>
+
+    <update id="update" parameterType="org.hsweb.web.bean.common.UpdateParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildUpdateSql"/>
+    </update>
+
+    <select id="selectByPk" parameterType="string" resultMap="OAuth2ClientResultMap">
+        select * from s_oauth2_client where u_id=#{id}
+    </select>
+
+    <select id="select" parameterType="org.hsweb.web.bean.common.QueryParam" resultMap="OAuth2ClientResultMap">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildSelectSql"/>
+    </select>
+
+    <select id="total" parameterType="org.hsweb.web.bean.common.QueryParam" resultType="int">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildTotalSql"/>
+    </select>
+</mapper>

hsweb-web-oauth2/hsweb-web-oauth2-mybatis/src/main/resources/org/hsweb/web/dao/impl/mybatis/mapper/oracle/OAuth2AccessMapper.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://www.mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="org.hsweb.web.oauth2.dao.OAuth2AccessMapper">
+    <resultMap id="OAuth2AccessResultMap" type="org.hsweb.web.oauth2.po.OAuth2Access">
+        <id property="id" column="u_id" javaType="string" jdbcType="VARCHAR"/>
+        <result property="clientId" column="client_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="accessToken" column="access_token" javaType="String" jdbcType="VARCHAR"/>
+        <result property="refreshToken" column="refresh_token" javaType="String" jdbcType="VARCHAR"/>
+        <result property="expireIn" column="expire_in" javaType="int" jdbcType="NUMERIC"/>
+        <result property="createDate" column="create_date" javaType="java.util.Date" jdbcType="TIMESTAMP"/>
+    </resultMap>
+
+    <!--用于动态生成sql所需的配置-->
+    <sql id="config">
+        <bind name="resultMapId" value="'OAuth2AccessResultMap'"/>
+        <bind name="tableName" value="'s_oauth2_access'"/>
+    </sql>
+    <insert id="insert" parameterType="org.hsweb.web.bean.common.InsertParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildInsertSql"/>
+    </insert>
+
+    <delete id="deleteById" parameterType="String">
+        delete from s_oauth2_access where u_id=#{id}
+    </delete>
+
+    <select id="selectByAccessToken" parameterType="string" resultMap="OAuth2AccessResultMap">
+        select * from s_oauth2_access where access_token=#{access_token}
+    </select>
+
+    <delete id="delete" parameterType="org.hsweb.web.bean.common.DeleteParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildDeleteSql"/>
+    </delete>
+
+    <update id="update" parameterType="org.hsweb.web.bean.common.UpdateParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildUpdateSql"/>
+    </update>
+
+    <select id="selectByRefreshToken" parameterType="string" resultMap="OAuth2AccessResultMap">
+        select * from s_oauth2_access where refresh_token=#{refresh_token}
+    </select>
+
+    <select id="select" parameterType="org.hsweb.web.bean.common.QueryParam" resultMap="OAuth2AccessResultMap">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildSelectSql"/>
+    </select>
+
+    <select id="total" parameterType="org.hsweb.web.bean.common.QueryParam" resultType="int">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildTotalSql"/>
+    </select>
+</mapper>

hsweb-web-oauth2/hsweb-web-oauth2-mybatis/src/main/resources/org/hsweb/web/dao/impl/mybatis/mapper/oracle/OAuth2ClientMapper.xml

@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://www.mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="org.hsweb.web.oauth2.dao.OAuth2ClientMapper">
+    <resultMap id="OAuth2ClientResultMap" type="org.hsweb.web.oauth2.po.OAuth2Client">
+        <id property="id" column="u_id" javaType="string" jdbcType="VARCHAR"/>
+        <result property="userId" column="user_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="name" column="name" javaType="String" jdbcType="VARCHAR"/>
+        <result property="secret" column="secret" javaType="String" jdbcType="VARCHAR"/>
+        <result property="comment" column="comment" javaType="String" jdbcType="VARCHAR"/>
+        <result property="status" column="status" javaType="int" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!--用于动态生成sql所需的配置-->
+    <sql id="config">
+        <bind name="resultMapId" value="'OAuth2ClientResultMap'"/>
+        <bind name="tableName" value="'s_oauth2_client'"/>
+    </sql>
+    <insert id="insert" parameterType="org.hsweb.web.bean.common.InsertParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildInsertSql"/>
+    </insert>
+
+    <delete id="delete" parameterType="org.hsweb.web.bean.common.DeleteParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildDeleteSql"/>
+    </delete>
+
+    <update id="update" parameterType="org.hsweb.web.bean.common.UpdateParam">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildUpdateSql"/>
+    </update>
+
+    <select id="selectByPk" parameterType="string" resultMap="OAuth2ClientResultMap">
+        select * from s_oauth2_client where u_id=#{id}
+    </select>
+
+    <select id="select" parameterType="org.hsweb.web.bean.common.QueryParam" resultMap="OAuth2ClientResultMap">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildSelectSql"/>
+    </select>
+
+    <select id="total" parameterType="org.hsweb.web.bean.common.QueryParam" resultType="int">
+        <include refid="config"/>
+        <include refid="BasicMapper.buildTotalSql"/>
+    </select>
+</mapper>

hsweb-web-oauth2/hsweb-web-oauth2-service-common/pom.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-web-oauth2</artifactId>
+        <groupId>org.hsweb</groupId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-web-oauth2-service-common</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-oauth2-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-service-impl-common</artifactId>
+        </dependency>
+    </dependencies>
+</project>

hsweb-web-oauth2/hsweb-web-oauth2-service-common/src/main/java/org/hsweb/web/oauth2/service/OAuth2ClientServiceImpl.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.service;
+
+import org.hsweb.web.oauth2.dao.OAuth2ClientMapper;
+import org.hsweb.web.oauth2.po.OAuth2Client;
+import org.hsweb.web.service.impl.AbstractServiceImpl;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+
+@Service("oAuth2ClientService")
+public class OAuth2ClientServiceImpl extends AbstractServiceImpl<OAuth2Client, String> implements OAuth2ClientService {
+
+    @Resource
+    private OAuth2ClientMapper oAuth2ClientMapper;
+
+    @Override
+    protected OAuth2ClientMapper getMapper() {
+        return oAuth2ClientMapper;
+    }
+}

hsweb-web-oauth2/hsweb-web-oauth2-service-common/src/main/java/org/hsweb/web/oauth2/service/OAuth2ServiceImpl.java

@@ -0,0 +1,153 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.service;
+
+import org.apache.commons.beanutils.BeanUtilsBean;
+import org.hsweb.web.bean.common.DeleteParam;
+import org.hsweb.web.bean.common.InsertParam;
+import org.hsweb.web.bean.common.QueryParam;
+import org.hsweb.web.bean.common.UpdateParam;
+import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.core.exception.AuthorizeException;
+import org.hsweb.web.core.exception.BusinessException;
+import org.hsweb.web.core.exception.NotFoundException;
+import org.hsweb.web.oauth2.dao.OAuth2AccessMapper;
+import org.hsweb.web.oauth2.exception.AccessTimeoutException;
+import org.hsweb.web.oauth2.po.OAuth2Access;
+import org.hsweb.web.service.config.ConfigService;
+import org.hsweb.web.service.user.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import javax.annotation.Resource;
+import java.util.Date;
+import java.util.List;
+
+@Service("oAuth2Service")
+public class OAuth2ServiceImpl implements OAuth2Service {
+
+    @Resource
+    private OAuth2AccessMapper oAuth2AccessMapper;
+
+    @Resource
+    private UserService userService;
+
+    @Resource
+    private ConfigService configService;
+
+    @Autowired(required = false)
+    private CacheManager cacheManager;
+    static final String cacheName = "hsweb.oauth2";
+
+    @Override
+    public void addAccessToken(OAuth2Access auth2Access) {
+        if (auth2Access.getId() == null) {
+            auth2Access.setId(OAuth2Access.createUID());
+        }
+        // TODO: 16-8-17  保存n分钟再删除
+        //删除旧的token
+        List<OAuth2Access> accesses = oAuth2AccessMapper.select(QueryParam.build().where("userId", auth2Access.getUserId()));
+        if (accesses.size() > 0) {
+            accesses.forEach(this::removeAccessFromCache);
+            oAuth2AccessMapper.delete(DeleteParam.build().where("userId", auth2Access.getUserId()));
+        }
+        oAuth2AccessMapper.insert(InsertParam.build(auth2Access));
+    }
+
+    private void removeAccessFromCache(OAuth2Access auth2Access) {
+        //移除旧的缓存
+        if (cacheManager != null) {
+            String cacheKey = "accessToken:".concat(auth2Access.getAccessToken());
+            Cache cache = cacheManager.getCache(cacheName);
+            cache.evict(cacheKey);
+        }
+    }
+
+    @Override
+    public void refreshToken(OAuth2Access auth2Access) {
+        auth2Access.setCreateDate(new Date());
+        OAuth2Access old = oAuth2AccessMapper.selectByRefreshToken(auth2Access.getRefreshToken());
+        if (old == null) {
+            throw new NotFoundException("refreshToken不存在");
+        }
+        //修改
+        oAuth2AccessMapper.update(UpdateParam.build(auth2Access)
+                .includes("accessToken", "expireIn", "createDate")
+                .where("refreshToken", auth2Access.getRefreshToken()));
+        //移除旧的缓存
+        removeAccessFromCache(old);
+    }
+
+    @Override
+    @Transactional(noRollbackFor = AccessTimeoutException.class)
+    public User getUserByAccessToken(String accessToken) {
+        OAuth2Access auth2Access = null;
+        Cache cache = null;
+        String cacheKey = "accessToken:".concat(accessToken);
+        boolean inCache = false;
+        if (cacheManager != null) {
+            cache = cacheManager.getCache(cacheName);
+            if (cache != null) {
+                Cache.ValueWrapper wrapper = cache.get(cacheKey);
+                if (wrapper != null) {
+                    auth2Access = (OAuth2Access) wrapper.get();
+                    inCache = true;
+                }
+            }
+        }
+        if (auth2Access == null)
+            auth2Access = oAuth2AccessMapper.selectByAccessToken(accessToken);
+        if (auth2Access == null) {
+            return null;
+        }
+        long createTime = auth2Access.getCreateDate().getTime();
+        long expireInMs = auth2Access.getExpireIn() * 60 * 1000;
+        //判断是否已超时
+        if (System.currentTimeMillis() - createTime > expireInMs) {
+            if (cache != null) {
+                cache.evict(cacheKey);
+            }
+            // TODO: 16-8-17 token删除还是刷新时更新？
+            oAuth2AccessMapper.deleteById(auth2Access.getId());
+            throw new AuthorizeException("expired_token");
+        }
+        if (!inCache) {
+            User user = userService.selectByPk(auth2Access.getUserId());
+            user.initRoleInfo();
+            User newUser = new User();
+            try {
+                BeanUtilsBean.getInstance().getPropertyUtils()
+                        .copyProperties(newUser, user);
+            } catch (Exception e) {
+            }
+            auth2Access.setUser(newUser);
+            cache.put(cacheKey, auth2Access);
+            return newUser;
+        } else {
+            return auth2Access.getUser();
+        }
+    }
+
+    @Override
+    public int getDefaultExpireIn() {
+        return configService.getInt("oauth2", "expire_in", 3600);
+    }
+
+}

hsweb-web-oauth2/hsweb-web-oauth2-simple/pom.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-web-oauth2</artifactId>
+        <groupId>org.hsweb</groupId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-web-oauth2-simple</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-oauth2-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-oauth2-controller</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-oauth2-service-common</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-oauth2-mybatis</artifactId>
+        </dependency>
+    </dependencies>
+</project>

hsweb-web-oauth2/hsweb-web-oauth2-simple/src/main/java/org/hsweb/web/oauth2/simple/SimpleOAuth2Manager.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.simple;
+
+import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
+import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.core.authorize.oauth2.OAuth2Manager;
+import org.hsweb.web.oauth2.service.OAuth2Service;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class SimpleOAuth2Manager implements OAuth2Manager {
+
+    private OAuth2Service oAuth2Service;
+
+    public SimpleOAuth2Manager(OAuth2Service oAuth2Service) {
+        this.oAuth2Service = oAuth2Service;
+    }
+
+    @Override
+    public String getAccessTokenByRequest(HttpServletRequest request) {
+        String token = request.getHeader("access_token");
+        if (token == null) {
+            String authorization = request.getHeader("Authorization");
+            if (authorization != null) {
+                String[] arr = authorization.split("[ ]");
+                if (arr.length == 2) token = arr[1];
+            }
+        }
+        if (token == null)
+            token = request.getParameter("access_token");
+        return token;
+    }
+
+    @Override
+    public User getUserByAccessToken(String accessToken) {
+        return oAuth2Service.getUserByAccessToken(accessToken);
+    }
+}

hsweb-web-oauth2/hsweb-web-oauth2-simple/src/main/java/org/hsweb/web/oauth2/simple/SimpleOAuth2ManagerAutoConfiguration.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.oauth2.simple;
+
+
+import org.hsweb.web.core.authorize.oauth2.OAuth2Manager;
+import org.hsweb.web.oauth2.service.OAuth2Service;
+import org.mybatis.spring.annotation.MapperScan;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ComponentScan("org.hsweb.web.oauth2")
+@MapperScan("org.hsweb.web.oauth2.dao")
+public class SimpleOAuth2ManagerAutoConfiguration {
+
+    @Bean
+    @ConditionalOnMissingBean(OAuth2Manager.class)
+    public OAuth2Manager oAuth2Manager(OAuth2Service oAuth2Service) {
+        return new SimpleOAuth2Manager(oAuth2Service);
+    }
+}

hsweb-web-oauth2/hsweb-web-oauth2-simple/src/main/resources/META-INF/spring.factories

@@ -0,0 +1,3 @@
+# Auto Configure
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+org.hsweb.web.oauth2.simple.SimpleOAuth2ManagerAutoConfiguration

hsweb-web-oauth2/pom.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015-2016 http://hsweb.me
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-framework</artifactId>
+        <groupId>org.hsweb</groupId>
+        <version>1.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-web-oauth2</artifactId>
+    <packaging>pom</packaging>
+    <modules>
+        <module>hsweb-web-oauth2-mybatis</module>
+        <module>hsweb-web-oauth2-controller</module>
+        <module>hsweb-web-oauth2-service-common</module>
+        <module>hsweb-web-oauth2-simple</module>
+        <module>hsweb-web-oauth2-core</module>
+    </modules>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.hsweb</groupId>
+            <artifactId>hsweb-web-service-interface</artifactId>
+        </dependency>
+
+    </dependencies>
+</project>