From 2f0e35d5d52ae9492f38a56f1b832e666a040060 Mon Sep 17 00:00:00 2001
From: xindongbook <java_super@163.com>
Date: Sun, 14 Jun 2020 14:51:21 +0800
Subject: [PATCH] add ch06

---
 src/com/my/app/AppServlet.java                |  43 ------
 src/com/my/oauth/OauthServlet.java            | 126 ------------------
 src/com/my/oauth/Servlet.java                 |  32 -----
 src/com/oauth/ch03/AppIndexServlet.java       |   4 +-
 src/com/oauth/ch03/AppServlet.java            |   8 +-
 src/com/oauth/ch03/OauthServlet.java          |   5 +
 src/com/oauth/ch03/ProtectedServlet.java      |   9 +-
 src/com/oauth/ch04/JWTTest.java               |   4 +-
 .../oauth/{ch02 => ch06}/AppIndexServlet.java |   2 +-
 src/com/oauth/{ch02 => ch06}/AppServlet.java  |   2 +-
 .../oauth/{ch02 => ch06}/OauthServlet.java    |   2 +-
 src/com/oauth/ch09/OauthServlet.java          |   4 +-
 12 files changed, 26 insertions(+), 215 deletions(-)
 delete mode 100644 src/com/my/app/AppServlet.java
 delete mode 100644 src/com/my/oauth/OauthServlet.java
 delete mode 100644 src/com/my/oauth/Servlet.java
 rename src/com/oauth/{ch02 => ch06}/AppIndexServlet.java (98%)
 rename src/com/oauth/{ch02 => ch06}/AppServlet.java (99%)
 rename src/com/oauth/{ch02 => ch06}/OauthServlet.java (99%)

diff --git a/src/com/my/app/AppServlet.java b/src/com/my/app/AppServlet.java
deleted file mode 100644
index 2bf461d..0000000
--- a/src/com/my/app/AppServlet.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package com.my.app;
-
-import com.my.util.HttpURLClient;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-@WebServlet("/AppServlet")
-public class AppServlet extends HttpServlet {
-
-
-
-    String oauthURl="http://localhost:8080/OauthServlet";
-
-    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
-    }
-
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
-
-        System.out.println("start parse code...");
-
-        String code = request.getParameter("code");
-
-        Map<String, String> params = new HashMap<String, String>();
-        params.put("code","s3ers89u");
-        params.put("grant_type","authorization_code");
-
-        String result = HttpURLClient.doPost(oauthURl,HttpURLClient.mapToStr(params));
-
-
-        System.out.println("result:"+result);
-
-
-    }
-}
diff --git a/src/com/my/oauth/OauthServlet.java b/src/com/my/oauth/OauthServlet.java
deleted file mode 100644
index ade6bed..0000000
--- a/src/com/my/oauth/OauthServlet.java
+++ /dev/null
@@ -1,126 +0,0 @@
-package com.my.oauth;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Random;
-
-@WebServlet("/OauthServlet")
-public class OauthServlet extends HttpServlet {
-
-
-    String authUrl="http://localhost/OauthServlet/response_type=code&redirect_uri=redirect_uri&app_id=app_id&app_secret=app_secret";
-
-
-    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
-        System.out.println("start accept post req, generate access_toen");
-
-        String grantType = request.getParameter("grant_type");
-        if("authorization_code".equals(grantType)){
-
-            System.out.println("start generate access_toen");
-
-
-            response.getWriter().write("ACCESSTOKEN");
-
-        }
-    }
-
-
-
-
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
-
-
-//        String responseType = "";//响应类型 告诉授权服务要求返回什么，比如code，token
-        String appId = "";//第三方软件ID
-        String appSecret = "";//第三方软件秘钥
-        String redirecturi = "";//重定向地址
-        String code = "";//授权码
-        String accessToken = "";//访问令牌
-        String refreshToken = "";//刷新令牌
-        String scop = "" ;//授权访问权限范围
-        String grantType = "";//授权类型 告诉授权服务我要采用什么样的授权类型去请求
-        String tokenType = "";// 令牌类型
-        String state = "";// 用在安全防护上 比如跨站保护
-
-
-
-        String responseType = request.getParameter("response_type");
-        request.getParameter("app_id");
-        request.getParameter("app_secret");
-        request.getParameter("redirect_uri");
-        request.getParameter("code");
-        request.getParameter("access_token");
-        request.getParameter("refresh_token");
-        request.getParameter("scop");
-        request.getParameter("grant_type");
-        request.getParameter("token_type");
-        request.getParameter("state");
-
-        if("code".equals(responseType)){
-
-            String url = new StringBuilder(redirecturi).append("").toString();
-            response.sendRedirect(url);
-
-        }else if("token".equals(responseType)){
-
-        }
-
-
-
-        if("authorization_code".equals(grantType)){
-
-            System.out.println("start generate access_toen");
-
-            // TODO: 2020/2/19  生成access_token
-
-            response.getWriter().write("ACCESSTOKEN");
-
-        }else if("client_credentials".equals(grantType)){
-
-
-        }else if("password".equals(grantType)){
-
-
-        }else if("refresh_token".equals(grantType)){
-
-
-        }else{
-
-
-        }
-
-
-    }
-
-
-    private String generateCode(){
-        Random r = new Random();
-        StringBuilder rs = new StringBuilder();
-        for (int i = 0; i < 8; i++) {
-            rs.append(r.nextInt(10));
-        }
-        return rs.toString();
-
-    }
-
-
-    private String generateAccessToken(String appId,String userPin){
-
-        return "";
-    }
-
-
-    public static void main(String[] args) {
-
-        System.out.println(new OauthServlet().generateCode());
-
-    }
-
-}
diff --git a/src/com/my/oauth/Servlet.java b/src/com/my/oauth/Servlet.java
deleted file mode 100644
index 66dd268..0000000
--- a/src/com/my/oauth/Servlet.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package com.my.oauth;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-@WebServlet(name = "Servlet")
-public class Servlet extends HttpServlet {
-
-    public void init(){
-        System.out.println("Hello world, this message is from servlet!");
-    }
-
-
-    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
-        response.getOutputStream().print("Hello World");
-
-
-    }
-
-
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
-
-        response.setContentType("text/html");
-        response.getOutputStream().print("Hello World");
-    }
-}
diff --git a/src/com/oauth/ch03/AppIndexServlet.java b/src/com/oauth/ch03/AppIndexServlet.java
index 06e113b..a6aec80 100644
--- a/src/com/oauth/ch03/AppIndexServlet.java
+++ b/src/com/oauth/ch03/AppIndexServlet.java
@@ -13,8 +13,8 @@
 
 /**
  * **
- * 使用此类来模拟第三方软件的首页
- * http://localhost:8080/AppIndexServlet-ch03
+ * 使用此类来模拟【第三方软件的首页】
+ * 浏览器输入 http://localhost:8080/AppIndexServlet-ch03
  */
 @WebServlet("/AppIndexServlet-ch03")
 public class AppIndexServlet extends HttpServlet {
diff --git a/src/com/oauth/ch03/AppServlet.java b/src/com/oauth/ch03/AppServlet.java
index a9dce18..98520fb 100644
--- a/src/com/oauth/ch03/AppServlet.java
+++ b/src/com/oauth/ch03/AppServlet.java
@@ -11,11 +11,15 @@
 import java.util.HashMap;
 import java.util.Map;
 
+
+/**
+ * **
+ * 使用此类来模拟【第三方软件的Server端】
+ *
+ */
 @WebServlet("/AppServlet-ch03")
 public class AppServlet extends HttpServlet {
 
-
-
     String oauthURl="http://localhost:8081/OauthServlet-ch03";
     String protectedURl="http://localhost:8081/ProtectedServlet-ch03";
 
diff --git a/src/com/oauth/ch03/OauthServlet.java b/src/com/oauth/ch03/OauthServlet.java
index 582396f..7917641 100644
--- a/src/com/oauth/ch03/OauthServlet.java
+++ b/src/com/oauth/ch03/OauthServlet.java
@@ -13,6 +13,11 @@
 import java.util.Random;
 import java.util.UUID;
 
+/**
+ * **
+ * 使用此类来模拟【授权服务】
+ */
+
 @WebServlet("/OauthServlet-ch03")
 public class OauthServlet extends HttpServlet {
 
diff --git a/src/com/oauth/ch03/ProtectedServlet.java b/src/com/oauth/ch03/ProtectedServlet.java
index 70bcd0a..2d5609f 100644
--- a/src/com/oauth/ch03/ProtectedServlet.java
+++ b/src/com/oauth/ch03/ProtectedServlet.java
@@ -11,13 +11,14 @@
 import java.util.HashMap;
 import java.util.Map;
 
+
+/**
+ * **
+ * 使用此类来模拟【受保护资源服务】
+ */
 @WebServlet("/ProtectedServlet-ch03")
 public class ProtectedServlet extends HttpServlet {
 
-
-
-
-
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 
         //省略验证代码
diff --git a/src/com/oauth/ch04/JWTTest.java b/src/com/oauth/ch04/JWTTest.java
index 61551b0..023ee3d 100644
--- a/src/com/oauth/ch04/JWTTest.java
+++ b/src/com/oauth/ch04/JWTTest.java
@@ -68,7 +68,9 @@ public static void main(String[] args) {
         headerMap.put("alg", "HS256");
 
         Map<String, Object> payloadMap = new HashMap<>();
-        payloadMap.put("sub", "USERTEST");
+        payloadMap.put("iss", "http://localhost:8081/");
+        payloadMap.put("sub", "XIAOMINGTEST");
+        payloadMap.put("aud", "APPID_RABBIT");
         payloadMap.put("exp", 1584105790703L);
         payloadMap.put("iat", 1584105948372L);
 
diff --git a/src/com/oauth/ch02/AppIndexServlet.java b/src/com/oauth/ch06/AppIndexServlet.java
similarity index 98%
rename from src/com/oauth/ch02/AppIndexServlet.java
rename to src/com/oauth/ch06/AppIndexServlet.java
index 42dc97d..25f0889 100644
--- a/src/com/oauth/ch02/AppIndexServlet.java
+++ b/src/com/oauth/ch06/AppIndexServlet.java
@@ -1,4 +1,4 @@
-package com.oauth.ch02;
+package com.oauth.ch06;
 
 import com.my.util.URLParamsUtil;
 
diff --git a/src/com/oauth/ch02/AppServlet.java b/src/com/oauth/ch06/AppServlet.java
similarity index 99%
rename from src/com/oauth/ch02/AppServlet.java
rename to src/com/oauth/ch06/AppServlet.java
index 08ccb63..8778749 100644
--- a/src/com/oauth/ch02/AppServlet.java
+++ b/src/com/oauth/ch06/AppServlet.java
@@ -1,4 +1,4 @@
-package com.oauth.ch02;
+package com.oauth.ch06;
 
 import com.my.util.HttpURLClient;
 
diff --git a/src/com/oauth/ch02/OauthServlet.java b/src/com/oauth/ch06/OauthServlet.java
similarity index 99%
rename from src/com/oauth/ch02/OauthServlet.java
rename to src/com/oauth/ch06/OauthServlet.java
index d438f25..3d15fb9 100644
--- a/src/com/oauth/ch02/OauthServlet.java
+++ b/src/com/oauth/ch06/OauthServlet.java
@@ -1,4 +1,4 @@
-package com.oauth.ch02;
+package com.oauth.ch06;
 
 import com.my.util.URLParamsUtil;
 
diff --git a/src/com/oauth/ch09/OauthServlet.java b/src/com/oauth/ch09/OauthServlet.java
index d3f0217..424f428 100644
--- a/src/com/oauth/ch09/OauthServlet.java
+++ b/src/com/oauth/ch09/OauthServlet.java
@@ -113,7 +113,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
             tokenScopeMap.put(accessToken,codeScopeMap.get(code));//授权范围与访问令牌绑定
 
             //GENATE ID TOKEN
-            String id_token=genrateIdToken(appId,"XIAOMINGTEST");
+            String id_token=genrateIdToken(appId,"XIAOMINGTEST");//模拟用户小明登录
 
             response.getWriter().write(accessToken+"|"+id_token);
 
@@ -123,7 +123,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 
 
     /**
-     * genrate id_token
+     * genrate
      * @param appId
      * @param user
      * @return