From cfdc7bf1d27939c1648f9de5a1c31c956c371577 Mon Sep 17 00:00:00 2001
From: xindongbook <java_super@163.com>
Date: Sun, 14 Jun 2020 16:06:02 +0800
Subject: [PATCH] add oidc

---
 src/com/oauth/ch04/JWTTest.java          |   6 +-
 src/com/oauth/ch09/AppIndexServlet.java  |  51 +++++++++++
 src/com/oauth/ch09/AppServlet.java       | 109 +++++++++++++++++++++++
 src/com/oauth/ch09/OauthServlet.java     |   9 +-
 src/com/oauth/ch09/ProtectedServlet.java |  76 ++++++++++++++++
 web/approve-09.jsp                       |  37 ++++++++
 web/index.jsp                            |   5 +-
 web/oidc.jsp                             |  12 +++
 8 files changed, 299 insertions(+), 6 deletions(-)
 create mode 100644 src/com/oauth/ch09/AppIndexServlet.java
 create mode 100644 src/com/oauth/ch09/AppServlet.java
 create mode 100644 src/com/oauth/ch09/ProtectedServlet.java
 create mode 100644 web/approve-09.jsp
 create mode 100644 web/oidc.jsp

diff --git a/src/com/oauth/ch04/JWTTest.java b/src/com/oauth/ch04/JWTTest.java
index 023ee3d..0a1bf53 100644
--- a/src/com/oauth/ch04/JWTTest.java
+++ b/src/com/oauth/ch04/JWTTest.java
@@ -91,7 +91,11 @@ public static void main(String[] args) {
 
         System.out.println("jwt header:" + header);
         System.out.println("jwt body:" + body);
-        System.out.println("jwt body:" + body.getSubject());
+        System.out.println("jwt sub:" + body.getSubject());
+        System.out.println("jwt aud:" + body.getAudience());
+        System.out.println("jwt iss:" + body.getIssuer());
+        System.out.println("jwt exp:" + body.getExpiration());
+        System.out.println("jwt iat:" + body.getIssuedAt());
     }
 
 }
diff --git a/src/com/oauth/ch09/AppIndexServlet.java b/src/com/oauth/ch09/AppIndexServlet.java
new file mode 100644
index 0000000..fd9452d
--- /dev/null
+++ b/src/com/oauth/ch09/AppIndexServlet.java
@@ -0,0 +1,51 @@
+package com.oauth.ch09;
+
+import com.my.util.URLParamsUtil;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * **
+ * 使用此类来模拟【第三方软件的首页】
+ * 浏览器输入 http://localhost:8080/AppIndexServlet-ch09
+ */
+@WebServlet("/AppIndexServlet-ch09")
+public class AppIndexServlet extends HttpServlet {
+
+    //8080:三方软件，8081：授权服务，8081：受保护资源服务 为了演示方便我们将授权服务和受保护资源服务放在同一个服务上面
+
+    String oauthUrl = "http://localhost:8081/OauthServlet-ch09?reqType=oauth";
+    String redirectUrl = "http://localhost:8080/AppServlet-ch09";
+
+
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        //授权码许可流程，DEMO CODE
+        System.out.println("app index ...");
+
+        Map<String, String> params = new HashMap<String, String>();
+        params.put("response_type","code");
+        params.put("redirect_uri",redirectUrl);
+        params.put("app_id","APPID_RABBIT");
+        params.put("scope","today history");
+
+
+        String toOauthUrl = URLParamsUtil.appendParams(oauthUrl,params);//构造请求授权的URl
+
+        System.out.println("toOauthUrl: "+toOauthUrl);
+
+        response.sendRedirect(toOauthUrl);//授权码流程的【第一次】重定向
+
+    }
+}
diff --git a/src/com/oauth/ch09/AppServlet.java b/src/com/oauth/ch09/AppServlet.java
new file mode 100644
index 0000000..b0533fe
--- /dev/null
+++ b/src/com/oauth/ch09/AppServlet.java
@@ -0,0 +1,109 @@
+package com.oauth.ch09;
+
+import com.my.util.HttpURLClient;
+import io.jsonwebtoken.*;
+
+import javax.crypto.spec.SecretKeySpec;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.security.Key;
+import java.util.HashMap;
+import java.util.Map;
+
+
+/**
+ * **
+ * 使用此类来模拟【第三方软件的Server端】
+ *
+ */
+@WebServlet("/AppServlet-ch09")
+public class AppServlet extends HttpServlet {
+
+    String oauthURl="http://localhost:8081/OauthServlet-ch09";
+    String protectedURl="http://localhost:8081/ProtectedServlet-ch09";
+
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        //授权码许可流程，DEMO CODE
+
+        String code = request.getParameter("code");
+
+        Map<String, String> params = new HashMap<String, String>();
+        params.put("code",code);
+        params.put("grant_type","authorization_code");
+        params.put("app_id","APPID_RABBIT");
+        params.put("app_secret","APPSECRET_RABBIT");
+
+        System.out.println("start post code for token ...");
+        String result = HttpURLClient.doPost(oauthURl,HttpURLClient.mapToStr(params));
+
+        System.out.println("result:"+result);
+        String[] arry = result.split("&");
+        String accessToken = arry[0];
+        String id_token = arry[1];
+
+        System.out.println("accessToken:"+accessToken);
+        System.out.println("id_token:"+id_token);
+
+        //获取用户登录标识
+        Map<String,String> map = parseJwt(id_token);
+
+        request.setAttribute("sub",map.get("sub"));
+
+        //跳转到授权页面
+        request.getRequestDispatcher("/oidc.jsp").forward(request,response);
+
+
+        /*//使用 accessToken 请求受保护资源服务
+        Map<String, String> paramsMap = new HashMap<String, String>();
+
+        paramsMap.put("app_id","APPID_RABBIT");
+        paramsMap.put("app_secret","APPSECRET_RABBIT");
+        paramsMap.put("token",accessToken);
+
+        HttpURLClient.doPost(protectedURl,HttpURLClient.mapToStr(paramsMap));
+*/
+
+    }
+
+    private Map<String,String> parseJwt(String jwt){
+        String sharedTokenSecret="hellooauthhellooauthhellooauthhellooauth";
+        Key key = new SecretKeySpec(sharedTokenSecret.getBytes(),
+                SignatureAlgorithm.HS256.getJcaName());
+
+        Map<String,String> map = new HashMap<String, String>();
+
+        Jws<Claims> claimsJws = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(jwt);
+
+//        JwsHeader header = claimsJws.getHeader();
+        Claims body = claimsJws.getBody();
+
+//        System.out.println("jwt header:" + header);
+        System.out.println("jwt body:" + body);
+
+        map.put("sub",body.getSubject());
+        map.put("aud",body.getAudience());
+        map.put("iss",body.getIssuer());
+
+        return map;
+    }
+
+
+    public static void main(String[] args) {
+
+        String ss="95fd88bc-c69e-4add-bf3a-5d75766b85a7&eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJYSUFPTUlOR1RFU1QiLCJhdWQiOiJBUFBJRF9SQUJCSVQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvIiwiZXhwIjoxNTg0MTA1NzkwNzAzLCJpYXQiOjE1ODQxMDU5NDgzNzJ9.SoJT62wYOMihpaH3Ttxf3WYwnC6qEyKbJ-bF7jMqxL8";
+
+        String[] arry = ss.split("&");
+        System.out.println("access_token:"+arry[0]);
+        System.out.println("id_token:"+arry[1]);
+    }
+
+}
diff --git a/src/com/oauth/ch09/OauthServlet.java b/src/com/oauth/ch09/OauthServlet.java
index 424f428..e8a00ef 100644
--- a/src/com/oauth/ch09/OauthServlet.java
+++ b/src/com/oauth/ch09/OauthServlet.java
@@ -39,7 +39,7 @@ public class OauthServlet extends HttpServlet {
         //模拟第三方软件注册之后的数据库存储
         appMap.put("app_id","APPID_RABBIT");
         appMap.put("app_secret","APPSECRET_RABBIT");
-        appMap.put("redirect_uri","http://localhost:8080/AppServlet-ch03");
+        appMap.put("redirect_uri","http://localhost:8080/AppServlet-ch09");
         appMap.put("scope","today history");
 
     }
@@ -115,7 +115,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
             //GENATE ID TOKEN
             String id_token=genrateIdToken(appId,"XIAOMINGTEST");//模拟用户小明登录
 
-            response.getWriter().write(accessToken+"|"+id_token);
+            response.getWriter().write(accessToken+"&"+id_token);
 
         }
 
@@ -159,6 +159,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         String scope = request.getParameter("scope");
 
         System.out.println("8081 GET responseType: "+responseType);
+        System.out.println("8081 GET redirect_uri: "+redirectUri);
+        System.out.println("8081 GET app_id: "+appId);
+        System.out.println("8081 GET scope: "+scope);
 
         if(!appMap.get("app_id").equals(appId)){
             return;
@@ -185,7 +188,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         request.setAttribute("app_id",appId);
 
         //跳转到授权页面
-        request.getRequestDispatcher("/approve.jsp").forward(request,response);
+        request.getRequestDispatcher("/approve-09.jsp").forward(request,response);
 
         //至此颁发授权码code的准备工作完毕
 
diff --git a/src/com/oauth/ch09/ProtectedServlet.java b/src/com/oauth/ch09/ProtectedServlet.java
new file mode 100644
index 0000000..1f286f0
--- /dev/null
+++ b/src/com/oauth/ch09/ProtectedServlet.java
@@ -0,0 +1,76 @@
+package com.oauth.ch09;
+
+import com.oauth.ch09.OauthServlet;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+/**
+ * **
+ * 使用此类来模拟【受保护资源服务】
+ */
+@WebServlet("/ProtectedServlet-ch09")
+public class ProtectedServlet extends HttpServlet {
+
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        //省略验证代码
+
+        String accessToken =  request.getParameter("token");
+
+        //根据当时授权的token对应的权限范围，做相应的处理动作
+        //不同权限对应不同的操作
+        String[] scope = OauthServlet.tokenScopeMap.get(accessToken);
+
+        StringBuffer sbuf = new StringBuffer();
+        for(int i=0;i<scope.length;i++){
+            sbuf.append(scope[i]).append("|");
+        }
+
+        if(sbuf.toString().indexOf("query")>0){
+            queryGoods("");
+        }
+
+        if(sbuf.toString().indexOf("add")>0){
+            addGoods("");
+        }
+
+        if(sbuf.toString().indexOf("del")>0){
+            delGoods("");
+        }
+
+        //不同的用户对应不同的数据
+        String user = OauthServlet.tokenMap.get(accessToken);
+        queryOrders(user);
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+
+
+
+    }
+
+
+    private String queryGoods(String id){
+        return "";
+    }
+
+    private boolean addGoods(String goods){
+        return true;
+    }
+
+    private boolean delGoods(String id){
+        return true;
+    }
+
+    private String queryOrders(String user){
+        return "";
+    }
+
+}
diff --git a/web/approve-09.jsp b/web/approve-09.jsp
new file mode 100644
index 0000000..8efc8e8
--- /dev/null
+++ b/web/approve-09.jsp
@@ -0,0 +1,37 @@
+
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Oauth Test</title>
+</head>
+<body>
+
+<form action="/OauthServlet-ch09" method="post">
+    <input type="hidden" name="reqid" value="<%=request.getAttribute("reqid")%>" />
+    <input type="hidden" name="response_type" value="<%=request.getAttribute("response_type")%>" />
+    <input type="hidden" name="redirect_uri" value="<%=request.getAttribute("redirect_uri")%>" />
+    <input type="hidden" name="app_id" value="<%=request.getAttribute("app_id")%>" />
+
+    <!--模拟 approve 动作-->
+    <input type="hidden" name="reqType" value="approve" />
+
+    Are you sure you want the authorization code？
+
+    <br>
+    appid: <%=request.getAttribute("app_id")%>
+
+    <br>
+    <input type="checkbox" value="today" name="rscope" checked/>today<br>
+    <input type="checkbox" value="history" name="rscope"/>history<br>
+    <%--<input type="checkbox" value="pic" name="rscope"/>pic<br>--%>
+
+    <br>
+
+    <input type="submit" value="approve"/> <input type="submit" value="refuse"/>
+    <br>
+
+
+</form>
+
+</body>
+</html>
diff --git a/web/index.jsp b/web/index.jsp
index 7c0b1d8..a3238e2 100644
--- a/web/index.jsp
+++ b/web/index.jsp
@@ -8,9 +8,10 @@
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <html>
   <head>
-    <title>$Title$</title>
+    <title>OAuth 2 code test</title>
   </head>
   <body>
-  Hello World
+  OAuth 2 code test
+  please go to ch03 or ch09
   </body>
 </html>
diff --git a/web/oidc.jsp b/web/oidc.jsp
new file mode 100644
index 0000000..ecc06fc
--- /dev/null
+++ b/web/oidc.jsp
@@ -0,0 +1,12 @@
+
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Oauth Test</title>
+</head>
+<body>
+
+hello ，<%=request.getAttribute("sub")%> ，you have signed in successfully。
+
+</body>
+</html>