diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Authorization.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Authorization.java
index b9de1c986..2011e40ff 100644
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Authorization.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Authorization.java
@@ -26,9 +26,9 @@ import java.util.function.Supplier;
/**
* 用户授权信息,当前登录用户的权限信息,包括用户的基本信息,角色,权限集合等常用信息
- * 如何获取:
+ * 获取方式:
*
- * - springmvc 入参方式: ResponseMessage myTest(@AuthInfo Authorization auth){}
+ * - springmvc 入参方式: ResponseMessage myTest(Authorization auth){}
* - 静态方法方式:AuthorizationHolder.get();
*
*
@@ -39,23 +39,17 @@ import java.util.function.Supplier;
public interface Authorization extends Serializable {
/**
- * 获取用户基本信息
- *
* @return 用户信息
*/
User getUser();
/**
- * 获取持有的角色集合
- *
- * @return 角色集合
+ * @return 用户持有的角色集合
*/
List getRoles();
/**
- * 获取持有的权限集合
- *
- * @return 权限集合
+ * @return 用户持有的权限集合
*/
List getPermissions();
diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationInitializeService.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationInitializeService.java
new file mode 100644
index 000000000..6837e252c
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationInitializeService.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationInitializeService {
+ Authorization initUserAuthorization(String userId);
+
+ Authorization initAdminAuthorization(String userId);
+}
diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java
index c4230ae2d..a5e86fb8b 100644
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java
@@ -24,7 +24,8 @@ import java.io.Serializable;
import java.util.Set;
/**
- * 用户持有的权限信息
+ * 用户持有的权限信息,包含了权限基本信息、可操作范围(action)、行,列级权限控制规则。
+ * 是用户权限的重要接口。
*
* @author zhouhao
* @see Authorization
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-api/pom.xml b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-api/pom.xml
new file mode 100644
index 000000000..9cf897825
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-api/pom.xml
@@ -0,0 +1,39 @@
+
+
+
+
+
+ hsweb-authorization-oauth2-server
+ org.hswebframework.web
+ 3.0-SNAPSHOT
+
+ 4.0.0
+
+ hsweb-authorization-oauth2-server-api
+
+
+
+ org.hswebframework.web
+ hsweb-authorization-oauth2-server-entity
+ ${project.version}
+
+
+
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-api/src/main/java/org/hswebframework/web/authorization/oauth2/api/OAuth2ServerService.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-api/src/main/java/org/hswebframework/web/authorization/oauth2/api/OAuth2ServerService.java
new file mode 100644
index 000000000..838741a5a
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-api/src/main/java/org/hswebframework/web/authorization/oauth2/api/OAuth2ServerService.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.api;
+
+import org.hswebframework.web.authorization.oauth2.entity.OAuth2AccessEntity;
+import org.hswebframework.web.authorization.oauth2.entity.OAuth2ClientEntity;
+
+/**
+ * @author zhouhao
+ */
+public interface OAuth2ServerService {
+
+ OAuth2ClientEntity getClient(String clientId);
+
+ OAuth2ClientEntity getClient(String clientId, String clientSecret);
+
+ OAuth2AccessEntity getAccessByToken(String accessToken);
+
+ String requestCode(String clientId, String userId, String scope);
+
+ OAuth2AccessEntity requestTokenByCode(String code, String clientId, String clientSecret, String scope);
+
+ OAuth2AccessEntity requestTokenByClientCredential(String clientId, String clientSecret);
+
+ OAuth2AccessEntity requestTokenByPassword(String username, String password);
+
+ OAuth2AccessEntity refreshToken(String clientId, String clientSecret, String refreshToken, String scope);
+
+ OAuth2AccessEntity getAccessToken(String accessToken);
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/pom.xml b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/pom.xml
new file mode 100644
index 000000000..eb87af40a
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/pom.xml
@@ -0,0 +1,45 @@
+
+
+
+
+
+ hsweb-authorization-oauth2-server-dao
+ org.hswebframework.web
+ 3.0-SNAPSHOT
+
+ 4.0.0
+
+ hsweb-authorization-oauth2-server-dao-api
+
+
+
+ org.hswebframework.web
+ hsweb-commons-dao-api
+ ${project.version}
+
+
+ org.hswebframework.web
+ hsweb-authorization-oauth2-server-entity
+ ${project.version}
+
+
+
+
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/AuthorizationCodeDao.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/AuthorizationCodeDao.java
new file mode 100644
index 000000000..7fbea8c97
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/AuthorizationCodeDao.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.dao;
+
+import org.hswebframework.web.authorization.oauth2.entity.AuthorizationCodeEntity;
+import org.hswebframework.web.dao.InsertDao;
+import org.hswebframework.web.dao.dynamic.DeleteByEntityDao;
+import org.hswebframework.web.dao.dynamic.QueryByEntityDao;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeDao extends
+ InsertDao,
+ DeleteByEntityDao,
+ QueryByEntityDao {
+
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/OAuth2AccessDao.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/OAuth2AccessDao.java
new file mode 100644
index 000000000..d1730aadc
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/OAuth2AccessDao.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.dao;
+
+import org.hswebframework.web.authorization.oauth2.entity.OAuth2AccessEntity;
+import org.hswebframework.web.dao.InsertDao;
+import org.hswebframework.web.dao.dynamic.DeleteByEntityDao;
+import org.hswebframework.web.dao.dynamic.QueryByEntityDao;
+import org.hswebframework.web.dao.dynamic.UpdateByEntityDao;
+
+/**
+ * @author zhouhao
+ */
+public interface OAuth2AccessDao extends
+ InsertDao,
+ DeleteByEntityDao,
+ UpdateByEntityDao,
+ QueryByEntityDao {
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/OAuth2ClientDao.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/OAuth2ClientDao.java
new file mode 100644
index 000000000..5636a52b4
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/hsweb-authorization-oauth2-server-dao-api/src/main/java/org/hswebframework/web/authorization/oauth2/dao/OAuth2ClientDao.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.dao;
+
+import org.hswebframework.web.authorization.oauth2.entity.OAuth2ClientEntity;
+import org.hswebframework.web.dao.CrudDao;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2ClientDao extends CrudDao {
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/pom.xml b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/pom.xml
new file mode 100644
index 000000000..19a18a85e
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-dao/pom.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+ hsweb-authorization-oauth2-server
+ org.hswebframework.web
+ 3.0-SNAPSHOT
+
+ 4.0.0
+
+ hsweb-authorization-oauth2-server-dao
+ pom
+
+ hsweb-authorization-oauth2-server-dao-api
+
+
+
+
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/pom.xml b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/pom.xml
new file mode 100644
index 000000000..f798be18c
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/pom.xml
@@ -0,0 +1,45 @@
+
+
+
+
+
+ hsweb-authorization-oauth2-server
+ org.hswebframework.web
+ 3.0-SNAPSHOT
+
+ 4.0.0
+
+ hsweb-authorization-oauth2-server-entity
+
+
+
+
+ org.hswebframework.web
+ hsweb-commons-entity
+ ${project.version}
+
+
+ org.hswebframework.web
+ hsweb-authorization-api
+ ${project.version}
+
+
+
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/AuthorizationCodeEntity.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/AuthorizationCodeEntity.java
new file mode 100644
index 000000000..479ea43ab
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/AuthorizationCodeEntity.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.entity;
+
+import org.hswebframework.web.commons.entity.Entity;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface AuthorizationCodeEntity extends Entity {
+ String getClientId();
+
+ void setClientId(String clientId);
+
+ String getUserId();
+
+ void setUserId(String userId);
+
+ String getCode();
+
+ void setCode(String code);
+
+ Long getCreateTime();
+
+ void setCreateTime(Long createTime);
+
+ String getScope();
+
+ void setScope(String scope);
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/OAuth2AccessEntity.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/OAuth2AccessEntity.java
new file mode 100644
index 000000000..cc7215007
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/OAuth2AccessEntity.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.entity;
+
+import org.hswebframework.web.commons.entity.Entity;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface OAuth2AccessEntity extends Entity {
+
+ String getClientId();
+
+ void setClientId(String clientId);
+
+ String getUserId();
+
+ void setUserId(String userId);
+
+ String getAccessToken();
+
+ void setAccessToken(String accessToken);
+
+ String getRefreshToken();
+
+ void setRefreshToken(String refreshToken);
+
+ Long getExpireIn();
+
+ void setExpireIn(Long expireIn);
+
+ Long getCreateTime();
+
+ void setCreateTime(Long createTime);
+
+ Long getUpdateTime();
+
+ void setUpdateTime(Long updateTime);
+
+ String getScope();
+
+ void setScope(String scope);
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/OAuth2ClientEntity.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/OAuth2ClientEntity.java
new file mode 100644
index 000000000..6a6dfaf19
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/OAuth2ClientEntity.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.entity;
+
+import org.hswebframework.web.authorization.User;
+import org.hswebframework.web.commons.entity.GenericEntity;
+import org.hswebframework.web.commons.entity.RecordCreationEntity;
+
+/**
+ * @author zhouhao
+ */
+public interface OAuth2ClientEntity extends GenericEntity, RecordCreationEntity {
+
+ // client_id
+ @Override
+ String getId();
+
+ String getName();
+
+ void setName(String name);
+
+ // client_secret
+ String getSecret();
+
+ void setSecret(String secret);
+
+ //redirect_uri
+ String getRedirectUri();
+
+ void setRedirectUri(String redirectUri);
+
+ /**
+ * @return 客户端所有者
+ * @see User#getId()
+ */
+ String getOwnerId();
+
+ void setOwnerId(String ownerId);
+
+ String getComments();
+
+ void setComments(String comments);
+
+ String getType();
+
+ void setType(String type);
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleAuthorizationCodeEntity.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleAuthorizationCodeEntity.java
new file mode 100644
index 000000000..f135ad977
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleAuthorizationCodeEntity.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.entity;
+
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleAuthorizationCodeEntity implements AuthorizationCodeEntity {
+ private String clientId;
+
+ private String userId;
+
+ private String code;
+
+ private Long createTime;
+
+ private String scope;
+
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public Long getCreateTime() {
+ return createTime;
+ }
+
+ public void setCreateTime(Long createTime) {
+ this.createTime = createTime;
+ }
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleOAuth2AccessEntity.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleOAuth2AccessEntity.java
new file mode 100644
index 000000000..7248c1df2
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleOAuth2AccessEntity.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.entity;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleOAuth2AccessEntity implements OAuth2AccessEntity {
+
+ private String clientId;
+
+ private String userId;
+
+ private String accessToken;
+
+ private String refreshToken;
+
+ private Long expireIn;
+
+ private Long createTime;
+
+ private Long updateTime;
+
+ private String scope;
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public String getAccessToken() {
+ return accessToken;
+ }
+
+ public void setAccessToken(String accessToken) {
+ this.accessToken = accessToken;
+ }
+
+ public String getRefreshToken() {
+ return refreshToken;
+ }
+
+ public void setRefreshToken(String refreshToken) {
+ this.refreshToken = refreshToken;
+ }
+
+ public Long getExpireIn() {
+ return expireIn;
+ }
+
+ public void setExpireIn(Long expireIn) {
+ this.expireIn = expireIn;
+ }
+
+ public Long getCreateTime() {
+ return createTime;
+ }
+
+ public void setCreateTime(Long createTime) {
+ this.createTime = createTime;
+ }
+
+ public Long getUpdateTime() {
+ return updateTime;
+ }
+
+ public void setUpdateTime(Long updateTime) {
+ this.updateTime = updateTime;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleOAuth2ClientEntity.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleOAuth2ClientEntity.java
new file mode 100644
index 000000000..973f79289
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-entity/src/main/java/org.hswebframework.web.authorization.oauth2.entity/SimpleOAuth2ClientEntity.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.entity;
+
+import org.hswebframework.web.commons.entity.SimpleGenericEntity;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleOAuth2ClientEntity extends SimpleGenericEntity implements OAuth2ClientEntity {
+ private String name;
+
+ private String secret;
+
+ private String redirectUri;
+
+ private String ownerId;
+
+ private String creatorId;
+
+ private Long createTime;
+
+ private String type;
+
+ private String comments;
+
+ public String getComments() {
+ return comments;
+ }
+
+ public void setComments(String comments) {
+ this.comments = comments;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String getSecret() {
+ return secret;
+ }
+
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+
+ @Override
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ @Override
+ public String getOwnerId() {
+ return ownerId;
+ }
+
+ public void setOwnerId(String ownerId) {
+ this.ownerId = ownerId;
+ }
+
+ @Override
+ public String getCreatorId() {
+ return creatorId;
+ }
+
+ @Override
+ public void setCreatorId(String creatorId) {
+ this.creatorId = creatorId;
+ }
+
+ @Override
+ public Long getCreateTime() {
+ return createTime;
+ }
+
+ @Override
+ public void setCreateTime(Long createTime) {
+ this.createTime = createTime;
+ }
+
+ public String getType() {
+ return type;
+ }
+
+ public void setType(String type) {
+ this.type = type;
+ }
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-simple/pom.xml b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-simple/pom.xml
new file mode 100644
index 000000000..eaa3f0688
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-simple/pom.xml
@@ -0,0 +1,55 @@
+
+
+
+
+
+ hsweb-authorization-oauth2-server
+ org.hswebframework.web
+ 3.0-SNAPSHOT
+
+ 4.0.0
+
+ hsweb-authorization-oauth2-server-simple
+
+
+
+
+ org.hswebframework.web
+ hsweb-authorization-oauth2-server-api
+ ${project.version}
+
+
+ org.hswebframework.web
+ hsweb-commons-service-simple
+ ${project.version}
+
+
+ org.hswebframework.web
+ hsweb-system-authorization-service-api
+ ${project.version}
+
+
+ org.hswebframework.web
+ hsweb-authorization-oauth2-server-dao-api
+ ${project.version}
+
+
+
\ No newline at end of file
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-simple/src/main/java/org/hswebframework/web/authorization/oauth2/simple/SimpleOAuth2ServerService.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-simple/src/main/java/org/hswebframework/web/authorization/oauth2/simple/SimpleOAuth2ServerService.java
new file mode 100644
index 000000000..50893a4c8
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/hsweb-authorization-oauth2-server-simple/src/main/java/org/hswebframework/web/authorization/oauth2/simple/SimpleOAuth2ServerService.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.oauth2.simple;
+
+import org.hswebframework.web.AuthorizeForbiddenException;
+import org.hswebframework.web.NotFoundException;
+import org.hswebframework.web.authorization.oauth2.api.OAuth2ServerService;
+import org.hswebframework.web.authorization.oauth2.dao.AuthorizationCodeDao;
+import org.hswebframework.web.authorization.oauth2.dao.OAuth2AccessDao;
+import org.hswebframework.web.authorization.oauth2.dao.OAuth2ClientDao;
+import org.hswebframework.web.authorization.oauth2.entity.AuthorizationCodeEntity;
+import org.hswebframework.web.authorization.oauth2.entity.OAuth2AccessEntity;
+import org.hswebframework.web.authorization.oauth2.entity.OAuth2ClientEntity;
+import org.hswebframework.web.commons.entity.GenericEntity;
+import org.hswebframework.web.commons.entity.factory.EntityFactory;
+import org.hswebframework.web.entity.authorization.UserEntity;
+import org.hswebframework.web.id.IDGenerator;
+import org.hswebframework.web.service.DefaultDSLQueryService;
+import org.hswebframework.web.service.authorization.UserService;
+
+import javax.annotation.Resource;
+
+import static org.hswebframework.web.service.DefaultDSLDeleteService.createDelete;
+import static org.hswebframework.web.service.DefaultDSLQueryService.createQuery;
+import static org.hswebframework.web.service.DefaultDSLUpdateService.createUpdate;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleOAuth2ServerService implements OAuth2ServerService {
+
+ private static final String cacheName = "hsweb.oauth2";
+ @Resource
+ private OAuth2ClientDao oAuth2ClientDao;
+
+ @Resource
+ private OAuth2AccessDao oAuth2AccessDao;
+
+ @Resource
+ private AuthorizationCodeDao authorizationCodeDao;
+ @Resource
+ private EntityFactory entityFactory;
+
+ @Resource
+ private UserService userService;
+
+ @Override
+ public OAuth2ClientEntity getClient(String clientId) {
+ return createQuery(oAuth2ClientDao)
+ .where(GenericEntity.id, clientId)
+ .single();
+ }
+
+ @Override
+ public OAuth2ClientEntity getClient(String clientId, String clientSecret) {
+ return createQuery(oAuth2ClientDao)
+ .where(GenericEntity.id, clientId)
+ // TODO: 17-2-28 key (clientSecret) 应该为常量
+ .where("clientSecret", clientSecret)
+ .single();
+ }
+
+ @Override
+ public OAuth2AccessEntity getAccessByToken(String accessToken) {
+ return createQuery(oAuth2AccessDao)
+ // TODO: 17-2-28 key (accessToken) 应该为常量
+ .where("accessToken", accessToken)
+ .single();
+ }
+
+ @Override
+ public String requestCode(String clientId, String userId, String scope) {
+ String code = IDGenerator.MD5.generate();
+ //删除旧的code
+ createDelete(authorizationCodeDao)
+ // TODO: 17-2-28 key 应该为常量
+ .where("userId", userId)
+ .and("clientId", userId)
+ .exec();
+ AuthorizationCodeEntity codeEntity = entityFactory.newInstance(AuthorizationCodeEntity.class);
+ codeEntity.setCreateTime(System.currentTimeMillis());
+ codeEntity.setClientId(clientId);
+ codeEntity.setUserId(userId);
+ codeEntity.setCode(code);
+ codeEntity.setScope(scope);
+ authorizationCodeDao.insert(codeEntity);
+ return code;
+ }
+
+ protected OAuth2AccessEntity createNewAccess() {
+ OAuth2AccessEntity entity = entityFactory.newInstance(OAuth2AccessEntity.class);
+ entity.setCreateTime(System.currentTimeMillis());
+ entity.setAccessToken(IDGenerator.MD5.generate());
+ entity.setRefreshToken(IDGenerator.MD5.generate());
+ return entity;
+ }
+
+ @Override
+ public OAuth2AccessEntity requestTokenByCode(String code, String clientId, String clientSecret, String scope) {
+ OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
+ if (null == clientEntity) {
+ // TODO: 17-2-28 自定义异常
+ throw new NotFoundException("client not found!");
+ }
+ AuthorizationCodeEntity codeEntity = createQuery(authorizationCodeDao)
+ .where("code", code)
+ .and("clientId", clientId)
+ .single();
+ if (codeEntity == null) {
+ throw new NotFoundException("code not found!");
+ }
+ //授权码已经创建超时(20s)
+ if (System.currentTimeMillis() - codeEntity.getCreateTime() < 20 * 1000) {
+ throw new NotFoundException("time out!");
+ }
+ // TODO: 17-2-28 验证scope
+
+ //删除使用过的授权码
+ createDelete(authorizationCodeDao)
+ .where("code", code)
+ .and("clientId", clientId)
+ .exec();
+
+ OAuth2AccessEntity accessEntity = createNewAccess();
+ accessEntity.setUserId(codeEntity.getUserId());
+ accessEntity.setClientId(clientId);
+ // TODO: 17-2-28 过期时间应该可配置
+ accessEntity.setExpireIn(3600L);
+ accessEntity.setScope(scope);
+ oAuth2AccessDao.insert(accessEntity);
+ return accessEntity;
+ }
+
+ @Override
+ public OAuth2AccessEntity requestTokenByClientCredential(String clientId, String clientSecret) {
+ OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
+ if (null == clientEntity) {
+ // TODO: 17-2-28 自定义异常
+ throw new NotFoundException("client not found!");
+ }
+ OAuth2AccessEntity oldEntity = DefaultDSLQueryService
+ .createQuery(oAuth2AccessDao)
+ .where("clientId", clientEntity.getId())
+ .and("userId", clientEntity.getOwnerId())
+ .single();
+ OAuth2AccessEntity newEntity = createNewAccess();
+ if (null != oldEntity)
+ createDelete(oAuth2AccessDao)
+ .where("clientId", oldEntity.getClientId())
+ .and("accessToken", oldEntity.getAccessToken())
+ .exec();
+
+ if (oldEntity != null) {
+ newEntity.setScope(oldEntity.getScope());
+ newEntity.setExpireIn(oldEntity.getExpireIn());
+ newEntity.setRefreshToken(oldEntity.getRefreshToken());
+ } else {
+ newEntity.setExpireIn(3600L);
+ }
+ newEntity.setUserId(clientEntity.getOwnerId());
+ newEntity.setScope("public");
+ oAuth2AccessDao.insert(newEntity);
+ return newEntity;
+ }
+
+ @Override
+ public OAuth2AccessEntity requestTokenByPassword(String username, String password) {
+ UserEntity entity = userService.selectByUsername(username);
+ if (null == entity) throw new NotFoundException("user not found");
+ if (!userService.encodePassword(password, entity.getSalt()).equals(entity.getPassword()))
+ throw new AuthorizeForbiddenException("password error");
+ OAuth2AccessEntity accessEntity = createNewAccess();
+ accessEntity.setUserId(entity.getId());
+ accessEntity.setScope("public");
+ accessEntity.setExpireIn(3600L);
+ oAuth2AccessDao.insert(accessEntity);
+ return accessEntity;
+ }
+
+ @Override
+ public OAuth2AccessEntity refreshToken(String clientId, String clientSecret, String refreshToken, String scope) {
+ OAuth2ClientEntity clientEntity = getClient(clientId, clientSecret);
+ if (null == clientEntity) {
+ // TODO: 17-2-28 自定义异常
+ throw new NotFoundException("client not found!");
+ }
+ OAuth2AccessEntity accessEntity = DefaultDSLQueryService.createQuery(oAuth2AccessDao)
+ .where("refreshToken", refreshToken)
+ .and("clientId", clientId)
+ .single();
+ if (null == accessEntity) {
+ throw new NotFoundException("access not found!");
+ }
+ //30天过期
+ long refreshTokenTimeOut = 30 * 24 * 60 * 60 * 1000L;
+ if (System.currentTimeMillis() - accessEntity.getCreateTime() > refreshTokenTimeOut) {
+ throw new NotFoundException("refresh_token time out");
+ }
+ accessEntity.setAccessToken(IDGenerator.MD5.generate());
+ accessEntity.setUpdateTime(System.currentTimeMillis());
+ accessEntity.setScope(scope);
+ createUpdate(oAuth2AccessDao, accessEntity)
+ .includes("accessToken", "updateTime", "scope")
+ .where("refreshToken", refreshToken)
+ .and("clientId", clientId)
+ .exec();
+ return accessEntity;
+ }
+
+ @Override
+ public OAuth2AccessEntity getAccessToken(String accessToken) {
+ return DefaultDSLQueryService.createQuery(oAuth2AccessDao).where("accessToken", accessToken).single();
+ }
+}
diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/pom.xml b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/pom.xml
index 95c087587..bb384a7c6 100644
--- a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/pom.xml
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-server/pom.xml
@@ -28,6 +28,19 @@
4.0.0
hsweb-authorization-oauth2-server
+ pom
+
+ hsweb-authorization-oauth2-server-entity
+ hsweb-authorization-oauth2-server-dao
+ hsweb-authorization-oauth2-server-api
+ hsweb-authorization-oauth2-server-simple
+
-
+
+
+ org.apache.oltu.oauth2
+ org.apache.oltu.oauth2.authzserver
+ 1.0.2
+
+
\ No newline at end of file