Merge pull request #7434 from eugenp/BAEL-2887-v2

remove extra files

oauth2-framework-impl/oauth2-authorization-server/src/main/java/com/baeldung/oauth2/authorization/server/web/AuthorizationEndpoint.java

@@ -1,209 +0,0 @@
-//package com.baeldung.security.oauth2.server.web;
-//
-//import AuthorizationCode;
-//import Client;
-//import User;
-//import com.baeldung.security.oauth2.server.service.AuthCodeService;
-//
-//import javax.ejb.EJB;
-//import javax.enterprise.context.RequestScoped;
-//import javax.inject.Inject;
-//import javax.persistence.EntityManager;
-//import javax.persistence.PersistenceContext;
-//import javax.security.enterprise.SecurityContext;
-//import javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
-//import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
-//import javax.servlet.ServletException;
-//import javax.servlet.annotation.HttpConstraint;
-//import javax.servlet.annotation.ServletSecurity;
-//import javax.servlet.annotation.WebServlet;
-//import javax.servlet.http.HttpServlet;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//import java.io.IOException;
-//import java.security.Principal;
-//import java.util.*;
-//
-///**
-// * 1. GET http://localhost:8080/app/ (302)
-// * 2. GET http://localhost:8080/uaa/authorize?client_id=app&redirect_uri=http://localhost:8080/app/&response_type=code&state=A123 (302)
-// * 3. GET http://localhost:8080/uaa/login (200) with initial request as hidden input
-// * 4. POST http://localhost:8080/uaa/login (username, password, initial client request) (302)
-// * 5. GET http://localhost:8080/uaa/authorize?client_id=app&redirect_uri=http://localhost:8080/app/&response_type=code&state=A123 (200)
-// * 7. POST http://localhost:8080/uaa/authorize?client_id=app&redirect_uri=http://localhost:8080/app/&response_type=code&state=A123 (302)
-// * 8. GET http://localhost:8080/app/?code=rkWijq06mL&state=A123 (200)
-// */
-///*
-//
-//Query Params:
-//        client_id: app
-//        redirect_uri: http://localhost:8080/app/
-//        response_type: code
-//        state: A123
-//
-//        ==> GET user login WITH client request as hidden input:
-//                    <input name="form_redirect_uri"
-//                   type="hidden"
-//                   value="http://localhost:8080/uaa/oauth/authorize?client_id=app&amp;redirect_uri=http://localhost:8080/app/&amp;response_type=code&amp;state=A123"/>
-//
-//        ==> After user login ==> Initial client request
-//        ==> gen code
-//        == redirect to redirect uri + params code & state : 302, location : http://localhost:8080/app/?code=w6A0YQFzzg&state=A123
-//*/
-//
-////authorize?client_id=app&redirect_uri=http://localhost:8080/app/&response_type=code&state=A123
-////http://localhost:9080/authorize?response_type=code&client_id=client_id_1&redirect_uri=http://localhost:9080/app&state=A123
-//
-////@RequestScoped
-//@FormAuthenticationMechanismDefinition(
-//        loginToContinue = @LoginToContinue(
-//                loginPage = "/login-servlet",
-//                errorPage = "/login-error-servlet"
-//        )
-//)
-//@WebServlet({"/authorize"})
-//@ServletSecurity(@HttpConstraint(rolesAllowed = "user"))
-////@Stateless
-//@RequestScoped
-//public class AuthorizationEndpoint extends HttpServlet {
-//
-//    private static final List<String> authorizedResponseTypes = Arrays.asList("code", "token");
-//
-//    @Inject
-//    private SecurityContext securityContext;
-//
-//    @PersistenceContext(name = "jpa-oauth2-pu")
-//    private EntityManager entityManager;
-//
-//    @EJB
-//    private AuthCodeService authCodeService;
-//
-//    //HTTP GET IS A MUST, POST IS OPTIONAL
-//    @Override
-//    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-//
-//        String error = "";
-//
-//        //1. User Authentication
-//        Principal principal = securityContext.getCallerPrincipal();
-//
-//        //2. Check for a valid client_id
-//        String clientId = request.getParameter("client_id");
-//        if (clientId == null) {
-//            request.setAttribute("error", "The client " + clientId + " doesn't exist.");
-//        }
-//        request.setAttribute("clientId", clientId);
-//        Client client = entityManager.find(Client.class, clientId);
-//        if (client == null) {
-//            request.setAttribute("error", "The client " + clientId + " doesn't exist.");
-//        }
-//
-//        //3. check for a valid response_type
-//        String responseType = request.getParameter("response_type");
-//        if (!authorizedResponseTypes.contains(responseType)) {
-//            error = "invalid_grant :" + responseType + ", response_type params should be one of :" + authorizedResponseTypes;
-//            request.setAttribute("error", error);
-//            request.getRequestDispatcher("/error.jsp")
-//                    .forward(request, response);
-//        }
-//
-//        //4. Optional redirect_uri, if provided should match
-//        String redirectUri = request.getParameter("redirect_uri");
-//        checkRedirectUri(client, redirectUri);
-//
-//        //save params
-//        String currentUri = request.getRequestURI();
-//        request.setAttribute("post_redirect_uri", currentUri);
-//
-//        String state = request.getParameter("state");
-//        Map<String, String> requestMap = new HashMap<>();
-//        requestMap.put("response_type", responseType);
-//        requestMap.put("client_id", clientId);
-//        requestMap.put("redirect_uri", redirectUri);
-//        requestMap.put("state", state);
-//        request.setAttribute("requestMap", requestMap);
-//
-//        //5.scope: Optional
-//        String requestedScope = request.getParameter("scope");
-//        if (requestedScope.isEmpty()) {
-//            requestedScope = client.getScope();
-//        }
-//        //requestedScope should be a subset of the client scope: clientScopes.containsAll(requestedScopes)
-//        //checkRequestedScope(requestedScope, client.getScope());
-//
-//        //sub set of user scope
-//        //allowed scope by the user
-//
-//        User user = entityManager.find(User.class, principal.getName());
-//        request.setAttribute("scopes", requestedScope);
-//
-//
-//        forward("/authorize.jsp", request, response);
-//    }
-//
-//    @Override
-//    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-//        String clientId = request.getParameter("client_id");
-//
-//        String responseType = request.getParameter("response_type");
-//        if (!authorizedResponseTypes.contains(responseType)) {
-//            String error = "invalid_grant :" + responseType + ", response_type params should be one of :" + authorizedResponseTypes;
-//            request.setAttribute("error", error);
-//            forward("/error.jsp", request, response);
-//        }
-//
-//        Client client = entityManager.find(Client.class, clientId);
-//        Objects.requireNonNull(client);
-//
-//        String userId = securityContext.getCallerPrincipal().getName();
-//        AuthorizationCode authorizationCode = new AuthorizationCode();
-//        authorizationCode.setClientId(clientId);
-//        authorizationCode.setUserId(userId);
-//        String redirectUri = request.getParameter("redirect_uri");
-//        authorizationCode.setRedirectUri(redirectUri);
-//
-//        redirectUri = checkRedirectUri(client, redirectUri);
-//
-//        String[] scope = request.getParameterValues("scope");
-//        if (scope == null) {
-//            request.setAttribute("error", "User doesn't approved any scope");
-//            forward("/error.jsp", request, response);
-//        }
-//
-//        String approvedScopes = String.join(" ", scope);
-//        authorizationCode.setApprovedScopes(approvedScopes);
-//
-//        //entityManager.persist(authorizationCode);
-//        authCodeService.save(authorizationCode);
-//        String code = authorizationCode.getCode();
-//
-//        StringBuilder sb = new StringBuilder(redirectUri);
-//        sb.append("?code=").append(code);
-//
-//        //If the client send a state, Send it back
-//        String state = request.getParameter("state");
-//        if (state != null) {
-//            sb.append("&state=").append(state);
-//        }
-//        response.sendRedirect(sb.toString());
-//    }
-//
-//    private String checkRedirectUri(Client client, String redirectUri) {
-//        //redirect uri
-//        if (redirectUri == null) {
-//            //erreur: param redirect_uri && client redirect_uri don't match.
-//            redirectUri = client.getRedirectUri();
-//            if (redirectUri == null) {
-//                throw new IllegalStateException("redirectUri shloud be not null, unless a registred client have a redirect_uri.");
-//            }
-//        } else if (!redirectUri.equals(client.getRedirectUri())) {
-//            throw new IllegalStateException("request redirectUri and client registred redirect_uri should match.");
-//        }
-//        return redirectUri;
-//    }
-//
-//    private void forward(String path, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-//        request.getRequestDispatcher(path)
-//                .forward(request, response);
-//    }
-//}

oauth2-framework-impl/oauth2-authorization-server/src/main/java/com/baeldung/oauth2/authorization/server/web/TokenEndpoint.java

@@ -1,70 +0,0 @@
-//package com.baeldung.security.oauth2.server.web;
-//
-//import AuthorizationGrantTypeHandler;
-//import TokenResponse;
-//import com.baeldung.security.oauth2.server.security.Authenticated;
-//import com.nimbusds.jose.JOSEException;
-//
-//import javax.enterprise.inject.Instance;
-//import javax.enterprise.inject.literal.NamedLiteral;
-//import javax.inject.Inject;
-//import javax.security.enterprise.SecurityContext;
-//import javax.ws.rs.Consumes;
-//import javax.ws.rs.POST;
-//import javax.ws.rs.Path;
-//import javax.ws.rs.Produces;
-//import javax.ws.rs.core.MediaType;
-//import javax.ws.rs.core.MultivaluedMap;
-//import javax.ws.rs.core.Response;
-//import java.security.Principal;
-//import java.util.Arrays;
-//import java.util.List;
-//import java.util.Objects;
-//
-///**
-// * {
-// * "access_token" : "acb6803a48114d9fb4761e403c17f812",
-// * "token_type" : "bearer",
-// * "id_token" : "eyJhbGciOiJIUzI1NiIsImprdSI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJsZWdhY3ktdG9rZW4ta2V5IiwidHlwIjoiSldUIn0.eyJzdWIiOiIwNzYzZTM2MS02ODUwLTQ3N2ItYjk1Ny1iMmExZjU3MjczMTQiLCJhdWQiOlsibG9naW4iXSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3VhYS9vYXV0aC90b2tlbiIsImV4cCI6MTU1NzgzMDM4NSwiaWF0IjoxNTU3Nzg3MTg1LCJhenAiOiJsb2dpbiIsInNjb3BlIjpbIm9wZW5pZCJdLCJlbWFpbCI6IndyaHBONUB0ZXN0Lm9yZyIsInppZCI6InVhYSIsIm9yaWdpbiI6InVhYSIsImp0aSI6ImFjYjY4MDNhNDgxMTRkOWZiNDc2MWU0MDNjMTdmODEyIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImNsaWVudF9pZCI6ImxvZ2luIiwiY2lkIjoibG9naW4iLCJncmFudF90eXBlIjoiYXV0aG9yaXphdGlvbl9jb2RlIiwidXNlcl9uYW1lIjoid3JocE41QHRlc3Qub3JnIiwicmV2X3NpZyI6ImI3MjE5ZGYxIiwidXNlcl9pZCI6IjA3NjNlMzYxLTY4NTAtNDc3Yi1iOTU3LWIyYTFmNTcyNzMxNCIsImF1dGhfdGltZSI6MTU1Nzc4NzE4NX0.Fo8wZ_Zq9mwFks3LfXQ1PfJ4ugppjWvioZM6jSqAAQQ",
-// * "refresh_token" : "f59dcb5dcbca45f981f16ce519d61486-r",
-// * "expires_in" : 43199,
-// * "scope" : "openid oauth.approvals",
-// * "jti" : "acb6803a48114d9fb4761e403c17f812"
-// * }
-// */
-//@Path("token")
-//public class TokenEndpoint {
-//
-//    List<String> supportedGrantTypes = Arrays.asList("authorization_code", "password", "refresh_token", "client_credentials");
-//
-//    @Inject
-//    private SecurityContext securityContext;
-//
-//    @Inject
-//    Instance<AuthorizationGrantTypeHandler> authorizationGrantTypeHandlers;
-//
-//    @POST
-//    @Produces(MediaType.APPLICATION_JSON)
-//    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-//    @Authenticated
-//    public Response token(MultivaluedMap<String, String> params) throws JOSEException {
-//        //Authenticate client with [basic] http authentication mechanism
-//        Principal principal = securityContext.getCallerPrincipal();
-//        Objects.requireNonNull(principal, "Client not authenticated!");
-//
-//        //Check grant_type params
-//        String grantType = params.getFirst("grant_type");
-//        Objects.requireNonNull(grantType, "grant_type params is required");
-//        //authorization_code, password, refresh, client_credentials
-//        if (!supportedGrantTypes.contains(grantType)) {
-//            throw new RuntimeException("grant_type parameter should be one of the following :" + supportedGrantTypes);
-//        }
-//        AuthorizationGrantTypeHandler authorizationGrantTypeHandler = authorizationGrantTypeHandlers.select(NamedLiteral.of(grantType)).get();
-//        TokenResponse tokenResponse = authorizationGrantTypeHandler.createAccessToken(principal.getName(), params);
-//        Response response = Response.ok(tokenResponse)
-//                .header("Cache-Control", "no-store")
-//                .header("Pragma", "no-cache")
-//                .build();
-//        return response;
-//    }
-//}