SECOAUTH-120: add factory bean for OAuth consumer so that externalization works

Author: Dave Syer

spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerDetailsFactoryBean.java

@@ -0,0 +1,113 @@
+/*
+ * Copyright 2006-2011 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.springframework.security.oauth.config;
+
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+
+import org.springframework.beans.factory.BeanCreationException;
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.oauth.common.signature.RSAKeySecret;
+import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
+import org.springframework.security.oauth.common.signature.SignatureSecret;
+import org.springframework.security.oauth.provider.BaseConsumerDetails;
+import org.springframework.security.oauth.provider.ConsumerDetails;
+
+/**
+ * @author Dave Syer
+ * 
+ */
+public class ConsumerDetailsFactoryBean implements FactoryBean<ConsumerDetails>, ResourceLoaderAware {
+
+	private Object typeOfSecret;
+	private BaseConsumerDetails consumer = new BaseConsumerDetails();
+	private String secret;
+	private ResourceLoader resourceLoader;
+	
+	public void setResourceLoader(ResourceLoader resourceLoader) {
+		this.resourceLoader = resourceLoader;
+	}
+	
+	public void setSecret(String secret) {
+		this.secret = secret;
+	}
+
+	public void setConsumerKey(String consumerKey) {
+		consumer.setConsumerKey(consumerKey);
+	}
+
+	public void setConsumerName(String consumerName) {
+		consumer.setConsumerName(consumerName);
+	}
+
+	public void setSignatureSecret(SignatureSecret signatureSecret) {
+		consumer.setSignatureSecret(signatureSecret);
+	}
+
+	public void setAuthorities(String authorities) {
+		consumer.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList(authorities));
+	}
+
+	public void setResourceName(String resourceName) {
+		consumer.setResourceName(resourceName);
+	}
+
+	public void setResourceDescription(String resourceDescription) {
+		consumer.setResourceDescription(resourceDescription);
+	}
+
+	public void setRequiredToObtainAuthenticatedToken(boolean requiredToObtainAuthenticatedToken) {
+		consumer.setRequiredToObtainAuthenticatedToken(requiredToObtainAuthenticatedToken);
+	}
+
+	public void setTypeOfSecret(Object typeOfSecret) {
+		this.typeOfSecret = typeOfSecret;
+	}
+
+	public ConsumerDetails getObject() throws Exception {
+		if ("rsa-cert".equals(typeOfSecret)) {
+			try {
+				Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(resourceLoader.getResource(secret).getInputStream());
+				consumer.setSignatureSecret(new RSAKeySecret(cert.getPublicKey()));
+			}
+			catch (IOException e) {
+				throw new BeanCreationException("RSA certificate not found at " + secret + ".",
+						e);
+			}
+			catch (CertificateException e) {
+				throw new BeanCreationException("Invalid RSA certificate at " + secret + ".", e);
+			}
+			catch (NullPointerException e) {
+				throw new BeanCreationException("Could not load RSA certificate at " + secret + ".", e);
+			}
+		}
+		else {
+			consumer.setSignatureSecret(new SharedConsumerSecret(secret));
+		}
+		return consumer;
+	}
+
+	public Class<?> getObjectType() {
+		return BaseConsumerDetails.class;
+	}
+
+	public boolean isSingleton() {
+		return true;
+	}
+
+}

spring-security-oauth/src/main/java/org/springframework/security/oauth/config/ConsumerServiceBeanDefinitionParser.java

@@ -16,106 +16,88 @@
 
 package org.springframework.security.oauth.config;
 
+import java.util.List;
+
+import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.ManagedMap;
 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.oauth.common.signature.RSAKeySecret;
-import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
-import org.springframework.security.oauth.provider.BaseConsumerDetails;
 import org.springframework.security.oauth.provider.InMemoryConsumerDetailsService;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
-
 /**
  * @author Ryan Heaton
  * @author Andrew McCall
+ * @author Dave Syer
  */
 public class ConsumerServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
 
-  @Override
-  protected Class getBeanClass(Element element) {
-    return InMemoryConsumerDetailsService.class;
-  }
+	@Override
+	protected Class<?> getBeanClass(Element element) {
+		return InMemoryConsumerDetailsService.class;
+	}
+
+	@Override
+	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
+		List<Element> consumerElements = DomUtils.getChildElementsByTagName(element, "consumer");
+		ManagedMap<String, BeanMetadataElement> consumers = new ManagedMap<String, BeanMetadataElement>();
+		for (Object item : consumerElements) {
 
-  @Override
-  protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
-    List consumerElements = DomUtils.getChildElementsByTagName(element, "consumer");
-    Map<String, BaseConsumerDetails> consumers = new TreeMap<String, BaseConsumerDetails>();
-    for (Object item : consumerElements) {
-      BaseConsumerDetails consumer = new BaseConsumerDetails();
-      Element consumerElement = (Element) item;
-      String key = consumerElement.getAttribute("key");
-      if (StringUtils.hasText(key)) {
-        consumer.setConsumerKey(key);
-      }
-      else {
-        parserContext.getReaderContext().error("A consumer key must be supplied with the definition of a consumer.", consumerElement);
-      }
+			BeanDefinitionBuilder consumer = BeanDefinitionBuilder
+					.genericBeanDefinition(ConsumerDetailsFactoryBean.class);
+			Element consumerElement = (Element) item;
+			String key = consumerElement.getAttribute("key");
+			if (StringUtils.hasText(key)) {
+				consumer.addPropertyValue("consumerKey", key);
+			}
+			else {
+				parserContext.getReaderContext().error(
+						"A consumer key must be supplied with the definition of a consumer.", consumerElement);
+			}
 
-      String secret = consumerElement.getAttribute("secret");
-      if (secret != null) {
-        String typeOfSecret = consumerElement.getAttribute("typeOfSecret");
-        if ("rsa-cert".equals(typeOfSecret)) {
-          try {
-            Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(parserContext.getReaderContext().getResourceLoader().getResource(secret).getInputStream());
-            consumer.setSignatureSecret(new RSAKeySecret(cert.getPublicKey()));
-          }
-          catch (IOException e) {
-            parserContext.getReaderContext().error("RSA certificate not found at " + secret + ".", consumerElement, e);
-          }
-          catch (CertificateException e) {
-              parserContext.getReaderContext().error("Invalid RSA certificate at " + secret + ".", consumerElement, e);
-            }
-          catch (NullPointerException e) {
-              parserContext.getReaderContext().error("Could not load RSA certificate at " + secret + ".", consumerElement, e);
-            }
-          }
-        else {
-          consumer.setSignatureSecret(new SharedConsumerSecret(secret));
-        }
-      }
-      else {
-        parserContext.getReaderContext().error("A consumer secret must be supplied with the definition of a consumer.", consumerElement);
-      }
+			String secret = consumerElement.getAttribute("secret");
+			if (StringUtils.hasText(secret)) {
+				consumer.addPropertyValue("secret", secret);
+				String typeOfSecret = consumerElement.getAttribute("typeOfSecret");
+				consumer.addPropertyValue("typeOfSecret", typeOfSecret);
+			}
+			else {
+				parserContext.getReaderContext().error(
+						"A consumer secret must be supplied with the definition of a consumer.", consumerElement);
+			}
 
-      String name = consumerElement.getAttribute("name");
-      if (StringUtils.hasText(name)) {
-        consumer.setConsumerName(name);
-      }
+			String name = consumerElement.getAttribute("name");
+			if (StringUtils.hasText(name)) {
+				consumer.addPropertyValue("consumerName", name);
+			}
 
-      String authorities = consumerElement.getAttribute("authorities");
-      if (authorities != null) {
-        consumer.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList(authorities));
-      }
+			String authorities = consumerElement.getAttribute("authorities");
+			if (StringUtils.hasText(authorities)) {
+				consumer.addPropertyValue("authorities", authorities);
+			}
 
-      String resourceName = consumerElement.getAttribute("resourceName");
-      if (resourceName != null) {
-        consumer.setResourceName(resourceName);
-      }
+			String resourceName = consumerElement.getAttribute("resourceName");
+			if (StringUtils.hasText(resourceName)) {
+				consumer.addPropertyValue("resourceName", resourceName);
+			}
 
-      String resourceDescription = consumerElement.getAttribute("resourceDescription");
-      if (resourceDescription != null) {
-        consumer.setResourceDescription(resourceDescription);
-      }
+			String resourceDescription = consumerElement.getAttribute("resourceDescription");
+			if (StringUtils.hasText(resourceDescription)) {
+				consumer.addPropertyValue("resourceDescription", resourceDescription);
+			}
 
-      String requiredToObtainAuthenticatedToken = consumerElement.getAttribute("requiredToObtainAuthenticatedToken");
-      if (requiredToObtainAuthenticatedToken != null && "false".equalsIgnoreCase(requiredToObtainAuthenticatedToken)) {
-        consumer.setRequiredToObtainAuthenticatedToken(false);
-      }
+			String requiredToObtainAuthenticatedToken = consumerElement
+					.getAttribute("requiredToObtainAuthenticatedToken");
+			if (StringUtils.hasText(requiredToObtainAuthenticatedToken)) {
+				consumer.addPropertyValue("requiredToObtainAuthenticatedToken", requiredToObtainAuthenticatedToken);
+			}
 
-      consumers.put(key, consumer);
-    }
+			consumers.put(key, consumer.getBeanDefinition());
+		}
 
-    builder.addPropertyValue("consumerDetailsStore", consumers);
-  }
+		builder.addPropertyValue("consumerDetailsStore", consumers);
+	}
 }

spring-security-oauth/src/test/java/org/springframework/security/oauth/config/TestConsumerServiceBeanDefinitionParser.java

@@ -0,0 +1,34 @@
+package org.springframework.security.oauth.config;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
+import org.springframework.security.oauth.provider.ConsumerDetails;
+import org.springframework.security.oauth.provider.ConsumerDetailsService;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+@ContextConfiguration
+@RunWith(SpringJUnit4ClassRunner.class)
+public class TestConsumerServiceBeanDefinitionParser {
+
+	@Autowired
+	private ConsumerDetailsService clientDetailsService;
+
+	@Test
+	public void testClientDetailsFromNonPropertyFile() {
+		assertNotNull(clientDetailsService.loadConsumerByConsumerKey("www.google.com"));
+	}
+
+	@Test
+	public void testClientDetailsFromPropertyFile() {
+		ConsumerDetails consumer = clientDetailsService.loadConsumerByConsumerKey("my-client-key");
+		assertNotNull(consumer);
+		assertEquals("my-client-secret", ((SharedConsumerSecret)consumer.getSignatureSecret()).getConsumerSecret());
+	}
+
+}

spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/TestConsumerServiceBeanDefinitionParser-context.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
+	xmlns:oauth="http://www.springframework.org/schema/security/oauth" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
+              http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">
+
+	<http auto-config='true' access-denied-page="/login.jsp">
+		<intercept-url pattern="/xml/photos" access="ROLE_USER" />
+		<intercept-url pattern="/json/photos" access="ROLE_USER" />
+		<intercept-url pattern="/photo/**" access="ROLE_USER" />
+		<intercept-url pattern="/oauth/**" access="ROLE_USER" />
+		<intercept-url pattern="/request_token_authorized.jsp" access="ROLE_USER" />
+		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
+		<form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp"
+			login-processing-url="/login.do" />
+		<logout logout-success-url="/index.jsp" logout-url="/logout.do" />
+	</http>
+
+	<authentication-manager>
+		<authentication-provider>
+			<user-service>
+				<user name="marissa" password="koala" authorities="ROLE_USER" />
+				<user name="paul" password="emu" authorities="ROLE_USER" />
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
+
+	<oauth:provider consumer-details-service-ref="consumerDetails" token-services-ref="tokenServices"
+		request-token-url="/oauth/request_token" authenticate-token-url="/oauth/authorize" authentication-failed-url="/oauth/confirm_access"
+		access-granted-url="/request_token_authorized.jsp" access-token-url="/oauth/access_token" require10a="false" />
+
+	<oauth:consumer-details-service id="consumerDetails">
+		<oauth:consumer name="Tonr.com" key="tonr-consumer-key" secret="SHHHHH!!!!!!!!!!" resourceName="Your Photos"
+			resourceDescription="Your photos that you have uploaded to sparklr.com." />
+		<oauth:consumer name="iGoogle" key="www.google.com" secret="classpath:/org/springframework/security/oauth/config/igoogle.cert"
+			typeOfSecret="rsa-cert" resourceName="Your Photos" resourceDescription="Your photos that you have uploaded to sparklr.com." />
+		<oauth:consumer name="myClient" key="${my.client.key}" secret="${my.client.secret}"
+			resourceName="Your Photos" resourceDescription="${my.client.resource.description}" />
+	</oauth:consumer-details-service>
+
+	<oauth:token-services id="tokenServices" />
+
+	<beans:bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+		<beans:property name="properties">
+			<beans:value>
+				my.client.key=my-client-key
+				my.client.secret=my-client-secret
+				my.client.resource.description=A Resource
+			</beans:value>
+		</beans:property>
+	</beans:bean>
+
+</beans:beans>

spring-security-oauth/src/test/resources/org/springframework/security/oauth/config/igoogle.cert

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAm2gAwIBAgIJAK8dGINfkSTHMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEG
+A1UEChMKR29vZ2xlIEluYzEXMBUGA1UEAxMOd3d3Lmdvb2dsZS5jb20wHhcNMDgx
+MDA4MDEwODMyWhcNMDkxMDA4MDEwODMyWjBgMQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJ
+bmMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDQUV7ukIfIixbokHONGMW9+ed0E9X4m99I8upPQp3iAtqIvWs7XCbA
+bGqzQH1qX9Y00hrQ5RRQj8OI3tRiQs/KfzGWOdvLpIk5oXpdT58tg4FlYh5fbhIo
+VoVn4GvtSjKmJFsoM8NRtEJHL1aWd++dXzkQjEsNcBXwQvfDb0YnbQIDAQABo4HF
+MIHCMB0GA1UdDgQWBBSm/h1pNY91bNfW08ac9riYzs3cxzCBkgYDVR0jBIGKMIGH
+gBSm/h1pNY91bNfW08ac9riYzs3cx6FkpGIwYDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUg
+SW5jMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbYIJAK8dGINfkSTHMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYpHTr3vQNsHHHUm4MkYcDB20a5KvcFoX
+gCcYtmdyd8rh/FKeZm2me7eQCXgBfJqQ4dvVLJ4LgIQiU3R5ZDe0WbW7rJ3M9ADQ
+FyQoRJP8OIMYW3BoMi0Z4E730KSLRh6kfLq4rK6vw7lkH9oynaHHWZSJLDAp17cP
+j+6znWkN9/g=
+-----END CERTIFICATE-----