Skip to content

Removing spring security oauth2 dependency #7484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
amontenegro wants to merge 19 commits into from
Closed

Removing spring security oauth2 dependency #7484

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
13a7bfb
Initial set of changes, nothing works
amontenegro Mar 3, 2026
23e3438
Nothing works yet
amontenegro Mar 4, 2026
6d52c63
Merge branch 'main' into RemovingSpringSecurityOauth2Dependency
amontenegro Mar 18, 2026
aa5d92c
Removing some dependencies
amontenegro Mar 20, 2026
ae3c64e
Merge branch 'main' into RemovingSpringSecurityOauth2Dependency
amontenegro Mar 20, 2026
0a750c9
More changes
amontenegro Mar 20, 2026
cb38c09
Removing code and refactoring the authentication objects, introducing…
amontenegro Mar 23, 2026
b8bb156
Removing code and refactoring the authentication objects, introducing…
amontenegro Mar 23, 2026
ed844a9
More refactoring, security mananger and source managers
amontenegro Mar 25, 2026
383680c
Notification managers fixe
amontenegro Mar 25, 2026
0927a0a
Registration manager fixed
amontenegro Mar 25, 2026
d91efa6
More cleanup
amontenegro Mar 26, 2026
f0d354d
More code refactoring and removing old dependencies
amontenegro Mar 26, 2026
bf574f2
It is compiling!
amontenegro Mar 27, 2026
6e5c6f0
Member API starts, client authentication beans are now in the orcid-a…
amontenegro Mar 31, 2026
0390a82
Small update
amontenegro Mar 31, 2026
9954e1f
The member API is working and the token introspection is working on t…
amontenegro Mar 31, 2026
ec8be95
Public API workinggit status!
amontenegro Apr 1, 2026
54c1105
Working on the internal API
amontenegro Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 2 additions & 64 deletions orcid-api-common/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>

<!-- Jersey Server -->
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
Expand Down Expand Up @@ -161,69 +161,7 @@
<target>11</target>
</configuration>
</plugin>


<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>geonames</id>
<phase>generate-sources</phase>
<goals>
<goal>java</goal>
</goals>
<configuration>
<mainClass>jena.schemagen</mainClass>
<commandlineArgs>
--inference \
-i ${project.basedir}/src/main/vocabs/geonames_v3.1.rdf \
-e RDF \
--package org.orcid.api.common.writer.rdf.vocabs \
-o ${jena.dir} \
-n Geonames
</commandlineArgs>
</configuration>
</execution>
<execution>
<id>pav</id>
<phase>generate-sources</phase>
<goals>
<goal>java</goal>
</goals>
<configuration>
<mainClass>jena.schemagen</mainClass>
<commandlineArgs>
--inference \
-i ${project.basedir}/src/main/vocabs/pav.rdf \
-e RDF \
--package org.orcid.api.common.writer.rdf.vocabs \
-o ${jena.dir} \
-n PAV
</commandlineArgs>
</configuration>
</execution>
<execution>
<id>prov-o</id>
<phase>generate-sources</phase>
<goals>
<goal>java</goal>
</goals>
<configuration>
<mainClass>jena.schemagen</mainClass>
<commandlineArgs>
--inference \
-i ${project.basedir}/src/main/vocabs/prov-o.rdf \
-e RDF \
--package org.orcid.api.common.writer.rdf.vocabs \
-o ${jena.dir} \
-n PROV
</commandlineArgs>
</configuration>
</execution>
</executions>
</plugin>

<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
Expand Down
138 changes: 42 additions & 96 deletions orcid-api-common/src/main/java/org/orcid/api/common/OrcidApiCommonEndpoints.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,13 @@
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

import org.apache.commons.lang.StringUtils;
import org.orcid.core.oauth.authorizationServer.AuthorizationServerUtil;
import org.orcid.api.common.oauth.OrcidClientCredentialEndPointDelegator;
import org.orcid.core.constants.OrcidOauth2Constants;
import org.orcid.core.togglz.Features;
import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.net.URISyntaxException;

Expand All @@ -35,9 +29,6 @@ public class OrcidApiCommonEndpoints {
@Context
private UriInfo uriInfo;

@Resource
private OrcidClientCredentialEndPointDelegator orcidClientCredentialEndPointDelegator;

@Resource
private AuthorizationServerUtil authorizationServerUtil;

Expand All @@ -55,98 +46,53 @@ public Response obtainOauth2TokenPost(@HeaderParam("Authorization") @DefaultValu

// Token delegation is not implemented in the authorization server
if(grantType == null) {
throw new UnsupportedGrantTypeException("grant_type is missing");
throw new IllegalArgumentException("grant_type is missing");
} else if(clientId == null || clientId.length() > 50 || StringUtils.isBlank(clientId)) {
throw new IllegalArgumentException("client_id is missing or invalid");
} else if(clientSecret == null || clientSecret.length() > 100 || StringUtils.isBlank(clientSecret)) {
throw new IllegalArgumentException("client_secret is missing or invalid");
}

if(Features.OAUTH_AUTHORIZATION_CODE_EXCHANGE.isActive()) {
Response response = null;
if(StringUtils.isNotBlank(authorization)) {
switch (grantType) {
case OrcidOauth2Constants.GRANT_TYPE_AUTHORIZATION_CODE:
response = authorizationServerUtil.forwardAuthorizationCodeExchangeRequest(authorization, redirectUri, code);
break;
case OrcidOauth2Constants.GRANT_TYPE_REFRESH_TOKEN:
response = authorizationServerUtil.forwardRefreshTokenRequest(authorization, refreshToken, scopeList);
break;
case OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS:
response = authorizationServerUtil.forwardClientCredentialsRequest(authorization, scopeList);
break;
case IETF_EXCHANGE_GRANT_TYPE:
response = authorizationServerUtil.forwardTokenExchangeRequest(authorization, subjectToken, subjectTokenType, requestedTokenType, scopeList);
break;
default:
response = authorizationServerUtil.forwardOtherTokenExchangeRequest(authorization, grantType, code, scopeList);
break;
}
} else {
switch (grantType) {
case OrcidOauth2Constants.GRANT_TYPE_AUTHORIZATION_CODE:
response = authorizationServerUtil.forwardAuthorizationCodeExchangeRequest(clientId, clientSecret, redirectUri, code);
break;
case OrcidOauth2Constants.GRANT_TYPE_REFRESH_TOKEN:
response = authorizationServerUtil.forwardRefreshTokenRequest(clientId, clientSecret, refreshToken, scopeList);
break;
case OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS:
response = authorizationServerUtil.forwardClientCredentialsRequest(clientId, clientSecret, scopeList);
break;
case IETF_EXCHANGE_GRANT_TYPE:
response = authorizationServerUtil.forwardTokenExchangeRequest(clientId, clientSecret, subjectToken, subjectTokenType, requestedTokenType, scopeList);
break;
default:
response = authorizationServerUtil.forwardOtherTokenExchangeRequest(clientId, clientSecret, grantType, code, scopeList);
break;
}
Response response = null;
if(StringUtils.isNotBlank(authorization)) {
switch (grantType) {
case OrcidOauth2Constants.GRANT_TYPE_AUTHORIZATION_CODE:
response = authorizationServerUtil.forwardAuthorizationCodeExchangeRequest(authorization, redirectUri, code);
break;
case OrcidOauth2Constants.GRANT_TYPE_REFRESH_TOKEN:
response = authorizationServerUtil.forwardRefreshTokenRequest(authorization, refreshToken, scopeList);
break;
case OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS:
response = authorizationServerUtil.forwardClientCredentialsRequest(authorization, scopeList);
break;
case IETF_EXCHANGE_GRANT_TYPE:
response = authorizationServerUtil.forwardTokenExchangeRequest(authorization, subjectToken, subjectTokenType, requestedTokenType, scopeList);
break;
default:
response = authorizationServerUtil.forwardOtherTokenExchangeRequest(authorization, grantType, code, scopeList);
break;
}
Object entity = response.getEntity();
int statusCode = response.getStatus();
return Response.status(statusCode).entity(entity).header(Features.OAUTH_AUTHORIZATION_CODE_EXCHANGE.name(),"ON").build();
} else {
MultivaluedMap<String, String> formParams = new MultivaluedHashMap<String, String>();
if (clientId != null) {
formParams.add(OrcidOauth2Constants.CLIENT_ID_PARAM, clientId);
}
if (scopeList != null) {
formParams.add(OrcidOauth2Constants.SCOPE_PARAM, scopeList);
}
if (grantType != null) {
formParams.add(OrcidOauth2Constants.GRANT_TYPE, grantType);
}

if (code != null) {
formParams.add("code", code);
}

if (state != null) {
formParams.add(OrcidOauth2Constants.STATE_PARAM, state);
}

if (redirectUri != null) {
formParams.add(OrcidOauth2Constants.REDIRECT_URI_PARAM, redirectUri);
}

if (redirectUri != null) {
formParams.add(OrcidOauth2Constants.REDIRECT_URI_PARAM, redirectUri);
switch (grantType) {
case OrcidOauth2Constants.GRANT_TYPE_AUTHORIZATION_CODE:
response = authorizationServerUtil.forwardAuthorizationCodeExchangeRequest(clientId, clientSecret, redirectUri, code);
break;
case OrcidOauth2Constants.GRANT_TYPE_REFRESH_TOKEN:
response = authorizationServerUtil.forwardRefreshTokenRequest(clientId, clientSecret, refreshToken, scopeList);
break;
case OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS:
response = authorizationServerUtil.forwardClientCredentialsRequest(clientId, clientSecret, scopeList);
break;
case IETF_EXCHANGE_GRANT_TYPE:
response = authorizationServerUtil.forwardTokenExchangeRequest(clientId, clientSecret, subjectToken, subjectTokenType, requestedTokenType, scopeList);
break;
default:
response = authorizationServerUtil.forwardOtherTokenExchangeRequest(clientId, clientSecret, grantType, code, scopeList);
break;
}

if (refreshToken != null) {
formParams.add(OrcidOauth2Constants.REFRESH_TOKEN, refreshToken);
}

if (revokeOld != null) {
formParams.add(OrcidOauth2Constants.REVOKE_OLD, revokeOld);
}
// IETF Token exchange
if (subjectToken != null) {
formParams.add(OrcidOauth2Constants.IETF_EXCHANGE_SUBJECT_TOKEN, subjectToken);
}
if (subjectTokenType != null) {
formParams.add(OrcidOauth2Constants.IETF_EXCHANGE_SUBJECT_TOKEN_TYPE, subjectTokenType);
}
if (requestedTokenType != null) {
formParams.add(OrcidOauth2Constants.IETF_EXCHANGE_REQUESTED_TOKEN_TYPE, requestedTokenType);
}

return orcidClientCredentialEndPointDelegator.obtainOauth2Token(authorization, formParams);
}
Object entity = response.getEntity();
int statusCode = response.getStatus();
return Response.status(statusCode).entity(entity).header(Features.OAUTH_AUTHORIZATION_CODE_EXCHANGE.name(),"ON").build();
}
}
86 changes: 0 additions & 86 deletions ...mon/src/main/java/org/orcid/api/common/exception/OrcidOAuth2AuthenticationEntryPoint.java
View file
Open in desktop

This file was deleted.

Loading
Loading