Copyright © 2014-2015
Copies of this document may be made for your own use and for distribution to others, provided that you do not charge any fee for such copies and further provided that each copy contains this Copyright Notice, whether distributed in print or electronically.

About

…​

Module website: https://foreach.atlassian.net/wiki/display/AX/OAuth2Module

1. General information

1.1. Artifact

<dependencies>
    <dependency>
        <groupId>com.foreach.across.modules</groupId>
        <artifactId>oauth2-module</artifactId>
        <version>2.0.0.RELEASE</version>
    </dependency>
</dependencies>

1.2. Module dependencies

OAuth2Module has a required dependency on UserModule and SpringSecurityModule. OAuth2Module also has an optional dependency on EhcacheModule.

Table 1. Module dependencies
Module Type Description

UserModule

required

OAuth2Module requires the UserModule. This is because the OAuth2Client extends BasicSecurityPrincipal. It also sets the UserDirectory when none was specified.

SpringSecurityModule

required

OAuth2Module requires the SpringSecurityModule. The SpringSecurityModule is used to secure the AuthorizationServer and ResourceServer.

EhcacheModule

required

In combination with the EhcacheModule this enable caching on several business objects.

1.3. Module settings

All properties start with the oauth2Module. prefix.

Property Type Description Default

approval.formEndpoint

java.util.String

Optional Specifies whether the default spring endpoint for the approval form should be used (when left empty) or the custom endpoint that redirects to a custom form.

""

approval.handler

com.foreach.across.modules.oauth2.ApprovalHandler

Optional Specify how user approvals should be handled and remembered (defaults to storing approvals in an approval store).

APPROVAL_STORE

approval.store

com.foreach.across.modules.oauth2.ApprovalStore

Optional Specify the type of approval store that should be used (defaults to jdbc - storing approvals in database).

JDBC

useJdbcAuthorizationCodeServices

boolean

Optional Specifies whether the authorization process should use a jdbcAuthorizationCodeService instead of the default inMemoryAuthorizationCodeService. Only relevant if SpringSecurityAclModule is active.

false

useLockingForTokenCreation

boolean

Should the DistributedLockRepository be used for locking on token creation. Incurs a performance hit but ensures compatibility in a scaled out scenario.

true

2. What’s new in this version?

2.0.0.RELEASE

Requires Across 2.0.0+

  • for consistency, the property prefix has been changed from OAuth2Module. to oauth2Module.

  • compatibility update with Spring 4.2.

  • added support for multiple user directories

  • added default SecurityPrincipalLabelResolver for OAuth2Client

1.1.2.RELEASE

  • implemented CachingAndLockingTokenServices - token creation now uses distributed locking by default

1.1.1.RELEASE

  • added a dated_created database column on the oauth_access_token table.

1.1.0.RELEASE

Initial public release available on Maven central.

3. How OAuth2Module works

TODO

4. Integration with other modules

4.1. EhcacheModule

The OAuth2Module will automatically use caching on OAuth2Client objects and access tokens when a cache with the following names are found:

  • oauth2ClientCache

  • oauth2AuthenticationByAccessTokenCache

Example ehcache configuration
<cache name="oauth2ClientCache" statistics="true" maxElementsInMemory="10"
 timeToLiveSeconds="3600" memoryStoreEvictionPolicy="LRU">
</cache>
<cache name="oauth2AuthenticationByAccessTokenCache" statistics="true" maxElementsInMemory="100"
 timeToLiveSeconds="3600" memoryStoreEvictionPolicy="LRU">
</cache>