add moudle authorization server.

boot/authorization/build.gradle

@@ -54,9 +54,12 @@ tasks.named("bootBuildImage") {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-data-redis'
-    implementation 'org.springframework.boot:spring-boot-starter-oauth2-authorization-server'
-    implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.postgresql:postgresql'
+
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-authorization-server'
+    implementation("org.springframework.boot:spring-boot-starter-security")
+
     compileOnly 'org.projectlombok:lombok'
     developmentOnly 'org.springframework.boot:spring-boot-devtools'
     annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'

boot/authorization/src/main/java/com/plate/authorization/config/AuthorizationServerConfig.java

@@ -0,0 +1,10 @@
+package com.plate.authorization.config;
+
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * @author Alex bob(<a href="https://github.com/vnobo">Alex Bob</a>)
+ */
+@Configuration
+public class AuthorizationServerConfig {
+}

boot/authorization/src/main/java/com/plate/authorization/config/SecurityConfig.java

@@ -0,0 +1,36 @@
+package com.plate.authorization.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.MediaType;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
+
+/**
+ * @author Alex bob(<a href="https://github.com/vnobo">Alex Bob</a>)
+ */
+@Configuration
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
+            throws Exception {
+        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
+                .oidc(Customizer.withDefaults());
+        http.exceptionHandling((exceptions) -> exceptions
+                .defaultAuthenticationEntryPointFor(
+                        new LoginUrlAuthenticationEntryPoint("/login"),
+                        new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
+                )
+        ).oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()));
+
+        return http.cors(Customizer.withDefaults()).build();
+    }
+
+}

boot/authorization/src/main/java/com/plate/authorization/core/Authorization.java

@@ -0,0 +1,76 @@
+package com.plate.authorization.core;
+
+import jakarta.persistence.*;
+import lombok.Data;
+
+import java.io.Serializable;
+import java.time.Instant;
+
+/**
+ * @author Alex bob(<a href="https://github.com/vnobo">Alex Bob</a>)
+ */
+@Data
+@Entity
+@Table(name = "oauth2_authorization")
+public class Authorization implements Serializable {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+    private String registeredClientId;
+    private String principalName;
+    private String authorizationGrantType;
+    @Column(length = 1000)
+    private String authorizedScopes;
+    @Column(length = 4000)
+    private String attributes;
+    @Column(length = 500)
+    private String state;
+
+    @Column(length = 4000)
+    private String authorizationCodeValue;
+    private Instant authorizationCodeIssuedAt;
+    private Instant authorizationCodeExpiresAt;
+    private String authorizationCodeMetadata;
+
+    @Column(length = 4000)
+    private String accessTokenValue;
+    private Instant accessTokenIssuedAt;
+    private Instant accessTokenExpiresAt;
+    @Column(length = 2000)
+    private String accessTokenMetadata;
+    private String accessTokenType;
+    @Column(length = 1000)
+    private String accessTokenScopes;
+
+    @Column(length = 4000)
+    private String refreshTokenValue;
+    private Instant refreshTokenIssuedAt;
+    private Instant refreshTokenExpiresAt;
+    @Column(length = 2000)
+    private String refreshTokenMetadata;
+
+    @Column(length = 4000)
+    private String oidcIdTokenValue;
+    private Instant oidcIdTokenIssuedAt;
+    private Instant oidcIdTokenExpiresAt;
+    @Column(length = 2000)
+    private String oidcIdTokenMetadata;
+    @Column(length = 2000)
+    private String oidcIdTokenClaims;
+
+    @Column(length = 4000)
+    private String userCodeValue;
+    private Instant userCodeIssuedAt;
+    private Instant userCodeExpiresAt;
+    @Column(length = 2000)
+    private String userCodeMetadata;
+
+    @Column(length = 4000)
+    private String deviceCodeValue;
+    private Instant deviceCodeIssuedAt;
+    private Instant deviceCodeExpiresAt;
+    @Column(length = 2000)
+    private String deviceCodeMetadata;
+
+}

boot/authorization/src/main/java/com/plate/authorization/core/AuthorizationConsent.java

@@ -0,0 +1,24 @@
+package com.plate.authorization.core;
+
+import jakarta.persistence.*;
+import lombok.Data;
+
+import java.io.Serializable;
+
+/**
+ * @author Alex bob(<a href="https://github.com/vnobo">Alex Bob</a>)
+ */
+@Data
+@Entity
+@Table(name = "oauth2_authorization_consent")
+public class AuthorizationConsent implements Serializable{
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+
+    private String registeredClientId;
+    private String principalName;
+    @Column(length = 1000)
+    private String authorities;
+
+}

boot/authorization/src/main/java/com/plate/authorization/core/Client.java

@@ -0,0 +1,52 @@
+package com.plate.authorization.core;
+
+
+import jakarta.persistence.*;
+import lombok.Data;
+
+import java.io.Serializable;
+import java.time.Instant;
+
+/**
+ * @author Alex bob(<a href="https://github.com/vnobo">Alex Bob</a>)
+ */
+@Data
+@Entity
+@Table(name = "oauth2_client")
+public class Client implements Serializable {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+
+    private String clientId;
+
+    private Instant clientIdIssuedAt;
+
+    private String clientSecret;
+
+    private Instant clientSecretExpiresAt;
+
+    private String clientName;
+
+    @Column(length = 1000)
+    private String clientAuthenticationMethods;
+
+    @Column(length = 1000)
+    private String authorizationGrantTypes;
+
+    @Column(length = 1000)
+    private String redirectUris;
+
+    @Column(length = 1000)
+    private String postLogoutRedirectUris;
+
+    @Column(length = 1000)
+    private String scopes;
+
+    @Column(length = 2000)
+    private String clientSettings;
+
+    @Column(length = 2000)
+    private String tokenSettings;
+}

boot/authorization/src/main/resources/application-local.yml

@@ -0,0 +1,22 @@
+logging:
+  register-shutdown-hook: true
+  level:
+    web: debug
+    com.platform.boot.*: debug
+    org.springframework.jdbc: DEBUG
+
+server.port: 9000
+
+spring:
+  application.name: plate
+  sql.init:
+    mode: always
+    platform: postgres
+    encoding: utf-8
+  datasource:
+    url: jdbc:postgresql://192.168.1.2:5432/plate?fetchSize=2000
+    username: farmer
+    password: q1w2e3..
+  data.redis:
+    host: 192.168.1.2
+    repositories.enabled: false

boot/authorization/src/main/resources/application.yml

@@ -5,7 +5,7 @@ server:
 
 spring:
   threads.virtual.enabled: true
-  #main.keep-alive: true
+  main.keep-alive: true
   application.name: authorization
   mvc.format:
     time: "HH:mm:ss"
@@ -22,5 +22,47 @@ spring:
     type: redis
     redis:
       key-prefix: "authorization:caches:"
-      time-to-live: 300s
-      enable-statistics: true
+      time-to-live: "300s"
+      enable-statistics: true
+  jpa:
+    open-in-view: true
+    show-sql: true
+  security:
+    user:
+      name: "admin"
+      password: "{noop}admin"
+    oauth2:
+      authorizationserver:
+        client:
+          my-client-1:
+            registration:
+              client-id: "abcd"
+              client-secret: "{noop}secret1"
+              client-authentication-methods:
+                - "client_secret_basic"
+              authorization-grant-types:
+                - "authorization_code"
+                - "refresh_token"
+              redirect-uris:
+                - "https://my-client-1.com/login/oauth2/code/abcd"
+                - "https://my-client-1.com/authorized"
+              scopes:
+                - "openid"
+                - "profile"
+                - "email"
+                - "phone"
+                - "address"
+            require-authorization-consent: true
+          my-client-2:
+            registration:
+              client-id: "efgh"
+              client-secret: "{noop}secret2"
+              client-authentication-methods:
+                - "client_secret_jwt"
+              authorization-grant-types:
+                - "client_credentials"
+              scopes:
+                - "user.read"
+                - "user.write"
+            jwk-set-uri: "https://my-client-2.com/jwks"
+            token-endpoint-authentication-signing-algorithm: "RS256"