Add How-to: Implement core services with Redis

Closes gh-1019

Author: jgrandja

docs/modules/ROOT/nav.adoc

@@ -11,5 +11,6 @@
 ** xref:guides/how-to-multitenancy.adoc[]
 ** xref:guides/how-to-userinfo.adoc[]
 ** xref:guides/how-to-jpa.adoc[]
+** xref:guides/how-to-redis.adoc[]
 ** xref:guides/how-to-custom-claims-authorities.adoc[]
 ** xref:guides/how-to-dynamic-client-registration.adoc[]

docs/modules/ROOT/pages/guides/how-to-redis.adoc

@@ -0,0 +1,225 @@
+
+[[how-to-redis]]
+= How-to: Implement core services with Redis
+:index-link: ../how-to.html
+:docs-dir: ..
+
+This guide shows how to implement the xref:core-model-components.adoc[core services] of xref:index.adoc[Spring Authorization Server] with https://redis.io/[Redis].
+The purpose of this guide is to provide a starting point for implementing these services yourself, with the intention that you can make modifications to suit your needs.
+
+* xref:guides/how-to-redis.adoc#define-entity-model[Define the entity model]
+* xref:guides/how-to-redis.adoc#create-spring-data-repositories[Create Spring Data repositories]
+* xref:guides/how-to-redis.adoc#implement-core-services[Implement core services]
+* xref:guides/how-to-redis.adoc#configure-core-services[Configure core services]
+
+TIP: The code samples provided in this guide are located in the https://github.com/spring-projects/spring-authorization-server/tree/main/docs/src/main/java/sample[documentation samples] directory under the *_redis_* subdirectory.
+
+[[define-entity-model]]
+== Define the entity model
+
+The following defines the entity model representation for the `RegisteredClient`, `OAuth2Authorization` and `OAuth2AuthorizationConsent` domain classes.
+
+* xref:guides/how-to-redis.adoc#registered-client-entity[Registered Client Entity]
+* xref:guides/how-to-redis.adoc#authorization-grant-entity[Authorization Grant _Base_ Entity]
+* xref:guides/how-to-redis.adoc#oauth2-authorization-code-grant-entity[Authorization Code Grant Entity (OAuth 2.0)]
+* xref:guides/how-to-redis.adoc#oidc-authorization-code-grant-entity[Authorization Code Grant Entity (OpenID Connect 1.0)]
+* xref:guides/how-to-redis.adoc#client-credentials-grant-entity[Client Credentials Grant Entity]
+* xref:guides/how-to-redis.adoc#device-code-grant-entity[Device Code Grant Entity]
+* xref:guides/how-to-redis.adoc#token-exchange-grant-entity[Token Exchange Grant Entity]
+* xref:guides/how-to-redis.adoc#authorization-consent-entity[Authorization Consent Entity]
+
+[[registered-client-entity]]
+=== Registered Client Entity
+
+The following listing shows the `OAuth2RegisteredClient` entity, which is used to persist information mapped from the xref:core-model-components.adoc#registered-client[`RegisteredClient`] domain class.
+
+.OAuth2RegisteredClient Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2RegisteredClient.java[]
+----
+
+TIP: Click on the "Expand folded text" icon in the code sample above to display the full example.
+
+[[authorization-grant-entity]]
+=== Authorization Grant _Base_ Entity
+
+The entity model for the xref:core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain class is designed with a class hierarchy based on authorization grant type.
+
+The following listing shows the `OAuth2AuthorizationGrantAuthorization` _base_ entity, which defines common attributes for each authorization grant type.
+
+.OAuth2AuthorizationGrantAuthorization _Base_ Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2AuthorizationGrantAuthorization.java[]
+----
+
+[[oauth2-authorization-code-grant-entity]]
+=== Authorization Code Grant Entity (OAuth 2.0)
+
+The following listing shows the `OAuth2AuthorizationCodeGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, and defines additional attributes for the OAuth 2.0 `authorization_code` grant type.
+
+.OAuth2AuthorizationCodeGrantAuthorization Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2AuthorizationCodeGrantAuthorization.java[]
+----
+
+[[oidc-authorization-code-grant-entity]]
+=== Authorization Code Grant Entity (OpenID Connect 1.0)
+
+The following listing shows the `OidcAuthorizationCodeGrantAuthorization` entity, which extends `OAuth2AuthorizationCodeGrantAuthorization`, and defines additional attributes for the OpenID Connect 1.0 `authorization_code` grant type.
+
+.OidcAuthorizationCodeGrantAuthorization Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OidcAuthorizationCodeGrantAuthorization.java[]
+----
+
+[[client-credentials-grant-entity]]
+=== Client Credentials Grant Entity
+
+The following listing shows the `OAuth2ClientCredentialsGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, for the `client_credentials` grant type.
+
+.OAuth2ClientCredentialsGrantAuthorization Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2ClientCredentialsGrantAuthorization.java[]
+----
+
+[[device-code-grant-entity]]
+=== Device Code Grant Entity
+
+The following listing shows the `OAuth2DeviceCodeGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, and defines additional attributes for the `urn:ietf:params:oauth:grant-type:device_code` grant type.
+
+.OAuth2DeviceCodeGrantAuthorization Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2DeviceCodeGrantAuthorization.java[]
+----
+
+[[token-exchange-grant-entity]]
+=== Token Exchange Grant Entity
+
+The following listing shows the `OAuth2TokenExchangeGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, for the `urn:ietf:params:oauth:grant-type:token-exchange` grant type.
+
+.OAuth2TokenExchangeGrantAuthorization Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2TokenExchangeGrantAuthorization.java[]
+----
+
+[[authorization-consent-entity]]
+=== Authorization Consent Entity
+
+The following listing shows the `OAuth2UserConsent` entity, which is used to persist information mapped from the xref:core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain class.
+
+.OAuth2UserConsent Entity
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/entity/OAuth2UserConsent.java[]
+----
+
+[[create-spring-data-repositories]]
+== Create Spring Data repositories
+
+By closely examining the interfaces of each core service and reviewing the `Jdbc` implementations, we can derive a minimal set of queries needed for supporting a Redis version of each interface.
+
+* xref:guides/how-to-redis.adoc#registered-client-repository[Registered Client Repository]
+* xref:guides/how-to-redis.adoc#authorization-grant-repository[Authorization Grant Repository]
+* xref:guides/how-to-redis.adoc#authorization-consent-repository[Authorization Consent Repository]
+
+[[registered-client-repository]]
+=== Registered Client Repository
+
+The following listing shows the `OAuth2RegisteredClientRepository`, which is able to find a xref:guides/how-to-redis.adoc#registered-client-entity[`OAuth2RegisteredClient`] by the `id` and `clientId` fields.
+
+.OAuth2RegisteredClientRepository
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/repository/OAuth2RegisteredClientRepository.java[]
+----
+
+[[authorization-grant-repository]]
+=== Authorization Grant Repository
+
+The following listing shows the `OAuth2AuthorizationGrantAuthorizationRepository`, which is able to find an xref:guides/how-to-redis.adoc#authorization-grant-entity[`OAuth2AuthorizationGrantAuthorization`] by the `id` field as well as by `state`, `authorizationCode`, `accessToken`, `refreshToken`, `idToken`, `deviceState`, `userCode` and `deviceCode` values.
+
+.OAuth2AuthorizationGrantAuthorizationRepository
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/repository/OAuth2AuthorizationGrantAuthorizationRepository.java[]
+----
+
+[[authorization-consent-repository]]
+=== Authorization Consent Repository
+
+The following listing shows the `OAuth2UserConsentRepository`, which is able to find and delete an xref:guides/how-to-redis.adoc#authorization-consent-entity[`OAuth2UserConsent`] by the `registeredClientId` and `principalName` fields that form the composite primary key.
+
+.OAuth2UserConsentRepository
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/repository/OAuth2UserConsentRepository.java[]
+----
+
+[[implement-core-services]]
+== Implement core services
+
+With the above xref:guides/how-to-redis.adoc#define-entity-model[entities] and xref:guides/how-to-redis.adoc#create-spring-data-repositories[repositories], we can begin implementing the core services.
+
+TIP: The core services make use of the `ModelMapper` utility class for converting to and from the domain object (e.g. `RegisteredClient`) to the entity model representation (e.g. `OAuth2RegisteredClient`).
+
+* xref:guides/how-to-redis.adoc#redis-registered-client-repository[Registered Client Repository]
+* xref:guides/how-to-redis.adoc#redis-authorization-service[Authorization Service]
+* xref:guides/how-to-redis.adoc#redis-authorization-consent-service[Authorization Consent Service]
+
+[[redis-registered-client-repository]]
+=== Registered Client Repository
+
+The following listing shows the `RedisRegisteredClientRepository`, which uses an xref:guides/how-to-redis.adoc#registered-client-repository[`OAuth2RegisteredClientRepository`] for persisting an xref:guides/how-to-redis.adoc#registered-client-entity[`OAuth2RegisteredClient`] and maps to and from the xref:core-model-components.adoc#registered-client[`RegisteredClient`] domain object, using the `ModelMapper` utility class.
+
+.RedisRegisteredClientRepository
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/service/RedisRegisteredClientRepository.java[]
+----
+
+[[redis-authorization-service]]
+=== Authorization Service
+
+The following listing shows the `RedisOAuth2AuthorizationService`, which uses an xref:guides/how-to-redis.adoc#authorization-grant-repository[`OAuth2AuthorizationGrantAuthorizationRepository`] for persisting an xref:guides/how-to-redis.adoc#authorization-grant-entity[`OAuth2AuthorizationGrantAuthorization`] and maps to and from the xref:core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain object, using the `ModelMapper` utility class.
+
+.RedisOAuth2AuthorizationService
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/service/RedisOAuth2AuthorizationService.java[]
+----
+
+[[redis-authorization-consent-service]]
+=== Authorization Consent Service
+
+The following listing shows the `RedisOAuth2AuthorizationConsentService`, which uses an xref:guides/how-to-redis.adoc#authorization-consent-repository[`OAuth2UserConsentRepository`] for persisting an xref:guides/how-to-redis.adoc#authorization-consent-entity[`OAuth2UserConsent`] and maps to and from the xref:core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain object, using the `ModelMapper` utility class.
+
+.RedisOAuth2AuthorizationConsentService
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/service/RedisOAuth2AuthorizationConsentService.java[]
+----
+
+[[configure-core-services]]
+== Configure core services
+
+The following example shows how to configure the core services:
+
+.RedisConfig
+[source,java]
+----
+include::{examples-dir}/main/java/sample/redis/config/RedisConfig.java[]
+----
+
+<1> Activate the Spring Data Redis repositories under the `sample.redis.repository` base package.
+<2> Use the https://docs.spring.io/spring-data/redis/reference/redis/drivers.html#redis:connectors:jedis[Jedis] Connector.
+<3> Register the custom ``Converter``'s that perform the Object-to-Hash conversion before persisting to Redis.
+<4> Register the `RedisRegisteredClientRepository` with the activated `OAuth2RegisteredClientRepository`.
+<5> Register the `RedisOAuth2AuthorizationService` with the activated `OAuth2AuthorizationGrantAuthorizationRepository`.
+<6> Register the `RedisOAuth2AuthorizationConsentService` with the activated `OAuth2UserConsentRepository`.

docs/spring-authorization-server-docs.gradle

@@ -12,6 +12,10 @@ java {
 	sourceCompatibility = JavaVersion.VERSION_17
 }
 
+compileJava {
+	options.compilerArgs << '-parameters'
+}
+
 antora {
 	options = [clean: true, fetch: !project.gradle.startParameter.offline, stacktrace: true]
 	environment = [
@@ -57,6 +61,10 @@ dependencies {
 	implementation "org.springframework.boot:spring-boot-starter-oauth2-client"
 	implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"
 	implementation "org.springframework.boot:spring-boot-starter-data-jpa"
+	implementation ("org.springframework.boot:spring-boot-starter-data-redis") {
+		exclude group: "io.lettuce", module: "lettuce-core"
+	}
+	implementation "redis.clients:jedis"
 	implementation "org.springframework:spring-webflux"
 	implementation project(":spring-security-oauth2-authorization-server")
 	runtimeOnly "com.h2database:h2"

docs/src/main/java/sample/redis/config/RedisConfig.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright 2020-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package sample.redis.config;
+
+import java.util.Arrays;
+
+import sample.redis.convert.BytesToClaimsHolderConverter;
+import sample.redis.convert.BytesToOAuth2AuthorizationRequestConverter;
+import sample.redis.convert.BytesToUsernamePasswordAuthenticationTokenConverter;
+import sample.redis.convert.ClaimsHolderToBytesConverter;
+import sample.redis.convert.OAuth2AuthorizationRequestToBytesConverter;
+import sample.redis.convert.UsernamePasswordAuthenticationTokenToBytesConverter;
+import sample.redis.repository.OAuth2AuthorizationGrantAuthorizationRepository;
+import sample.redis.repository.OAuth2RegisteredClientRepository;
+import sample.redis.repository.OAuth2UserConsentRepository;
+import sample.redis.service.RedisOAuth2AuthorizationConsentService;
+import sample.redis.service.RedisOAuth2AuthorizationService;
+import sample.redis.service.RedisRegisteredClientRepository;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.convert.RedisCustomConversions;
+import org.springframework.data.redis.repository.configuration.EnableRedisRepositories;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+
+@EnableRedisRepositories("sample.redis.repository")	// <1>
+@Configuration(proxyBeanMethods = false)
+public class RedisConfig {
+
+	@Bean
+	public RedisConnectionFactory redisConnectionFactory() {
+		return new JedisConnectionFactory();	// <2>
+	}
+
+	@Bean
+	public RedisTemplate<?, ?> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
+		RedisTemplate<byte[], byte[]> redisTemplate = new RedisTemplate<>();
+		redisTemplate.setConnectionFactory(redisConnectionFactory);
+		return redisTemplate;
+	}
+
+	@Bean
+	public RedisCustomConversions redisCustomConversions() {	// <3>
+		return new RedisCustomConversions(Arrays.asList(new UsernamePasswordAuthenticationTokenToBytesConverter(),
+				new BytesToUsernamePasswordAuthenticationTokenConverter(),
+				new OAuth2AuthorizationRequestToBytesConverter(), new BytesToOAuth2AuthorizationRequestConverter(),
+				new ClaimsHolderToBytesConverter(), new BytesToClaimsHolderConverter()));
+	}
+
+	@Bean
+	public RedisRegisteredClientRepository registeredClientRepository(
+			OAuth2RegisteredClientRepository registeredClientRepository) {
+		return new RedisRegisteredClientRepository(registeredClientRepository);	// <4>
+	}
+
+	@Bean
+	public RedisOAuth2AuthorizationService authorizationService(RegisteredClientRepository registeredClientRepository,
+			OAuth2AuthorizationGrantAuthorizationRepository authorizationGrantAuthorizationRepository) {
+		return new RedisOAuth2AuthorizationService(registeredClientRepository,
+				authorizationGrantAuthorizationRepository);	// <5>
+	}
+
+	@Bean
+	public RedisOAuth2AuthorizationConsentService authorizationConsentService(
+			OAuth2UserConsentRepository userConsentRepository) {
+		return new RedisOAuth2AuthorizationConsentService(userConsentRepository);	// <6>
+	}
+
+}

docs/src/main/java/sample/redis/convert/BytesToClaimsHolderConverter.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2020-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package sample.redis.convert;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import sample.redis.entity.OAuth2AuthorizationGrantAuthorization;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.data.convert.ReadingConverter;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
+
+@ReadingConverter
+public class BytesToClaimsHolderConverter
+		implements Converter<byte[], OAuth2AuthorizationGrantAuthorization.ClaimsHolder> {
+
+	private final Jackson2JsonRedisSerializer<OAuth2AuthorizationGrantAuthorization.ClaimsHolder> serializer;
+
+	public BytesToClaimsHolderConverter() {
+		ObjectMapper objectMapper = new ObjectMapper();
+		objectMapper
+			.registerModules(SecurityJackson2Modules.getModules(BytesToClaimsHolderConverter.class.getClassLoader()));
+		objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
+		objectMapper.addMixIn(OAuth2AuthorizationGrantAuthorization.ClaimsHolder.class, ClaimsHolderMixin.class);
+		this.serializer = new Jackson2JsonRedisSerializer<>(objectMapper,
+				OAuth2AuthorizationGrantAuthorization.ClaimsHolder.class);
+	}
+
+	@Override
+	public OAuth2AuthorizationGrantAuthorization.ClaimsHolder convert(byte[] value) {
+		return this.serializer.deserialize(value);
+	}
+
+}