diff --git a/docs/src/docs/asciidoc/getting-help.adoc b/docs/src/docs/asciidoc/getting-help.adoc index 63413e35..3e49831b 100644 --- a/docs/src/docs/asciidoc/getting-help.adoc +++ b/docs/src/docs/asciidoc/getting-help.adoc @@ -1,14 +1,14 @@ [[getting-help]] = Getting Help -[[getting-help-community]] +[[community]] == Community Welcome to the https://docs.spring.io/spring-security/reference/community.html[Spring Security Community]. Spring Authorization Server is an open source project led by the Spring Security team. If you need help with Spring Authorization Server, we are here to help. -[[getting-help-resources]] +[[resources]] == Resources The following are some of the best ways to get help: diff --git a/docs/src/docs/asciidoc/guides/how-to-jpa.adoc b/docs/src/docs/asciidoc/guides/how-to-jpa.adoc index f1f3c0c4..1dea8bb8 100644 --- a/docs/src/docs/asciidoc/guides/how-to-jpa.adoc +++ b/docs/src/docs/asciidoc/guides/how-to-jpa.adoc @@ -4,13 +4,13 @@ :docs-dir: .. :examples-dir: ../examples -[[jpa-getting-started]] +[[getting-started]] == Getting Started This guide shows how to implement the xref:{docs-dir}/core-model-components.adoc#core-model-components[core services] of xref:{docs-dir}/index.adoc#top[Spring Authorization Server] with JPA. The purpose of this guide is to provide a starting point for implementing these services yourself, with the intention that you can make modifications to suit your needs. -[[jpa-define-data-model]] +[[define-data-model]] == Define the data model This guide provides a starting point for the data model and uses the simplest possible structure and data types. @@ -20,7 +20,7 @@ NOTE: Except for token, state, metadata, settings, and claims values, we use the In reality, the length and even type of columns you use may need to be customized. You are encouraged to experiment and test before deploying to production. -[[jpa-client-schema]] +[[client-schema]] === Client Schema The xref:{docs-dir}/core-model-components.adoc#registered-client[`RegisteredClient`] domain object contains a few multi-valued fields and some settings fields that require storing arbitrary key/value data. @@ -32,7 +32,7 @@ The following listing shows the `client` schema. include::{examples-dir}/src/main/resources/oauth2-registered-client-schema.sql[] ---- -[[jpa-authorization-schema]] +[[authorization-schema]] === Authorization Schema The xref:{docs-dir}/core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain object is more complex and contains several multi-valued fields as well as numerous arbitrarily long token values, metadata, settings and claims values. @@ -49,7 +49,7 @@ The following listing shows the `authorization` schema. include::{examples-dir}/src/main/resources/oauth2-authorization-schema.sql[] ---- -[[jpa-authorization-consent-schema]] +[[authorization-consent-schema]] === Authorization Consent Schema The xref:{docs-dir}/core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain object is the simplest to model and contains only a single multi-valued field in addition to a composite key. @@ -61,7 +61,7 @@ The following listing shows the `authorizationConsent` schema. include::{examples-dir}/src/main/resources/oauth2-authorization-consent-schema.sql[] ---- -[[jpa-create-jpa-entities]] +[[create-jpa-entities]] == Create JPA entities The preceding schema examples provide a reference for the structure of the entities we need to create. @@ -69,7 +69,7 @@ The preceding schema examples provide a reference for the structure of the entit NOTE: The following entities are minimally annotated and are just examples. They allow the schema to be created dynamically and therefore do not require the above sql scripts to be executed manually. -[[jpa-client-entity]] +[[client-entity]] === Client Entity The following listing shows the `Client` entity, which is used to persist information mapped from the xref:{docs-dir}/core-model-components.adoc#registered-client[`RegisteredClient`] domain object. @@ -80,7 +80,7 @@ The following listing shows the `Client` entity, which is used to persist inform include::{examples-dir}/src/main/java/sample/jpa/Client.java[tag=class] ---- -[[jpa-authorization-entity]] +[[authorization-entity]] === Authorization Entity The following listing shows the `Authorization` entity, which is used to persist information mapped from the xref:{docs-dir}/core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain object. @@ -91,7 +91,7 @@ The following listing shows the `Authorization` entity, which is used to persist include::{examples-dir}/src/main/java/sample/jpa/Authorization.java[tag=class] ---- -[[jpa-authorization-consent-entity]] +[[authorization-consent-entity]] === Authorization Consent Entity The following listing shows the `AuthorizationConsent` entity, which is used to persist information mapped from the xref:{docs-dir}/core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain object. @@ -102,15 +102,15 @@ The following listing shows the `AuthorizationConsent` entity, which is used to include::{examples-dir}/src/main/java/sample/jpa/AuthorizationConsent.java[tag=class] ---- -[[jpa-create-spring-data-repositories]] +[[create-spring-data-repositories]] == Create Spring Data repositories By closely examining the interfaces of each core service and reviewing the `Jdbc` implementations, we can derive a minimal set of queries needed for supporting a JPA version of each interface. -[[jpa-client-repository]] +[[client-repository]] === Client Repository -The following listing shows the `ClientRepository`, which is able to find a <> by the `id` and `clientId` fields. +The following listing shows the `ClientRepository`, which is able to find a <> by the `id` and `clientId` fields. .Client Repository [source,java] @@ -118,10 +118,10 @@ The following listing shows the `ClientRepository`, which is able to find a <> by the `id` field as well as the `state`, `authorizationCodeValue`, `accessTokenValue` and `refreshTokenValue` token fields. +The following listing shows the `AuthorizationRepository`, which is able to find an <> by the `id` field as well as the `state`, `authorizationCodeValue`, `accessTokenValue` and `refreshTokenValue` token fields. It also allows querying a combination of token fields. .Authorization Repository @@ -130,10 +130,10 @@ It also allows querying a combination of token fields. include::{examples-dir}/src/main/java/sample/jpa/AuthorizationRepository.java[tag=class] ---- -[[jpa-authorization-consent-repository]] +[[authorization-consent-repository]] === Authorization Consent Repository -The following listing shows the `AuthorizationConsentRepository`, which is able to find and delete an <> by the `registeredClientId` and `principalName` fields that form a composite primary key. +The following listing shows the `AuthorizationConsentRepository`, which is able to find and delete an <> by the `registeredClientId` and `principalName` fields that form a composite primary key. .Authorization Consent Repository [source,java] @@ -141,19 +141,19 @@ The following listing shows the `AuthorizationConsentRepository`, which is able include::{examples-dir}/src/main/java/sample/jpa/AuthorizationConsentRepository.java[tag=class] ---- -[[jpa-implement-core-services]] +[[implement-core-services]] == Implement core services -With the above <> and <>, we can begin implementing the core services. +With the above <> and <>, we can begin implementing the core services. By reviewing the `Jdbc` implementations, we can derive a minimal set of internal utilities for converting to and from string values for enumerations and reading and writing JSON data for attributes, settings, metadata and claims fields. CAUTION: Keep in mind that writing JSON data to text columns with a fixed length has proven problematic with the `Jdbc` implementations. While these examples continue to do so, you may need to split these fields out into a separate table or data store that supports arbitrarily long data values. -[[jpa-registered-client-repository]] +[[registered-client-repository]] === Registered Client Repository -The following listing shows the `JpaRegisteredClientRepository`, which uses a <> for persisting a <> and maps to and from the xref:{docs-dir}/core-model-components.adoc#registered-client[`RegisteredClient`] domain object. +The following listing shows the `JpaRegisteredClientRepository`, which uses a <> for persisting a <> and maps to and from the xref:{docs-dir}/core-model-components.adoc#registered-client[`RegisteredClient`] domain object. .`RegisteredClientRepository` Implementation [source,java] @@ -161,10 +161,10 @@ The following listing shows the `JpaRegisteredClientRepository`, which uses a << include::{examples-dir}/src/main/java/sample/jpa/JpaRegisteredClientRepository.java[tag=class] ---- -[[jpa-authorization-service]] +[[authorization-service]] === Authorization Service -The following listing shows the `JpaOAuth2AuthorizationService`, which uses an <> for persisting an <> and maps to and from the xref:{docs-dir}/core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain object. +The following listing shows the `JpaOAuth2AuthorizationService`, which uses an <> for persisting an <> and maps to and from the xref:{docs-dir}/core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain object. .`OAuth2AuthorizationService` Implementation [source,java] @@ -172,10 +172,10 @@ The following listing shows the `JpaOAuth2AuthorizationService`, which uses an < include::{examples-dir}/src/main/java/sample/jpa/JpaOAuth2AuthorizationService.java[tag=class] ---- -[[jpa-authorization-consent-service]] +[[authorization-consent-service]] === Authorization Consent Service -The following listing shows the `JpaOAuth2AuthorizationConsentService`, which uses an <> for persisting an <> and maps to and from the xref:{docs-dir}/core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain object. +The following listing shows the `JpaOAuth2AuthorizationConsentService`, which uses an <> for persisting an <> and maps to and from the xref:{docs-dir}/core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain object. .`OAuth2AuthorizationConsentService` Implementation [source,java] diff --git a/docs/src/docs/asciidoc/overview.adoc b/docs/src/docs/asciidoc/overview.adoc index 28c5df59..5f5f85e0 100644 --- a/docs/src/docs/asciidoc/overview.adoc +++ b/docs/src/docs/asciidoc/overview.adoc @@ -5,13 +5,13 @@ This site contains reference documentation and how-to guides for Spring Authorization Server. -[[overview-introducing-spring-authorization-server]] +[[introducing-spring-authorization-server]] == Introducing Spring Authorization Server Spring Authorization Server is a framework that provides implementations of the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05[OAuth 2.1] and https://openid.net/specs/openid-connect-core-1_0.html[OpenID Connect 1.0] specifications and other related specifications. It is built on top of https://spring.io/projects/spring-security[Spring Security] to provide a secure, light-weight, and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products. -[[overview-feature-list]] +[[feature-list]] == Feature List Spring Authorization Server supports the following features: