diff --git a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java index cf341c4..0ee1db5 100644 --- a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java +++ b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java @@ -2,11 +2,8 @@ package com.monkeyk.sos.config; import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter; import com.opensymphony.sitemesh.webapp.SiteMeshFilter; -import org.springframework.util.ClassUtils; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.filter.DelegatingFilterProxy; -import org.springframework.web.servlet.support.AbstractDispatcherServletInitializer; +import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; import org.springframework.web.util.Log4jConfigListener; import javax.servlet.ServletContext; @@ -21,7 +18,7 @@ import javax.servlet.ServletException; * * @author Shengzhao Li */ -public class ServletInitializer extends AbstractDispatcherServletInitializer { +public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override @@ -58,15 +55,25 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer { } +// @Override +// protected WebApplicationContext createRootApplicationContext() { +// return createServletApplicationContext(); +// } +// +// @Override +// protected WebApplicationContext createServletApplicationContext() { +// AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); +// context.scan(ClassUtils.getPackageName(getClass())); +// return context; +// } + @Override - protected WebApplicationContext createRootApplicationContext() { - return createServletApplicationContext(); + protected Class[] getRootConfigClasses() { + return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class, OAuth2ServerConfig.class}; } @Override - protected WebApplicationContext createServletApplicationContext() { - AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); - context.scan(ClassUtils.getPackageName(getClass())); - return context; + protected Class[] getServletConfigClasses() { + return new Class[]{WebMvcConfigurer.class}; } } diff --git a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java index 65f6f44..756475a 100644 --- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java +++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java @@ -30,6 +30,7 @@ import org.springframework.security.oauth2.provider.request.DefaultOAuth2Request import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import org.springframework.security.oauth2.provider.vote.ScopeVoter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import javax.sql.DataSource; import java.util.Arrays; @@ -49,10 +50,19 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; + + @Autowired + public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userService); +// auth.inMemoryAuthentication().withUser("marissa").password("koala").roles("USER").and().withUser("paul") +// .password("emu").roles("USER"); + } + + @Override public void configure(WebSecurity web) throws Exception { - web.expressionHandler(new OAuth2WebSecurityExpressionHandler()); web.ignoring().antMatchers("/resources/**"); + web.expressionHandler(new OAuth2WebSecurityExpressionHandler()); } @Override @@ -67,20 +77,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { http.authorizeRequests() .antMatchers("/oauth/**").hasAnyRole("ROLE_USER", "ROLE_UNITY", "ROLE_MOBILE") - .antMatchers("/**").anonymous() +// .antMatchers("/**").anonymous() .and() .exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2") .and() - .csrf().disable() - .formLogin().loginPage("/login.jsp") - .failureUrl("/login.jsp?authentication_error=1") - .defaultSuccessUrl("/index.jsp") - .loginProcessingUrl("/login.do") - .and() - .logout().logoutUrl("/logout.do") + .csrf() + .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) + .disable() + .logout() + .logoutUrl("/logout.do") .logoutSuccessUrl("/index.jsp") .and() - .anonymous(); + .formLogin() + .loginProcessingUrl("/login.do") + .failureUrl("/login.jsp?authentication_error=1") + .loginPage("/login.jsp") + .defaultSuccessUrl("/index.jsp"); } diff --git a/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java b/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java index 1a3dae0..7f779e7 100644 --- a/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java +++ b/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java @@ -16,6 +16,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.BeansException; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; import org.springframework.http.ResponseEntity; @@ -59,7 +60,10 @@ public class OAuthRestController implements InitializingBean, ApplicationContext @Autowired private ClientDetailsService clientDetailsService; + + // consumerTokenServices,defaultAuthorizationServerTokenServices @Autowired + @Qualifier("defaultAuthorizationServerTokenServices") private AuthorizationServerTokenServices tokenServices; @Autowired private AuthorizationCodeServices authorizationCodeServices;