Update oauth2 config

src/main/java/com/monkeyk/sos/config/ServletInitializer.java

@@ -2,11 +2,8 @@ package com.monkeyk.sos.config;
 
 import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter;
 import com.opensymphony.sitemesh.webapp.SiteMeshFilter;
-import org.springframework.util.ClassUtils;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 import org.springframework.web.filter.DelegatingFilterProxy;
-import org.springframework.web.servlet.support.AbstractDispatcherServletInitializer;
+import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 import org.springframework.web.util.Log4jConfigListener;
 
 import javax.servlet.ServletContext;
@@ -21,7 +18,7 @@ import javax.servlet.ServletException;
  *
  * @author Shengzhao Li
  */
-public class ServletInitializer extends AbstractDispatcherServletInitializer {
+public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
 
 
     @Override
@@ -58,15 +55,25 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
 
     }
 
+//    @Override
+//    protected WebApplicationContext createRootApplicationContext() {
+//        return createServletApplicationContext();
+//    }
+//
+//    @Override
+//    protected WebApplicationContext createServletApplicationContext() {
+//        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+//        context.scan(ClassUtils.getPackageName(getClass()));
+//        return context;
+//    }
+
     @Override
-    protected WebApplicationContext createRootApplicationContext() {
+    protected Class<?>[] getRootConfigClasses() {
-        return createServletApplicationContext();
+        return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class, OAuth2ServerConfig.class};
     }
 
     @Override
-    protected WebApplicationContext createServletApplicationContext() {
+    protected Class<?>[] getServletConfigClasses() {
-        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
+        return new Class[]{WebMvcConfigurer.class};
-        context.scan(ClassUtils.getPackageName(getClass()));
-        return context;
     }
 }

src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java

@@ -30,6 +30,7 @@ import org.springframework.security.oauth2.provider.request.DefaultOAuth2Request
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 import org.springframework.security.oauth2.provider.vote.ScopeVoter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import javax.sql.DataSource;
 import java.util.Arrays;
@@ -49,10 +50,19 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
     @Autowired
     private UserService userService;
 
+
+    @Autowired
+    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService);
+//        auth.inMemoryAuthentication().withUser("marissa").password("koala").roles("USER").and().withUser("paul")
+//                .password("emu").roles("USER");
+    }
+
+
     @Override
     public void configure(WebSecurity web) throws Exception {
-        web.expressionHandler(new OAuth2WebSecurityExpressionHandler());
         web.ignoring().antMatchers("/resources/**");
+        web.expressionHandler(new OAuth2WebSecurityExpressionHandler());
     }
 
     @Override
@@ -67,20 +77,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
 
         http.authorizeRequests()
                 .antMatchers("/oauth/**").hasAnyRole("ROLE_USER", "ROLE_UNITY", "ROLE_MOBILE")
-                .antMatchers("/**").anonymous()
+//                .antMatchers("/**").anonymous()
                 .and()
                 .exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")
                 .and()
-                .csrf().disable()
+                .csrf()
-                .formLogin().loginPage("/login.jsp")
+                .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize"))
-                .failureUrl("/login.jsp?authentication_error=1")
+                .disable()
-                .defaultSuccessUrl("/index.jsp")
+                .logout()
-                .loginProcessingUrl("/login.do")
+                .logoutUrl("/logout.do")
-                .and()
-                .logout().logoutUrl("/logout.do")
                 .logoutSuccessUrl("/index.jsp")
                 .and()
-                .anonymous();
+                .formLogin()
+                .loginProcessingUrl("/login.do")
+                .failureUrl("/login.jsp?authentication_error=1")
+                .loginPage("/login.jsp")
+                .defaultSuccessUrl("/index.jsp");
 
 
     }

src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java

@@ -16,6 +16,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.http.ResponseEntity;
@@ -59,7 +60,10 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
 
     @Autowired
     private ClientDetailsService clientDetailsService;
+
+    // consumerTokenServices,defaultAuthorizationServerTokenServices
     @Autowired
+    @Qualifier("defaultAuthorizationServerTokenServices")
     private AuthorizationServerTokenServices tokenServices;
     @Autowired
     private AuthorizationCodeServices authorizationCodeServices;