gitee
/
spring-oauth-server
mirror of https://gitee.com/shengzhao/spring-oauth-server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update oauth2 config

2.0.0
LSZ 2016-05-24 23:02:17 +08:00
parent 93851696a4
commit 2baad37216
7 changed files with 38 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java
View File

@ -1,64 +0,0 @@
package com.monkeyk.sos.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
/**
* 2016/4/4
*
* @author Shengzhao Li
*/
//AuthorizationServer
//@Configuration
//@EnableAuthorizationServer
public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
// @Autowired
// private DefaultTokenServices tokenServices;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
private AuthorizationCodeServices authorizationCodeServices;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
@Autowired
private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.userApprovalHandler(userApprovalHandler)
// .tokenServices(tokenServices)
.authorizationCodeServices(authorizationCodeServices);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.accessDeniedHandler(oauth2AccessDeniedHandler)
.authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
.allowFormAuthenticationForClients();
security.realm("spring-oauth-server_realm");
}
}

25
src/main/java/com/monkeyk/sos/config/MethodSecurityConfig.java
View File

@ -1,25 +0,0 @@
package com.monkeyk.sos.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
/**
* 2016/4/4
*
* @author Shengzhao Li
*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
// return new DefaultMethodSecurityExpressionHandler();
}
}

57
src/main/java/com/monkeyk/sos/config/OAuth2ServerConfig.java
View File

@ -13,10 +13,9 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;
/**
* 2016/4/4
@ -26,11 +25,13 @@ import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHand
@Configuration
public class OAuth2ServerConfig {
private static final String UNITY_RESOURCE_ID = "unity-resource";
private static final String MOBILE_RESOURCE_ID = "mobile-resource";
// unity-resource
@Configuration
@EnableResourceServer
protected static class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
protected static class UnityResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
@ -38,26 +39,22 @@ public class OAuth2ServerConfig {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("unity-resource").stateless(false);
resources.resourceId(UNITY_RESOURCE_ID).stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
// final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
// expressionHandler.setExpressionParser();
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.requestMatchers().antMatchers("/unity/**")
.and()
.authorizeRequests()
// .expressionHandler(expressionHandler)
.antMatchers("/unity/**")
// .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
.access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
.accessDecisionManager(oauth2AccessDecisionManager)
.and().csrf().disable();
.access("#oauth2.hasScope('read') or (!#oauth2.isOAuth() and hasRole('ROLE_UNITY'))");
// .accessDecisionManager(oauth2AccessDecisionManager)
// .and().csrf().disable();
}
@ -67,41 +64,57 @@ public class OAuth2ServerConfig {
//AuthorizationServer
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
// @Autowired
// private DefaultTokenServices tokenServices;
@Autowired
private TokenStore tokenStore;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
private AuthorizationCodeServices authorizationCodeServices;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
// @Autowired
// private ClientDetailsService clientDetailsService;
// @Autowired
// private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
// @Autowired
// private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
// clients.withClientDetails(clientDetailsService);
clients.inMemory().withClient("unity-client")
.resourceIds(UNITY_RESOURCE_ID)
.authorizedGrantTypes("authorization_code", "refresh_token", "implicit")
.authorities("ROLE_UNITY")
.scopes("read")
.secret("unity")
.and()
.withClient("mobile-client")
.resourceIds(MOBILE_RESOURCE_ID)
.authorizedGrantTypes("password", "refresh_token")
.authorities("ROLE_CLIENT")
.scopes("read")
.secret("mobile");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.userApprovalHandler(userApprovalHandler)
// .tokenServices(tokenServices)
endpoints.tokenStore(tokenStore)
.userApprovalHandler(userApprovalHandler)
.authorizationCodeServices(authorizationCodeServices);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.accessDeniedHandler(oauth2AccessDeniedHandler)
// security.accessDeniedHandler(oauth2AccessDeniedHandler)
// .authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
.allowFormAuthenticationForClients();
// .allowFormAuthenticationForClients();
security.realm("spring-oauth-server_realm");
}

2
src/main/java/com/monkeyk/sos/config/ServletInitializer.java
View File

@ -60,7 +60,7 @@ public class ServletInitializer extends AbstractDispatcherServletInitializer {
@Override
protected WebApplicationContext createRootApplicationContext() {
return null;
return createServletApplicationContext();
}
@Override

52
src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java
View File

@ -1,52 +0,0 @@
package com.monkeyk.sos.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
/**
* 2016/4/4
*
* @author Shengzhao Li
*/
// unity-resource
//@Configuration
//@EnableResourceServer
public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
@Autowired
private AccessDecisionManager oauth2AccessDecisionManager;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("unity-resource").stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
// final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
// expressionHandler.setExpressionParser();
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.requestMatchers().antMatchers("/unity/**")
.and()
.authorizeRequests()
// .expressionHandler(expressionHandler)
.antMatchers("/unity/**")
// .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
.access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
.accessDecisionManager(oauth2AccessDecisionManager)
.and().csrf().disable();
}
}

3
src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
View File

@ -66,7 +66,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/oauth/**").hasAnyRole("USER,UNITY,MOBILE")
.antMatchers("/oauth/**").hasAnyRole("ROLE_USER", "ROLE_UNITY", "ROLE_MOBILE")
.antMatchers("/**").anonymous()
.and()
.exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")
@ -184,5 +184,4 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
// }
}

31
src/main/webapp/login.jsp
View File

@ -45,35 +45,6 @@
</div>
</div>
<div>
<p>You can use the users to login as follow:</p>
<table class="table table-bordered">
<thead>
<tr>
<th>Username</th>
<th>Password</th>
<th>Privileges</th>
</tr>
</thead>
<tbody>
<tr>
<td>admin</td>
<td>admin</td>
<td>All privileges, allow visit [Mobile] and [Unity] resources</td>
</tr>
<tr>
<td>unity</td>
<td>unity</td>
<td>Only allow visit [Unity] resource, support grant_type:
<em>authorization_code,refresh_token,implicit</em></td>
</tr>
<tr>
<td>mobile</td>
<td>mobile</td>
<td>Only allow visit [Mobile] resource, support grant_type: <em>password,refresh_token</em></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>