From 48eb5e65755a5c2b94692087129cbd081712304c Mon Sep 17 00:00:00 2001 From: Li Shengzhao Date: Mon, 4 Apr 2016 19:56:16 +0800 Subject: [PATCH] =?UTF-8?q?(118)=20-=20Add=20java-config(=E9=9B=B6?= =?UTF-8?q?=E9=85=8D=E7=BD=AE)=20=E7=9A=84=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/AuthorizationServerConfigurer.java | 4 +- .../sos/config/OAuth2ServerConfig.java | 112 ++++++++++++++++++ .../sos/config/ServletInitializer.java | 32 ++--- .../config/UnityResourceServerConfigurer.java | 4 +- .../sos/config/WebSecurityConfigurer.java | 2 +- 5 files changed, 134 insertions(+), 20 deletions(-) create mode 100644 src/main/java/com/monkeyk/sos/config/OAuth2ServerConfig.java diff --git a/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java b/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java index 13a22ba..143e757 100644 --- a/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java +++ b/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java @@ -20,8 +20,8 @@ import org.springframework.security.oauth2.provider.token.DefaultTokenServices; * @author Shengzhao Li */ //AuthorizationServer -@Configuration -@EnableAuthorizationServer +//@Configuration +//@EnableAuthorizationServer public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter { // @Autowired diff --git a/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfig.java b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfig.java new file mode 100644 index 0000000..9d082ef --- /dev/null +++ b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfig.java @@ -0,0 +1,112 @@ +package com.monkeyk.sos.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.AccessDecisionManager; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; +import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; +import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.approval.UserApprovalHandler; +import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; +import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler; + +/** + * 2016/4/4 + * + * @author Shengzhao Li + */ +@Configuration +public class OAuth2ServerConfig { + + + // unity-resource + @Configuration + @EnableResourceServer + protected static class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter { + + + @Autowired + private AccessDecisionManager oauth2AccessDecisionManager; + + @Override + public void configure(ResourceServerSecurityConfigurer resources) { + resources.resourceId("unity-resource").stateless(false); + } + + @Override + public void configure(HttpSecurity http) throws Exception { +// final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler(); +// expressionHandler.setExpressionParser(); + + http.sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.NEVER) + .and() + .requestMatchers().antMatchers("/unity/**") + .and() + .authorizeRequests() +// .expressionHandler(expressionHandler) + .antMatchers("/unity/**") +// .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')") + .access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')") + .accessDecisionManager(oauth2AccessDecisionManager) + .and().csrf().disable(); + + } + + } + + + //AuthorizationServer + @Configuration + @EnableAuthorizationServer + protected static class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter { + +// @Autowired +// private DefaultTokenServices tokenServices; + + @Autowired + private UserApprovalHandler userApprovalHandler; + + @Autowired + private AuthorizationCodeServices authorizationCodeServices; + @Autowired + private ClientDetailsService clientDetailsService; + @Autowired + private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler; +// @Autowired +// private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint; + + @Override + public void configure(ClientDetailsServiceConfigurer clients) throws Exception { + clients.withClientDetails(clientDetailsService); + } + + + @Override + public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { + endpoints.userApprovalHandler(userApprovalHandler) +// .tokenServices(tokenServices) + .authorizationCodeServices(authorizationCodeServices); + } + + @Override + public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { + security.accessDeniedHandler(oauth2AccessDeniedHandler) +// .authenticationEntryPoint(oAuth2AuthenticationEntryPoint) + .allowFormAuthenticationForClients(); + security.realm("spring-oauth-server_realm"); + } + + + } + + +} diff --git a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java index 3116998..4a6a10e 100644 --- a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java +++ b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java @@ -2,8 +2,11 @@ package com.monkeyk.sos.config; import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter; import com.opensymphony.sitemesh.webapp.SiteMeshFilter; +import org.springframework.util.ClassUtils; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.filter.DelegatingFilterProxy; -import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; +import org.springframework.web.servlet.support.AbstractDispatcherServletInitializer; import org.springframework.web.util.Log4jConfigListener; import javax.servlet.ServletContext; @@ -18,22 +21,9 @@ import javax.servlet.ServletException; * * @author Shengzhao Li */ -public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { +public class ServletInitializer extends AbstractDispatcherServletInitializer { - @Override - protected Class[] getRootConfigClasses() { - return new Class[]{ContextConfigurer.class, - WebSecurityConfigurer.class, - AuthorizationServerConfigurer.class, - UnityResourceServerConfigurer.class}; - } - - @Override - protected Class[] getServletConfigClasses() { - return new Class[]{WebMvcConfigurer.class}; - } - @Override protected String[] getServletMappings() { return new String[]{"/"}; @@ -67,4 +57,16 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle servletContext.addListener(Log4jConfigListener.class); } + + @Override + protected WebApplicationContext createRootApplicationContext() { + return null; + } + + @Override + protected WebApplicationContext createServletApplicationContext() { + AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); + context.scan(ClassUtils.getPackageName(getClass())); + return context; + } } diff --git a/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java b/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java index 3fc320b..62e3986 100644 --- a/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java +++ b/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java @@ -15,8 +15,8 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Res * @author Shengzhao Li */ // unity-resource -@Configuration -@EnableResourceServer +//@Configuration +//@EnableResourceServer public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter { diff --git a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java index e3f7a6c..a2f4d44 100644 --- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java +++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java @@ -66,7 +66,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() - .antMatchers("/oauth/**").hasAnyRole("ROLE_USER,ROLE_UNITY,ROLE_MOBILE") + .antMatchers("/oauth/**").hasAnyRole("USER,UNITY,MOBILE") .antMatchers("/**").anonymous() .and() .exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")