(118) - Add java-config(零配置) 的支持
Li Shengzhao
parent
c636a7a672
commit
48eb5e6575
|
|
@ -20,8 +20,8 @@ import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
|
||||||
* @author Shengzhao Li
|
* @author Shengzhao Li
|
||||||
*/
|
*/
|
||||||
//AuthorizationServer
|
//AuthorizationServer
|
||||||
@Configuration
|
//@Configuration
|
||||||
@EnableAuthorizationServer
|
//@EnableAuthorizationServer
|
||||||
public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
|
public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
|
||||||
|
|
||||||
// @Autowired
|
// @Autowired
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,112 @@
|
||||||
|
package com.monkeyk.sos.config;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.access.AccessDecisionManager;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
|
||||||
|
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
||||||
|
import org.springframework.security.oauth2.provider.ClientDetailsService;
|
||||||
|
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
|
||||||
|
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
|
||||||
|
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 2016/4/4
|
||||||
|
*
|
||||||
|
* @author Shengzhao Li
|
||||||
|
*/
|
||||||
|
@Configuration
|
||||||
|
public class OAuth2ServerConfig {
|
||||||
|
|
||||||
|
|
||||||
|
// unity-resource
|
||||||
|
@Configuration
|
||||||
|
@EnableResourceServer
|
||||||
|
protected static class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
|
||||||
|
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private AccessDecisionManager oauth2AccessDecisionManager;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(ResourceServerSecurityConfigurer resources) {
|
||||||
|
resources.resourceId("unity-resource").stateless(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(HttpSecurity http) throws Exception {
|
||||||
|
// final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
|
||||||
|
// expressionHandler.setExpressionParser();
|
||||||
|
|
||||||
|
http.sessionManagement()
|
||||||
|
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
|
||||||
|
.and()
|
||||||
|
.requestMatchers().antMatchers("/unity/**")
|
||||||
|
.and()
|
||||||
|
.authorizeRequests()
|
||||||
|
// .expressionHandler(expressionHandler)
|
||||||
|
.antMatchers("/unity/**")
|
||||||
|
// .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
|
||||||
|
.access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
|
||||||
|
.accessDecisionManager(oauth2AccessDecisionManager)
|
||||||
|
.and().csrf().disable();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
//AuthorizationServer
|
||||||
|
@Configuration
|
||||||
|
@EnableAuthorizationServer
|
||||||
|
protected static class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
|
||||||
|
|
||||||
|
// @Autowired
|
||||||
|
// private DefaultTokenServices tokenServices;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private UserApprovalHandler userApprovalHandler;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private AuthorizationCodeServices authorizationCodeServices;
|
||||||
|
@Autowired
|
||||||
|
private ClientDetailsService clientDetailsService;
|
||||||
|
@Autowired
|
||||||
|
private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
|
||||||
|
// @Autowired
|
||||||
|
// private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
||||||
|
clients.withClientDetails(clientDetailsService);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
|
||||||
|
endpoints.userApprovalHandler(userApprovalHandler)
|
||||||
|
// .tokenServices(tokenServices)
|
||||||
|
.authorizationCodeServices(authorizationCodeServices);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
|
||||||
|
security.accessDeniedHandler(oauth2AccessDeniedHandler)
|
||||||
|
// .authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
|
||||||
|
.allowFormAuthenticationForClients();
|
||||||
|
security.realm("spring-oauth-server_realm");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -2,8 +2,11 @@ package com.monkeyk.sos.config;
|
||||||
|
|
||||||
import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter;
|
import com.monkeyk.sos.web.filter.CharacterEncodingIPFilter;
|
||||||
import com.opensymphony.sitemesh.webapp.SiteMeshFilter;
|
import com.opensymphony.sitemesh.webapp.SiteMeshFilter;
|
||||||
|
import org.springframework.util.ClassUtils;
|
||||||
|
import org.springframework.web.context.WebApplicationContext;
|
||||||
|
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
||||||
import org.springframework.web.filter.DelegatingFilterProxy;
|
import org.springframework.web.filter.DelegatingFilterProxy;
|
||||||
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
|
import org.springframework.web.servlet.support.AbstractDispatcherServletInitializer;
|
||||||
import org.springframework.web.util.Log4jConfigListener;
|
import org.springframework.web.util.Log4jConfigListener;
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
|
|
@ -18,22 +21,9 @@ import javax.servlet.ServletException;
|
||||||
*
|
*
|
||||||
* @author Shengzhao Li
|
* @author Shengzhao Li
|
||||||
*/
|
*/
|
||||||
public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
|
public class ServletInitializer extends AbstractDispatcherServletInitializer {
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Class<?>[] getRootConfigClasses() {
|
|
||||||
return new Class[]{ContextConfigurer.class,
|
|
||||||
WebSecurityConfigurer.class,
|
|
||||||
AuthorizationServerConfigurer.class,
|
|
||||||
UnityResourceServerConfigurer.class};
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Class<?>[] getServletConfigClasses() {
|
|
||||||
return new Class[]{WebMvcConfigurer.class};
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected String[] getServletMappings() {
|
protected String[] getServletMappings() {
|
||||||
return new String[]{"/"};
|
return new String[]{"/"};
|
||||||
|
|
@ -67,4 +57,16 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle
|
||||||
servletContext.addListener(Log4jConfigListener.class);
|
servletContext.addListener(Log4jConfigListener.class);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected WebApplicationContext createRootApplicationContext() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected WebApplicationContext createServletApplicationContext() {
|
||||||
|
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
|
||||||
|
context.scan(ClassUtils.getPackageName(getClass()));
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,8 +15,8 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Res
|
||||||
* @author Shengzhao Li
|
* @author Shengzhao Li
|
||||||
*/
|
*/
|
||||||
// unity-resource
|
// unity-resource
|
||||||
@Configuration
|
//@Configuration
|
||||||
@EnableResourceServer
|
//@EnableResourceServer
|
||||||
public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
|
public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
|
||||||
http.authorizeRequests()
|
http.authorizeRequests()
|
||||||
.antMatchers("/oauth/**").hasAnyRole("ROLE_USER,ROLE_UNITY,ROLE_MOBILE")
|
.antMatchers("/oauth/**").hasAnyRole("USER,UNITY,MOBILE")
|
||||||
.antMatchers("/**").anonymous()
|
.antMatchers("/**").anonymous()
|
||||||
.and()
|
.and()
|
||||||
.exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")
|
.exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue