diff --git a/README.md b/README.md index c4bed1d..71f8267 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ #spring-oauth-server -java config版本 +java config版本 (developing) <strong>Spring与Oauth2的整合示例</strong> diff --git a/src/main/resources/spring/security.xml b/src/main/resources/spring/security.xml.old similarity index 97% rename from src/main/resources/spring/security.xml rename to src/main/resources/spring/security.xml.old index 7f245ad..90c0875 100644 --- a/src/main/resources/spring/security.xml +++ b/src/main/resources/spring/security.xml.old @@ -1,196 +1,196 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans:beans xmlns="http://www.springframework.org/schema/security" - xmlns:beans="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" - xmlns:mvc="http://www.springframework.org/schema/mvc" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd - http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-4.0.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd"> - - <!--<debug/>--> - - <!--static url pattern--> - <!--<http pattern="/resources/**" security="none"/>--> - - - <!-- - Oauth server start............. - https://github.com/spring-projects/spring-security-oauth/blob/master/docs/oauth2.md - --> - - <mvc:annotation-driven/> - <mvc:default-servlet-handler/> - - <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="oauth2AuthenticationManager" - entry-point-ref="oauth2AuthenticationEntryPoint" use-expressions="false"> - <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/> - <anonymous enabled="false"/> - <http-basic entry-point-ref="oauth2AuthenticationEntryPoint"/> - - <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/> - <access-denied-handler ref="oauth2AccessDeniedHandler"/> - <csrf disabled="true"/> - </http> - - <!--unity http configuration--> - <http pattern="/unity/**" create-session="never" entry-point-ref="oauth2AuthenticationEntryPoint" - access-decision-manager-ref="oauth2AccessDecisionManager" use-expressions="false"> - <anonymous enabled="false"/> - - <intercept-url pattern="/unity/**" access="ROLE_UNITY,SCOPE_READ"/> - - <custom-filter ref="unityResourceServer" before="PRE_AUTH_FILTER"/> - <access-denied-handler ref="oauth2AccessDeniedHandler"/> - <csrf disabled="true"/> - </http> - - <!--mobile http configuration--> - <http pattern="/m/**" create-session="never" entry-point-ref="oauth2AuthenticationEntryPoint" - access-decision-manager-ref="oauth2AccessDecisionManager" use-expressions="false"> - <anonymous enabled="false"/> - - <intercept-url pattern="/m/**" access="ROLE_MOBILE,SCOPE_READ"/> - - <custom-filter ref="mobileResourceServer" before="PRE_AUTH_FILTER"/> - <access-denied-handler ref="oauth2AccessDeniedHandler"/> - <csrf disabled="true"/> - </http> - - <beans:bean id="clientCredentialsTokenEndpointFilter" - class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> - <beans:property name="authenticationManager" ref="oauth2AuthenticationManager"/> - </beans:bean> - - <!--unity resource server filter--> - <oauth2:resource-server id="unityResourceServer" resource-id="unity-resource" token-services-ref="tokenServices"/> - - <!--mobile resource server filter--> - <oauth2:resource-server id="mobileResourceServer" resource-id="mobile-resource" token-services-ref="tokenServices"/> - - <!--Config ClientDetailsService--> - <!--<oauth2:client-details-service id="clientDetailsService">--> - - <!--<!–unity client–>--> - <!--<oauth2:client client-id="unity-client" resource-ids="unity-resource"--> - <!--authorized-grant-types="password,authorization_code,refresh_token,implicit"--> - <!--secret="unity" authorities="ROLE_UNITY" scope="read,write"/>--> - - <!--<!–mobile client–>--> - <!--<oauth2:client client-id="mobile-client" resource-ids="mobile-resource"--> - <!--authorized-grant-types="password,authorization_code,refresh_token,implicit"--> - <!--secret="mobile" authorities="ROLE_MOBILE" scope="read,write"/>--> - - <!--</oauth2:client-details-service>--> - - <beans:bean id="clientDetailsService" class="com.monkeyk.sos.domain.oauth.CustomJdbcClientDetailsService"> - <beans:constructor-arg index="0" ref="dataSource"/> - </beans:bean> - - - <!--Config token services--> - <!--<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore"/>--> - <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore"> - <beans:constructor-arg index="0" ref="dataSource"/> - </beans:bean> - - <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> - <beans:property name="tokenStore" ref="tokenStore"/> - <beans:property name="clientDetailsService" ref="clientDetailsService"/> - <beans:property name="supportRefreshToken" value="true"/> - </beans:bean> - - <!--<global-method-security pre-post-annotations="enabled" proxy-target-class="true">--> - <!--<expression-handler ref="oauth2ExpressionHandler"/>--> - <!--</global-method-security>--> - - <!--<oauth2:expression-handler id="oauth2ExpressionHandler"/>--> - <!--<oauth2:web-expression-handler id="oauth2WebExpressionHandler"/>--> - - <beans:bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory" - id="oAuth2RequestFactory"> - <beans:constructor-arg name="clientDetailsService" ref="clientDetailsService"/> - </beans:bean> - - - <beans:bean id="oauthUserApprovalHandler" class="com.monkeyk.sos.web.oauth.OauthUserApprovalHandler"> - <beans:property name="tokenStore" ref="tokenStore"/> - <beans:property name="clientDetailsService" ref="clientDetailsService"/> - <beans:property name="requestFactory" ref="oAuth2RequestFactory"/> - <beans:property name="oauthService" ref="oauthService"/> - </beans:bean> - - - <beans:bean id="jdbcAuthorizationCodeServices" - class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices"> - <beans:constructor-arg index="0" ref="dataSource"/> - </beans:bean> - - - <oauth2:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices" - user-approval-handler-ref="oauthUserApprovalHandler" - user-approval-page="oauth_approval" - error-page="oauth_error"> - <oauth2:authorization-code authorization-code-services-ref="jdbcAuthorizationCodeServices"/> - <oauth2:implicit/> - <oauth2:refresh-token/> - <oauth2:client-credentials/> - <oauth2:password/> - </oauth2:authorization-server> - - - <beans:bean id="oauth2AuthenticationEntryPoint" - class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"/> - - - <beans:bean id="oauth2ClientDetailsUserService" - class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> - <beans:constructor-arg ref="clientDetailsService"/> - </beans:bean> - - <authentication-manager id="oauth2AuthenticationManager"> - <authentication-provider user-service-ref="oauth2ClientDetailsUserService"/> - </authentication-manager> - - <beans:bean id="oauth2AccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> - <beans:constructor-arg> - <beans:list> - <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/> - <beans:bean class="org.springframework.security.access.vote.RoleVoter"/> - <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> - </beans:list> - </beans:constructor-arg> - </beans:bean> - - - <beans:bean id="oauth2AccessDeniedHandler" - class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/> - - - <http disable-url-rewriting="true" use-expressions="false" - authentication-manager-ref="authenticationManager"> - <intercept-url pattern="/oauth/**" access="ROLE_USER,ROLE_UNITY,ROLE_MOBILE"/> - <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> - - <form-login authentication-failure-url="/login.jsp?authentication_error=1" default-target-url="/index.jsp" - login-page="/login.jsp" login-processing-url="/login.do"/> - <logout logout-success-url="/index.jsp" logout-url="/logout.do"/> - <access-denied-handler error-page="/login.jsp?authorization_error=2"/> - <anonymous/> - <csrf disabled="true"/> - </http> - - - <authentication-manager alias="authenticationManager"> - <authentication-provider user-service-ref="userService"> - <password-encoder hash="md5"/> - </authentication-provider> - </authentication-manager> - - - <!-- - Oauth server end............. - --> - - +<?xml version="1.0" encoding="UTF-8"?> +<beans:beans xmlns="http://www.springframework.org/schema/security" + xmlns:beans="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd + http://www.springframework.org/schema/security + http://www.springframework.org/schema/security/spring-security-4.0.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd"> + + <!--<debug/>--> + + <!--static url pattern--> + <!--<http pattern="/resources/**" security="none"/>--> + + + <!-- + Oauth server start............. + https://github.com/spring-projects/spring-security-oauth/blob/master/docs/oauth2.md + --> + + <mvc:annotation-driven/> + <mvc:default-servlet-handler/> + + <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="oauth2AuthenticationManager" + entry-point-ref="oauth2AuthenticationEntryPoint" use-expressions="false"> + <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/> + <anonymous enabled="false"/> + <http-basic entry-point-ref="oauth2AuthenticationEntryPoint"/> + + <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/> + <access-denied-handler ref="oauth2AccessDeniedHandler"/> + <csrf disabled="true"/> + </http> + + <!--unity http configuration--> + <http pattern="/unity/**" create-session="never" entry-point-ref="oauth2AuthenticationEntryPoint" + access-decision-manager-ref="oauth2AccessDecisionManager" use-expressions="false"> + <anonymous enabled="false"/> + + <intercept-url pattern="/unity/**" access="ROLE_UNITY,SCOPE_READ"/> + + <custom-filter ref="unityResourceServer" before="PRE_AUTH_FILTER"/> + <access-denied-handler ref="oauth2AccessDeniedHandler"/> + <csrf disabled="true"/> + </http> + + <!--mobile http configuration--> + <http pattern="/m/**" create-session="never" entry-point-ref="oauth2AuthenticationEntryPoint" + access-decision-manager-ref="oauth2AccessDecisionManager" use-expressions="false"> + <anonymous enabled="false"/> + + <intercept-url pattern="/m/**" access="ROLE_MOBILE,SCOPE_READ"/> + + <custom-filter ref="mobileResourceServer" before="PRE_AUTH_FILTER"/> + <access-denied-handler ref="oauth2AccessDeniedHandler"/> + <csrf disabled="true"/> + </http> + + <beans:bean id="clientCredentialsTokenEndpointFilter" + class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> + <beans:property name="authenticationManager" ref="oauth2AuthenticationManager"/> + </beans:bean> + + <!--unity resource server filter--> + <oauth2:resource-server id="unityResourceServer" resource-id="unity-resource" token-services-ref="tokenServices"/> + + <!--mobile resource server filter--> + <oauth2:resource-server id="mobileResourceServer" resource-id="mobile-resource" token-services-ref="tokenServices"/> + + <!--Config ClientDetailsService--> + <!--<oauth2:client-details-service id="clientDetailsService">--> + + <!--<!–unity client–>--> + <!--<oauth2:client client-id="unity-client" resource-ids="unity-resource"--> + <!--authorized-grant-types="password,authorization_code,refresh_token,implicit"--> + <!--secret="unity" authorities="ROLE_UNITY" scope="read,write"/>--> + + <!--<!–mobile client–>--> + <!--<oauth2:client client-id="mobile-client" resource-ids="mobile-resource"--> + <!--authorized-grant-types="password,authorization_code,refresh_token,implicit"--> + <!--secret="mobile" authorities="ROLE_MOBILE" scope="read,write"/>--> + + <!--</oauth2:client-details-service>--> + + <beans:bean id="clientDetailsService" class="com.monkeyk.sos.domain.oauth.CustomJdbcClientDetailsService"> + <beans:constructor-arg index="0" ref="dataSource"/> + </beans:bean> + + + <!--Config token services--> + <!--<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore"/>--> + <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore"> + <beans:constructor-arg index="0" ref="dataSource"/> + </beans:bean> + + <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> + <beans:property name="tokenStore" ref="tokenStore"/> + <beans:property name="clientDetailsService" ref="clientDetailsService"/> + <beans:property name="supportRefreshToken" value="true"/> + </beans:bean> + + <!--<global-method-security pre-post-annotations="enabled" proxy-target-class="true">--> + <!--<expression-handler ref="oauth2ExpressionHandler"/>--> + <!--</global-method-security>--> + + <!--<oauth2:expression-handler id="oauth2ExpressionHandler"/>--> + <!--<oauth2:web-expression-handler id="oauth2WebExpressionHandler"/>--> + + <beans:bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory" + id="oAuth2RequestFactory"> + <beans:constructor-arg name="clientDetailsService" ref="clientDetailsService"/> + </beans:bean> + + + <beans:bean id="oauthUserApprovalHandler" class="com.monkeyk.sos.web.oauth.OauthUserApprovalHandler"> + <beans:property name="tokenStore" ref="tokenStore"/> + <beans:property name="clientDetailsService" ref="clientDetailsService"/> + <beans:property name="requestFactory" ref="oAuth2RequestFactory"/> + <beans:property name="oauthService" ref="oauthService"/> + </beans:bean> + + + <beans:bean id="jdbcAuthorizationCodeServices" + class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices"> + <beans:constructor-arg index="0" ref="dataSource"/> + </beans:bean> + + + <oauth2:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices" + user-approval-handler-ref="oauthUserApprovalHandler" + user-approval-page="oauth_approval" + error-page="oauth_error"> + <oauth2:authorization-code authorization-code-services-ref="jdbcAuthorizationCodeServices"/> + <oauth2:implicit/> + <oauth2:refresh-token/> + <oauth2:client-credentials/> + <oauth2:password/> + </oauth2:authorization-server> + + + <beans:bean id="oauth2AuthenticationEntryPoint" + class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"/> + + + <beans:bean id="oauth2ClientDetailsUserService" + class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> + <beans:constructor-arg ref="clientDetailsService"/> + </beans:bean> + + <authentication-manager id="oauth2AuthenticationManager"> + <authentication-provider user-service-ref="oauth2ClientDetailsUserService"/> + </authentication-manager> + + <beans:bean id="oauth2AccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> + <beans:constructor-arg> + <beans:list> + <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/> + <beans:bean class="org.springframework.security.access.vote.RoleVoter"/> + <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> + </beans:list> + </beans:constructor-arg> + </beans:bean> + + + <beans:bean id="oauth2AccessDeniedHandler" + class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/> + + + <http disable-url-rewriting="true" use-expressions="false" + authentication-manager-ref="authenticationManager"> + <intercept-url pattern="/oauth/**" access="ROLE_USER,ROLE_UNITY,ROLE_MOBILE"/> + <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> + + <form-login authentication-failure-url="/login.jsp?authentication_error=1" default-target-url="/index.jsp" + login-page="/login.jsp" login-processing-url="/login.do"/> + <logout logout-success-url="/index.jsp" logout-url="/logout.do"/> + <access-denied-handler error-page="/login.jsp?authorization_error=2"/> + <anonymous/> + <csrf disabled="true"/> + </http> + + + <authentication-manager alias="authenticationManager"> + <authentication-provider user-service-ref="userService"> + <password-encoder hash="md5"/> + </authentication-provider> + </authentication-manager> + + + <!-- + Oauth server end............. + --> + + </beans:beans> \ No newline at end of file