(118) - Add java-config(零配置) 的支持
Li Shengzhao
parent
c4e99d78dd
commit
863de2f709
|
|
@ -0,0 +1,64 @@
|
|||
package com.monkeyk.sos.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
|
||||
import org.springframework.security.oauth2.provider.ClientDetailsService;
|
||||
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
|
||||
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
|
||||
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
|
||||
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
|
||||
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
|
||||
|
||||
/**
|
||||
* 2016/4/4
|
||||
*
|
||||
* @author Shengzhao Li
|
||||
*/
|
||||
//AuthorizationServer
|
||||
@Configuration
|
||||
@EnableAuthorizationServer
|
||||
public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
|
||||
|
||||
// @Autowired
|
||||
// private DefaultTokenServices tokenServices;
|
||||
|
||||
@Autowired
|
||||
private UserApprovalHandler userApprovalHandler;
|
||||
|
||||
@Autowired
|
||||
private AuthorizationCodeServices authorizationCodeServices;
|
||||
@Autowired
|
||||
private ClientDetailsService clientDetailsService;
|
||||
@Autowired
|
||||
private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
|
||||
@Autowired
|
||||
private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
|
||||
|
||||
@Override
|
||||
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
||||
clients.withClientDetails(clientDetailsService);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
|
||||
endpoints.userApprovalHandler(userApprovalHandler)
|
||||
// .tokenServices(tokenServices)
|
||||
.authorizationCodeServices(authorizationCodeServices);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
|
||||
security.accessDeniedHandler(oauth2AccessDeniedHandler)
|
||||
.authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
|
||||
.allowFormAuthenticationForClients();
|
||||
security.realm("spring-oauth-server_realm");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -23,7 +23,10 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle
|
|||
|
||||
@Override
|
||||
protected Class<?>[] getRootConfigClasses() {
|
||||
return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class};
|
||||
return new Class[]{ContextConfigurer.class,
|
||||
WebSecurityConfigurer.class,
|
||||
AuthorizationServerConfigurer.class,
|
||||
UnityResourceServerConfigurer.class};
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -0,0 +1,52 @@
|
|||
package com.monkeyk.sos.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
|
||||
|
||||
/**
|
||||
* 2016/4/4
|
||||
*
|
||||
* @author Shengzhao Li
|
||||
*/
|
||||
// unity-resource
|
||||
@Configuration
|
||||
@EnableResourceServer
|
||||
public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
|
||||
|
||||
|
||||
@Autowired
|
||||
private AccessDecisionManager oauth2AccessDecisionManager;
|
||||
|
||||
@Override
|
||||
public void configure(ResourceServerSecurityConfigurer resources) {
|
||||
resources.resourceId("unity-resource").stateless(false);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
// final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
|
||||
// expressionHandler.setExpressionParser();
|
||||
|
||||
http.sessionManagement()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
|
||||
.and()
|
||||
.requestMatchers().antMatchers("/unity/**")
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
// .expressionHandler(expressionHandler)
|
||||
.antMatchers("/unity/**")
|
||||
// .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
|
||||
.access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
|
||||
.accessDecisionManager(oauth2AccessDecisionManager)
|
||||
.and().csrf().disable();
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -11,9 +11,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter;
|
|||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.access.vote.UnanimousBased;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -23,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
import org.springframework.security.oauth2.provider.ClientDetailsService;
|
||||
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
|
||||
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
|
||||
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
|
||||
import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService;
|
||||
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
|
||||
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
|
||||
|
|
@ -31,14 +27,12 @@ import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHand
|
|||
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
|
||||
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
|
||||
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
|
||||
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
|
||||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
|
||||
import org.springframework.security.oauth2.provider.vote.ScopeVoter;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 2016/4/3
|
||||
|
|
@ -114,14 +108,14 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
|||
}
|
||||
|
||||
|
||||
@Bean(name = "tokenServices")
|
||||
public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
|
||||
final DefaultTokenServices tokenServices = new DefaultTokenServices();
|
||||
tokenServices.setTokenStore(tokenStore);
|
||||
tokenServices.setClientDetailsService(clientDetailsService);
|
||||
tokenServices.setSupportRefreshToken(true);
|
||||
return tokenServices;
|
||||
}
|
||||
// @Bean(name = "tokenServices")
|
||||
// public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
|
||||
// final DefaultTokenServices tokenServices = new DefaultTokenServices();
|
||||
// tokenServices.setTokenStore(tokenStore);
|
||||
// tokenServices.setClientDetailsService(clientDetailsService);
|
||||
// tokenServices.setSupportRefreshToken(true);
|
||||
// return tokenServices;
|
||||
// }
|
||||
|
||||
@Bean(name = "oAuth2RequestFactory")
|
||||
public OAuth2RequestFactory oAuth2RequestFactory(ClientDetailsService clientDetailsService) {
|
||||
|
|
@ -158,13 +152,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
|||
}
|
||||
|
||||
|
||||
@Bean(name = "oauth2AuthenticationManager")
|
||||
public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
|
||||
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
|
||||
daoAuthenticationProvider.setUserDetailsService(detailsService);
|
||||
List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
|
||||
return new ProviderManager(providers);
|
||||
}
|
||||
// @Bean(name = "oauth2AuthenticationManager")
|
||||
// public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
|
||||
// DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
|
||||
// daoAuthenticationProvider.setUserDetailsService(detailsService);
|
||||
// List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
|
||||
// return new ProviderManager(providers);
|
||||
// }
|
||||
|
||||
|
||||
@Bean(name = "oauth2AccessDecisionManager")
|
||||
|
|
@ -182,14 +176,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
|||
}
|
||||
|
||||
|
||||
@Bean(name = "clientCredentialsTokenEndpointFilter")
|
||||
public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
|
||||
ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
|
||||
clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
|
||||
return clientCredentialsTokenEndpointFilter;
|
||||
}
|
||||
|
||||
|
||||
// @Bean(name = "clientCredentialsTokenEndpointFilter")
|
||||
// public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
|
||||
// ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
|
||||
// clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
|
||||
// return clientCredentialsTokenEndpointFilter;
|
||||
// }
|
||||
|
||||
|
||||
// @Configuration
|
||||
// @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
|
||||
// protected static class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
|
||||
//
|
||||
//
|
||||
// @Override
|
||||
// protected MethodSecurityExpressionHandler createExpressionHandler() {
|
||||
// return new OAuth2MethodSecurityExpressionHandler();
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue