(118) - Add java-config(零配置) 的支持

src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java

@@ -0,0 +1,64 @@
+package com.monkeyk.sos.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
+import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+
+/**
+ * 2016/4/4
+ *
+ * @author Shengzhao Li
+ */
+//AuthorizationServer
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
+
+//    @Autowired
+//    private DefaultTokenServices tokenServices;
+
+    @Autowired
+    private UserApprovalHandler userApprovalHandler;
+
+    @Autowired
+    private AuthorizationCodeServices authorizationCodeServices;
+    @Autowired
+    private ClientDetailsService clientDetailsService;
+    @Autowired
+    private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
+    @Autowired
+    private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.withClientDetails(clientDetailsService);
+    }
+
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.userApprovalHandler(userApprovalHandler)
+//                .tokenServices(tokenServices)
+                .authorizationCodeServices(authorizationCodeServices);
+    }
+
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+        security.accessDeniedHandler(oauth2AccessDeniedHandler)
+                .authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
+                .allowFormAuthenticationForClients();
+        security.realm("spring-oauth-server_realm");
+    }
+
+
+}

src/main/java/com/monkeyk/sos/config/ServletInitializer.java

@@ -23,7 +23,10 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle
 
     @Override
     protected Class<?>[] getRootConfigClasses() {
-        return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class};
+        return new Class[]{ContextConfigurer.class,
+                WebSecurityConfigurer.class,
+                AuthorizationServerConfigurer.class,
+                UnityResourceServerConfigurer.class};
     }
 
     @Override

src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java

@@ -0,0 +1,52 @@
+package com.monkeyk.sos.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDecisionManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+
+/**
+ * 2016/4/4
+ *
+ * @author Shengzhao Li
+ */
+//  unity-resource
+@Configuration
+@EnableResourceServer
+public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
+
+
+    @Autowired
+    private AccessDecisionManager oauth2AccessDecisionManager;
+
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources) {
+        resources.resourceId("unity-resource").stateless(false);
+    }
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+//        final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
+//        expressionHandler.setExpressionParser();
+
+        http.sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.NEVER)
+                .and()
+                .requestMatchers().antMatchers("/unity/**")
+                .and()
+                .authorizeRequests()
+//                .expressionHandler(expressionHandler)
+                .antMatchers("/unity/**")
+//                .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
+                .access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
+                .accessDecisionManager(oauth2AccessDecisionManager)
+                .and().csrf().disable();
+
+    }
+
+}
+

src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java

@@ -11,9 +11,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter;
 import org.springframework.security.access.vote.RoleVoter;
 import org.springframework.security.access.vote.UnanimousBased;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -23,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
-import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
 import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
@@ -31,14 +27,12 @@ import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHand
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
 import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
 import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 import org.springframework.security.oauth2.provider.vote.ScopeVoter;
 
 import javax.sql.DataSource;
 import java.util.Arrays;
-import java.util.List;
 
 /**
  * 2016/4/3
@@ -114,14 +108,14 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
     }
 
 
-    @Bean(name = "tokenServices")
+//    @Bean(name = "tokenServices")
-    public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
+//    public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
-        final DefaultTokenServices tokenServices = new DefaultTokenServices();
+//        final DefaultTokenServices tokenServices = new DefaultTokenServices();
-        tokenServices.setTokenStore(tokenStore);
+//        tokenServices.setTokenStore(tokenStore);
-        tokenServices.setClientDetailsService(clientDetailsService);
+//        tokenServices.setClientDetailsService(clientDetailsService);
-        tokenServices.setSupportRefreshToken(true);
+//        tokenServices.setSupportRefreshToken(true);
-        return tokenServices;
+//        return tokenServices;
-    }
+//    }
 
     @Bean(name = "oAuth2RequestFactory")
     public OAuth2RequestFactory oAuth2RequestFactory(ClientDetailsService clientDetailsService) {
@@ -158,13 +152,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
     }
 
 
-    @Bean(name = "oauth2AuthenticationManager")
+//    @Bean(name = "oauth2AuthenticationManager")
-    public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
+//    public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
-        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
+//        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
-        daoAuthenticationProvider.setUserDetailsService(detailsService);
+//        daoAuthenticationProvider.setUserDetailsService(detailsService);
-        List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
+//        List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
-        return new ProviderManager(providers);
+//        return new ProviderManager(providers);
-    }
+//    }
 
 
     @Bean(name = "oauth2AccessDecisionManager")
@@ -182,14 +176,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
     }
 
 
-    @Bean(name = "clientCredentialsTokenEndpointFilter")
+//    @Bean(name = "clientCredentialsTokenEndpointFilter")
-    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
+//    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
-        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
+//        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
-        clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
+//        clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
-        return clientCredentialsTokenEndpointFilter;
+//        return clientCredentialsTokenEndpointFilter;
-    }
+//    }
-
-
 
 
+//    @Configuration
+//    @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
+//    protected static class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+//
+//
+//        @Override
+//        protected MethodSecurityExpressionHandler createExpressionHandler() {
+//            return new OAuth2MethodSecurityExpressionHandler();
+//        }
+//    }
 }