(118) - Add java-config(零配置) 的支持

9 years ago · 863de2f709
4 changed files with 151 additions and 30 deletions
--- a/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java
@ -0,0 +1,64 @@
 package com.monkeyk.sos.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
 import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 /**
 * 2016/4/4
 *
 * @author Shengzhao Li
 */
 //AuthorizationServer
@Configuration
@EnableAuthorizationServer
 public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
 //    @Autowired
 //    private DefaultTokenServices tokenServices;
    @Autowired
    private UserApprovalHandler userApprovalHandler;
    @Autowired
    private AuthorizationCodeServices authorizationCodeServices;
    @Autowired
    private ClientDetailsService clientDetailsService;
    @Autowired
    private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
    @Autowired
    private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService);
    }
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.userApprovalHandler(userApprovalHandler)
 //                .tokenServices(tokenServices)
                .authorizationCodeServices(authorizationCodeServices);
    }
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.accessDeniedHandler(oauth2AccessDeniedHandler)
                .authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
                .allowFormAuthenticationForClients();
        security.realm("spring-oauth-server_realm");
    }
 }
--- a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
+++ b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
@ -23,7 +23,10 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle
    @Override
    protected Class<?>[] getRootConfigClasses() {
-        return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class};
+        return new Class[]{ContextConfigurer.class,
                WebSecurityConfigurer.class,
                AuthorizationServerConfigurer.class,
                UnityResourceServerConfigurer.class};
    }
    @Override
--- a/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java
@ -0,0 +1,52 @@
 package com.monkeyk.sos.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
 /**
 * 2016/4/4
 *
 * @author Shengzhao Li
 */
 //  unity-resource
@Configuration
@EnableResourceServer
 public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
    @Autowired
    private AccessDecisionManager oauth2AccessDecisionManager;
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId("unity-resource").stateless(false);
    }
    @Override
    public void configure(HttpSecurity http) throws Exception {
 //        final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
 //        expressionHandler.setExpressionParser();
        http.sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.NEVER)
                .and()
                .requestMatchers().antMatchers("/unity/**")
                .and()
                .authorizeRequests()
 //                .expressionHandler(expressionHandler)
                .antMatchers("/unity/**")
 //                .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
                .access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
                .accessDecisionManager(oauth2AccessDecisionManager)
                .and().csrf().disable();
    }
 }
--- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@ -11,9 +11,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter;
 import org.springframework.security.access.vote.RoleVoter;
 import org.springframework.security.access.vote.UnanimousBased;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -23,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
 import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
 import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
@ -31,14 +27,12 @@ import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHand
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
 import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
 import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 import org.springframework.security.oauth2.provider.vote.ScopeVoter;
 import javax.sql.DataSource;
 import java.util.Arrays;
 import java.util.List;
 /**
 * 2016/4/3
@ -114,14 +108,14 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    }
-    @Bean(name = "tokenServices")
+//    @Bean(name = "tokenServices")
-    public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
+//    public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
-        final DefaultTokenServices tokenServices = new DefaultTokenServices();
+//        final DefaultTokenServices tokenServices = new DefaultTokenServices();
-        tokenServices.setTokenStore(tokenStore);
+//        tokenServices.setTokenStore(tokenStore);
-        tokenServices.setClientDetailsService(clientDetailsService);
+//        tokenServices.setClientDetailsService(clientDetailsService);
-        tokenServices.setSupportRefreshToken(true);
+//        tokenServices.setSupportRefreshToken(true);
-        return tokenServices;
+//        return tokenServices;
-    }
+//    }
    @Bean(name = "oAuth2RequestFactory")
    public OAuth2RequestFactory oAuth2RequestFactory(ClientDetailsService clientDetailsService) {
@ -158,13 +152,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    }
-    @Bean(name = "oauth2AuthenticationManager")
+//    @Bean(name = "oauth2AuthenticationManager")
-    public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
+//    public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
-        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
+//        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
-        daoAuthenticationProvider.setUserDetailsService(detailsService);
+//        daoAuthenticationProvider.setUserDetailsService(detailsService);
-        List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
+//        List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
-        return new ProviderManager(providers);
+//        return new ProviderManager(providers);
-    }
+//    }
    @Bean(name = "oauth2AccessDecisionManager")
@ -182,14 +176,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    }
-    @Bean(name = "clientCredentialsTokenEndpointFilter")
+//    @Bean(name = "clientCredentialsTokenEndpointFilter")
-    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
+//    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
-        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
+//        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
-        clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
+//        clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
-        return clientCredentialsTokenEndpointFilter;
+//        return clientCredentialsTokenEndpointFilter;
-    }
+//    }
 //    @Configuration
 //    @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
 //    protected static class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 //
 //
 //        @Override
 //        protected MethodSecurityExpressionHandler createExpressionHandler() {
 //            return new OAuth2MethodSecurityExpressionHandler();
 //        }
 //    }
 }