(118) - Add java-config(零配置) 的支持

9 years ago · 863de2f709
4 changed files with 151 additions and 30 deletions
--- a/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/AuthorizationServerConfigurer.java
@ -0,0 +1,64 @@
+package com.monkeyk.sos.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
+import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+
+/**
+ * 2016/4/4
+ *
+ * @author Shengzhao Li
+ */
+//AuthorizationServer
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
+
+//    @Autowired
+//    private DefaultTokenServices tokenServices;
+
+    @Autowired
+    private UserApprovalHandler userApprovalHandler;
+
+    @Autowired
+    private AuthorizationCodeServices authorizationCodeServices;
+    @Autowired
+    private ClientDetailsService clientDetailsService;
+    @Autowired
+    private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;
+    @Autowired
+    private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.withClientDetails(clientDetailsService);
+    }
+
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.userApprovalHandler(userApprovalHandler)
+//                .tokenServices(tokenServices)
+                .authorizationCodeServices(authorizationCodeServices);
+    }
+
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+        security.accessDeniedHandler(oauth2AccessDeniedHandler)
+                .authenticationEntryPoint(oAuth2AuthenticationEntryPoint)
+                .allowFormAuthenticationForClients();
+        security.realm("spring-oauth-server_realm");
+    }
+
+
+}
--- a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
+++ b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
@ -23,7 +23,10 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle

    @Override
    protected Class<?>[] getRootConfigClasses() {
-        return new Class[]{ContextConfigurer.class, WebSecurityConfigurer.class};
+        return new Class[]{ContextConfigurer.class,
+                WebSecurityConfigurer.class,
+                AuthorizationServerConfigurer.class,
+                UnityResourceServerConfigurer.class};
    }

    @Override
--- a/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/UnityResourceServerConfigurer.java
@ -0,0 +1,52 @@
+package com.monkeyk.sos.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDecisionManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+
+/**
+ * 2016/4/4
+ *
+ * @author Shengzhao Li
+ */
+//  unity-resource
+@Configuration
+@EnableResourceServer
+public class UnityResourceServerConfigurer extends ResourceServerConfigurerAdapter {
+
+
+    @Autowired
+    private AccessDecisionManager oauth2AccessDecisionManager;
+
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources) {
+        resources.resourceId("unity-resource").stateless(false);
+    }
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+//        final DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
+//        expressionHandler.setExpressionParser();
+
+        http.sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.NEVER)
+                .and()
+                .requestMatchers().antMatchers("/unity/**")
+                .and()
+                .authorizeRequests()
+//                .expressionHandler(expressionHandler)
+                .antMatchers("/unity/**")
+//                .access("hasRole('ROLE_UNITY') and hasRole('SCOPE_READ')")
+                .access("#oauth2.clientHasRole('ROLE_UNITY') and #oauth2.isClient() and #oauth2.hasScope('read')")
+                .accessDecisionManager(oauth2AccessDecisionManager)
+                .and().csrf().disable();
+
+    }
+
+}
+
--- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@ -11,9 +11,6 @@ import org.springframework.security.access.vote.AuthenticatedVoter;
 import org.springframework.security.access.vote.RoleVoter;
 import org.springframework.security.access.vote.UnanimousBased;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -23,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
-import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
 import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
@ -31,14 +27,12 @@ import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHand
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
 import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
 import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
-import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
 import org.springframework.security.oauth2.provider.vote.ScopeVoter;

 import javax.sql.DataSource;
 import java.util.Arrays;
-import java.util.List;

 /**
 * 2016/4/3
@ -114,14 +108,14 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    }


-    @Bean(name = "tokenServices")
-    public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
-        final DefaultTokenServices tokenServices = new DefaultTokenServices();
-        tokenServices.setTokenStore(tokenStore);
-        tokenServices.setClientDetailsService(clientDetailsService);
-        tokenServices.setSupportRefreshToken(true);
-        return tokenServices;
-    }
+//    @Bean(name = "tokenServices")
+//    public DefaultTokenServices tokenServices(TokenStore tokenStore, ClientDetailsService clientDetailsService) {
+//        final DefaultTokenServices tokenServices = new DefaultTokenServices();
+//        tokenServices.setTokenStore(tokenStore);
+//        tokenServices.setClientDetailsService(clientDetailsService);
+//        tokenServices.setSupportRefreshToken(true);
+//        return tokenServices;
+//    }

    @Bean(name = "oAuth2RequestFactory")
    public OAuth2RequestFactory oAuth2RequestFactory(ClientDetailsService clientDetailsService) {
@ -158,13 +152,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    }


-    @Bean(name = "oauth2AuthenticationManager")
-    public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
-        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
-        daoAuthenticationProvider.setUserDetailsService(detailsService);
-        List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
-        return new ProviderManager(providers);
-    }
+//    @Bean(name = "oauth2AuthenticationManager")
+//    public AuthenticationManager oauth2AuthenticationManager(ClientDetailsUserDetailsService detailsService) {
+//        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
+//        daoAuthenticationProvider.setUserDetailsService(detailsService);
+//        List<AuthenticationProvider> providers = Arrays.asList(daoAuthenticationProvider);
+//        return new ProviderManager(providers);
+//    }


    @Bean(name = "oauth2AccessDecisionManager")
@ -182,14 +176,22 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    }


-    @Bean(name = "clientCredentialsTokenEndpointFilter")
-    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
-        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
-        clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
-        return clientCredentialsTokenEndpointFilter;
-    }
-
-
+//    @Bean(name = "clientCredentialsTokenEndpointFilter")
+//    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(AuthenticationManager oauth2AuthenticationManager) {
+//        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
+//        clientCredentialsTokenEndpointFilter.setAuthenticationManager(oauth2AuthenticationManager);
+//        return clientCredentialsTokenEndpointFilter;
+//    }


+//    @Configuration
+//    @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
+//    protected static class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+//
+//
+//        @Override
+//        protected MethodSecurityExpressionHandler createExpressionHandler() {
+//            return new OAuth2MethodSecurityExpressionHandler();
+//        }
+//    }
 }