From d7acfccd5c68bc0c8fbd9739a968d5a2af763468 Mon Sep 17 00:00:00 2001
From: Li Shengzhao <shengzhan@uwantsoft.com>
Date: Sun, 3 Apr 2016 23:51:13 +0800
Subject: [PATCH] =?UTF-8?q?(118)=20-=20Add=20java-config(=E9=9B=B6?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE)=20=E7=9A=84=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../sos/config/ServletInitializer.java        |  6 +-
 ...cConfigurer.java => WebMvcConfigurer.java} |  4 +-
 .../sos/config/WebSecurityConfigurer.java     | 60 +++++++++++++++++++
 3 files changed, 66 insertions(+), 4 deletions(-)
 rename src/main/java/com/monkeyk/sos/config/{MkkWebMvcConfigurer.java => WebMvcConfigurer.java} (86%)
 create mode 100644 src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java

diff --git a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
index a5413c4..52227e0 100644
--- a/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
+++ b/src/main/java/com/monkeyk/sos/config/ServletInitializer.java
@@ -23,12 +23,12 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle
 
     @Override
     protected Class<?>[] getRootConfigClasses() {
-        throw new UnsupportedOperationException("Not yet implemented");
+        return new Class[]{WebSecurityConfigurer.class};
     }
 
     @Override
     protected Class<?>[] getServletConfigClasses() {
-        return new Class[]{MkkWebMvcConfigurer.class};
+        return new Class[]{WebMvcConfigurer.class};
     }
 
     @Override
@@ -43,7 +43,7 @@ public class ServletInitializer extends AbstractAnnotationConfigDispatcherServle
 
 //        servletContext.setAttribute("webAppRootKey", "spring-oauth-server");
         servletContext.setInitParameter("webAppRootKey", "spring-oauth-server");
-        servletContext.setInitParameter("contextConfigLocation", "classpath:spring/*.xml");
+//        servletContext.setInitParameter("contextConfigLocation", "classpath:spring/*.xml");
         servletContext.setInitParameter("log4jConfigLocation", "/WEB-INF/log4j.xml");
 
         //Add Filters
diff --git a/src/main/java/com/monkeyk/sos/config/MkkWebMvcConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebMvcConfigurer.java
similarity index 86%
rename from src/main/java/com/monkeyk/sos/config/MkkWebMvcConfigurer.java
rename to src/main/java/com/monkeyk/sos/config/WebMvcConfigurer.java
index 257531a..122c5f6 100644
--- a/src/main/java/com/monkeyk/sos/config/MkkWebMvcConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebMvcConfigurer.java
@@ -1,5 +1,6 @@
 package com.monkeyk.sos.config;
 
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.*;
 import org.springframework.web.servlet.view.InternalResourceViewResolver;
@@ -14,7 +15,8 @@ import org.springframework.web.servlet.view.JstlView;
  */
 @Configuration
 @EnableWebMvc
-public class MkkWebMvcConfigurer extends WebMvcConfigurerAdapter {
+@ComponentScan(basePackages = {"com.monkeyk.sos.web"})
+public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
 
     @Override
     public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
diff --git a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
new file mode 100644
index 0000000..122f350
--- /dev/null
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@@ -0,0 +1,60 @@
+package com.monkeyk.sos.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
+
+/**
+ * 2016/4/3
+ * <p/>
+ * Replace security.xml
+ *
+ * @author Shengzhao Li
+ */
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.expressionHandler(new OAuth2WebSecurityExpressionHandler());
+        web.ignoring().antMatchers("/resources/**");
+    }
+
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http.authorizeRequests()
+                .antMatchers("/oauth/**").hasAnyRole("ROLE_USER,ROLE_UNITY,ROLE_MOBILE")
+                .antMatchers("/**").anonymous()
+                .and()
+                .exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=2")
+                .and()
+                .csrf().disable()
+                .formLogin().loginPage("/login.jsp")
+                .failureUrl("/login.jsp?authentication_error=1")
+                .defaultSuccessUrl("/index.jsp")
+                .loginProcessingUrl("/login.do")
+                .and()
+                .logout().logoutUrl("/logout.do")
+                .logoutSuccessUrl("/index.jsp")
+                .and()
+                .anonymous();
+
+
+    }
+
+}