diff --git a/README.md b/README.md
index 58429e8..613bd4a 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
#spring-oauth-server
-java config版本
+java config版本(Spring Boot)
Spring与OAuth2的整合示例
diff --git a/others/how_to_use.txt b/others/how_to_use.txt
index 0be7900..3f850fc 100644
--- a/others/how_to_use.txt
+++ b/others/how_to_use.txt
@@ -2,7 +2,7 @@
使用的主要技术与版本号
*Spring-Boot (2.0.2.RELEASE)
-*spring-security-oauth2 (2.3.0.RELEASE)
+*spring-security-oauth2 (2.3.5.RELEASE)
如何使用?
diff --git a/src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java b/src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java
index 70f5bd6..fa6c8c2 100644
--- a/src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java
+++ b/src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java
@@ -9,6 +9,8 @@ import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecur
/**
* 2018/3/22
*
+ * 此配置用于启用 #oauth2 表达式,如:#oauth2.hasScope('read')
+ *
* @author Shengzhao Li
*/
@Configuration
diff --git a/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
index 4ffd166..307dc3a 100644
--- a/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
+++ b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
@@ -47,7 +47,10 @@ public class OAuth2ServerConfiguration {
public static final String RESOURCE_ID = "sos-resource";
- // unity resource
+ /**
+ * // unity resource
+ * UNITY 资源的访问权限配置
+ */
@Configuration
@EnableResourceServer
protected static class UnityResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@@ -64,6 +67,7 @@ public class OAuth2ServerConfiguration {
// session creation to be allowed (it's disabled by default in 2.0.6)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
+ // 所有以 /unity/ 开头的 URL属于此资源
.requestMatchers().antMatchers("/unity/**")
.and()
.authorizeRequests()
@@ -73,7 +77,11 @@ public class OAuth2ServerConfiguration {
}
- // mobile resource
+
+ /**
+ * // mobile resource
+ * MOBILE 资源的访问权限配置
+ */
@Configuration
@EnableResourceServer
protected static class MobileResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@@ -90,6 +98,7 @@ public class OAuth2ServerConfiguration {
// session creation to be allowed (it's disabled by default in 2.0.6)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
+ // 所有以 /m/ 开头的 URL属于此资源
.requestMatchers().antMatchers("/m/**")
.and()
.authorizeRequests()
@@ -179,6 +188,7 @@ public class OAuth2ServerConfiguration {
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
+ // real 值可自定义
oauthServer.realm("spring-oauth-server")
// 支持 client_credentials 的配置
.allowFormAuthenticationForClients();
diff --git a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
index f1c83af..6a0bb47 100644
--- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@@ -50,11 +50,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
http.csrf().ignoringAntMatchers("/oauth/authorize", "/oauth/token", "/oauth/rest_token");
http.authorizeRequests()
+ // permitAll() 的URL路径属于公开访问,不需要权限
.antMatchers("/public/**").permitAll()
.antMatchers("/static/**").permitAll()
.antMatchers("/oauth/rest_token*").permitAll()
.antMatchers("/login*").permitAll()
+ // /user/ 开头的URL需要 ADMIN 权限
.antMatchers("/user/**").hasAnyRole("ADMIN")
.antMatchers(HttpMethod.GET, "/login*").anonymous()