Add more config comment

2020-03-16 19:13:02 +08:00 · 2020-03-16 19:13:02 +08:00 · e35ecbd3a3
parent 87de39b02b
commit e35ecbd3a3
5 changed files with 18 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 #spring-oauth-server
 <br/>
-java config版本
+java config版本(Spring Boot)

 <strong>Spring与OAuth2的整合示例</strong>

--- a/others/how_to_use.txt
+++ b/others/how_to_use.txt
@ -2,7 +2,7 @@

 使用的主要技术与版本号
 *Spring-Boot (2.0.2.RELEASE)
-*spring-security-oauth2 (2.3.0.RELEASE)
+*spring-security-oauth2 (2.3.5.RELEASE)


 如何使用?
--- a/src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java
+++ b/src/main/java/com/monkeyk/sos/config/OAuth2MethodSecurityConfiguration.java
@ -9,6 +9,8 @@ import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecur
 /**
 * 2018/3/22
 *
+ * 此配置用于启用 #oauth2 表达式，如：#oauth2.hasScope('read')
+ *
 * @author Shengzhao Li
 */
@Configuration
--- a/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
+++ b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
@ -47,7 +47,10 @@ public class OAuth2ServerConfiguration {
    public static final String RESOURCE_ID = "sos-resource";


-    // unity resource
+    /**
+     * // unity resource
+     * UNITY 资源的访问权限配置
+     */
    @Configuration
    @EnableResourceServer
    protected static class UnityResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@ -64,6 +67,7 @@ public class OAuth2ServerConfiguration {
                    // session creation to be allowed (it's disabled by default in 2.0.6)
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                    .and()
+                    // 所有以 /unity/  开头的 URL属于此资源
                    .requestMatchers().antMatchers("/unity/**")
                    .and()
                    .authorizeRequests()
@ -73,7 +77,11 @@ public class OAuth2ServerConfiguration {

    }

-    // mobile resource
+
+    /**
+     * // mobile resource
+     * MOBILE 资源的访问权限配置
+     */
    @Configuration
    @EnableResourceServer
    protected static class MobileResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@ -90,6 +98,7 @@ public class OAuth2ServerConfiguration {
                    // session creation to be allowed (it's disabled by default in 2.0.6)
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                    .and()
+                    // 所有以 /m/  开头的 URL属于此资源
                    .requestMatchers().antMatchers("/m/**")
                    .and()
                    .authorizeRequests()
@ -179,6 +188,7 @@ public class OAuth2ServerConfiguration {

        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
+            // real 值可自定义
            oauthServer.realm("spring-oauth-server")
                    // 支持 client_credentials 的配置
                    .allowFormAuthenticationForClients();
--- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@ -50,11 +50,13 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
        http.csrf().ignoringAntMatchers("/oauth/authorize", "/oauth/token", "/oauth/rest_token");

        http.authorizeRequests()
+                // permitAll() 的URL路径属于公开访问，不需要权限
                .antMatchers("/public/**").permitAll()
                .antMatchers("/static/**").permitAll()
                .antMatchers("/oauth/rest_token*").permitAll()
                .antMatchers("/login*").permitAll()

+                // /user/ 开头的URL需要 ADMIN 权限
                .antMatchers("/user/**").hasAnyRole("ADMIN")

                .antMatchers(HttpMethod.GET, "/login*").anonymous()