First attempt at making API not redirect to /login, failed

2012-11-26 16:05:46 -05:00 · 2012-11-26 16:05:46 -05:00 · 122a2de074
parent d07f67bd76
commit 122a2de074
2 changed files with 16 additions and 6 deletions
--- a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
@ -61,20 +61,27 @@
 	</security:http>

 	<!-- Allow open access to required endpoints -->
-	<security:http auto-config="true" pattern="/jwk**" use-expressions="true">
+	<security:http pattern="/jwk**" use-expressions="true" entry-point-ref="http403EntryPoint">
 		<security:intercept-url pattern="/jwk**" access="permitAll"/>
 	</security:http>
-	<security:http auto-config="true" pattern="/.well-known**" use-expressions="true">
+	<security:http pattern="/.well-known**" use-expressions="true" entry-point-ref="http403EntryPoint">
 		<security:intercept-url pattern="/.well-known**" access="permitAll"/>
 	</security:http>
-	<security:http auto-config="true" pattern="/x509**" use-expressions="true">
+	<security:http pattern="/x509**" use-expressions="true" entry-point-ref="http403EntryPoint">
 		<security:intercept-url pattern="/x509**" access="permitAll"/>	
 	</security:http>
-	<security:http auto-config="true" pattern="/register**" use-expressions="true">
+	
+	<!-- OAuth-protect API and other endpoints -->
+	<security:http pattern="/register**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
 		<security:intercept-url pattern="/register**" access="permitAll"/>	
 	</security:http>

- 	<security:http auto-config="true" pattern="/userinfo**" use-expressions="true">
+ 	<security:http pattern="/userinfo**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
+		<security:expression-handler ref="oauthWebExpressionHandler" />
+	</security:http>
+
+ 	<security:http pattern="/api**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:expression-handler ref="oauthWebExpressionHandler" />
 	</security:http>
@ -83,6 +90,8 @@
 		<property name="realmName" value="openidconnect" />
 	</bean>

+	<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
+
 	<!-- SECOAUTH Authorization Server -->
 	<oauth:authorization-server 
 		client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
--- a/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
@ -30,11 +30,12 @@
 		
 	<mvc:view-controller path="/login" view-name="login" />
 		
-	<security:http auto-config="true" disable-url-rewriting="true" use-expressions="true"> 
+	<security:http disable-url-rewriting="true" use-expressions="true"> 
 		<security:form-login login-page="/login" />
 		<security:intercept-url pattern="/oauth/**" access="hasRole('ROLE_USER')" />
 		<security:intercept-url pattern="/**" access="permitAll" />
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
+		<security:logout/>
 		<security:anonymous />
 		<security:expression-handler ref="oauthWebExpressionHandler" />
 	</security:http>