github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added client credential protection to revocation endpoint

pull/263/head
Justin Richer 2012-12-07 17:17:19 -05:00
parent e38b2b0ba5
commit 2a206654b6
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
View File

@ -92,6 +92,10 @@
<security:custom-filter ref="clientCredentialsIntrospectionEndpointFilter" before="BASIC_AUTH_FILTER" />
</security:http>
<security:http pattern="/revoke**" entry-point-ref="oauthAuthenticationEntryPoint">
<security:custom-filter ref="clientCredentialsRevocationEndpointFilter" before="BASIC_AUTH_FILTER" />
</security:http>
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="openidconnect" />
</bean>
@ -125,6 +129,11 @@
<property name="filterProcessesUrl" value="/introspect"/>
</bean>
<bean id="clientCredentialsRevocationEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
<property name="filterProcessesUrl" value="/revoke"/>
</bean>
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientUserDetailsService" />
</authentication-manager>