|
|
@ -35,22 +35,20 @@
|
|
|
|
<oauth:resource-server id="resourceServerFilter"
|
|
|
|
<oauth:resource-server id="resourceServerFilter"
|
|
|
|
token-services-ref="defaultOAuth2ProviderTokenService" />
|
|
|
|
token-services-ref="defaultOAuth2ProviderTokenService" />
|
|
|
|
|
|
|
|
|
|
|
|
<security:http pattern="/oauth/token" create-session="stateless"
|
|
|
|
<security:http pattern="/oauth/token"
|
|
|
|
|
|
|
|
create-session="stateless"
|
|
|
|
authentication-manager-ref="clientAuthenticationManager"
|
|
|
|
authentication-manager-ref="clientAuthenticationManager"
|
|
|
|
entry-point-ref="oauthAuthenticationEntryPoint">
|
|
|
|
entry-point-ref="oauthAuthenticationEntryPoint">
|
|
|
|
<security:intercept-url pattern="/oauth/token"
|
|
|
|
|
|
|
|
access="IS_AUTHENTICATED_FULLY" />
|
|
|
|
<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
|
|
|
|
<security:anonymous enabled="false" />
|
|
|
|
<security:anonymous enabled="false" />
|
|
|
|
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
|
|
|
|
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
|
|
|
|
<!-- include this only if you need to authenticate clients via request
|
|
|
|
<!-- include this only if you need to authenticate clients via request parameters -->
|
|
|
|
parameters -->
|
|
|
|
<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
|
|
|
|
<security:custom-filter ref="clientCredentialsTokenEndpointFilter"
|
|
|
|
|
|
|
|
before="BASIC_AUTH_FILTER" />
|
|
|
|
|
|
|
|
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
|
|
|
|
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
|
|
|
|
</security:http>
|
|
|
|
</security:http>
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="oauthAuthenticationEntryPoint"
|
|
|
|
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
|
|
|
|
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
|
|
|
|
|
|
|
|
<property name="realmName" value="openidconnect" />
|
|
|
|
<property name="realmName" value="openidconnect" />
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
@ -62,40 +60,39 @@
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
|
<!-- SECOAUTH Authorization Server -->
|
|
|
|
<!-- SECOAUTH Authorization Server -->
|
|
|
|
<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
|
|
|
|
<oauth:authorization-server
|
|
|
|
token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="authCodeTokenGranter"
|
|
|
|
client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
|
|
|
|
user-approval-handler-ref="userApprovalHandler" authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
|
|
|
|
token-services-ref="defaultOAuth2ProviderTokenService"
|
|
|
|
|
|
|
|
token-granter-ref="authCodeTokenGranter"
|
|
|
|
|
|
|
|
user-approval-handler-ref="userApprovalHandler"
|
|
|
|
|
|
|
|
authorization-endpoint-url="/openidconnect/auth"
|
|
|
|
|
|
|
|
token-endpoint-url="/openidconnect/token">
|
|
|
|
|
|
|
|
|
|
|
|
<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
|
|
|
|
<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
|
|
|
|
|
|
|
|
|
|
|
|
</oauth:authorization-server>
|
|
|
|
</oauth:authorization-server>
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="oauthAccessDeniedHandler"
|
|
|
|
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
|
|
|
|
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="clientCredentialsTokenEndpointFilter"
|
|
|
|
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
|
|
|
|
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
|
|
|
|
|
|
|
|
<property name="authenticationManager" ref="clientAuthenticationManager" />
|
|
|
|
<property name="authenticationManager" ref="clientAuthenticationManager" />
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
|
<authentication-manager id="clientAuthenticationManager"
|
|
|
|
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
|
|
|
|
xmlns="http://www.springframework.org/schema/security">
|
|
|
|
|
|
|
|
<authentication-provider user-service-ref="clientUserDetailsService" />
|
|
|
|
<authentication-provider user-service-ref="clientUserDetailsService" />
|
|
|
|
</authentication-manager>
|
|
|
|
</authentication-manager>
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="authorizationRequestFactory" class="org.springframework.security.oauth2.provider.DefaultAuthorizationRequestFactory">
|
|
|
|
<bean id="authorizationRequestFactory" class="org.springframework.security.oauth2.provider.DefaultAuthorizationRequestFactory">
|
|
|
|
<constructor-arg>
|
|
|
|
<constructor-arg>
|
|
|
|
<bean
|
|
|
|
<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" />
|
|
|
|
class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" />
|
|
|
|
|
|
|
|
</constructor-arg>
|
|
|
|
</constructor-arg>
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
|
<bean
|
|
|
|
<bean class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler" id="userApprovalHandler">
|
|
|
|
class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler"
|
|
|
|
|
|
|
|
id="userApprovalHandler">
|
|
|
|
|
|
|
|
<property name="tokenServices" ref="defaultOAuth2ProviderTokenService" />
|
|
|
|
<property name="tokenServices" ref="defaultOAuth2ProviderTokenService" />
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="authCodeServices"
|
|
|
|
<bean id="authCodeServices" class="org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices" />
|
|
|
|
class="org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- user services -->
|
|
|
|
<!-- user services -->
|
|
|
|
<import resource="user-context.xml" />
|
|
|
|
<import resource="user-context.xml" />
|
|
|
@ -104,10 +101,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
<!-- JPA -->
|
|
|
|
<!-- JPA -->
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="jpaAdapter"
|
|
|
|
<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
|
|
|
|
class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
|
|
|
|
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.MySQLPlatform" />
|
|
|
|
<property name="databasePlatform"
|
|
|
|
|
|
|
|
value="org.eclipse.persistence.platform.database.MySQLPlatform" />
|
|
|
|
|
|
|
|
<property name="showSql" value="true" />
|
|
|
|
<property name="showSql" value="true" />
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
@ -115,8 +110,7 @@
|
|
|
|
<property name="entityManagerFactory" ref="entityManagerFactory" />
|
|
|
|
<property name="entityManagerFactory" ref="entityManagerFactory" />
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="entityManagerFactory"
|
|
|
|
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
|
|
|
|
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
|
|
|
|
|
|
|
|
<property name="persistenceUnitName" value="openidPersistenceUnit" />
|
|
|
|
<property name="persistenceUnitName" value="openidPersistenceUnit" />
|
|
|
|
<property name="dataSource" ref="dataSource" />
|
|
|
|
<property name="dataSource" ref="dataSource" />
|
|
|
|
<property name="jpaVendorAdapter" ref="jpaAdapter" />
|
|
|
|
<property name="jpaVendorAdapter" ref="jpaAdapter" />
|
|
|
@ -145,10 +139,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
|
|
|
|
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
|
|
|
|
in the /WEB-INF/views directory -->
|
|
|
|
in the /WEB-INF/views directory -->
|
|
|
|
<bean
|
|
|
|
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
|
|
|
|
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
|
|
|
|
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
|
|
|
|
<property name="viewClass"
|
|
|
|
|
|
|
|
value="org.springframework.web.servlet.view.JstlView" />
|
|
|
|
|
|
|
|
<property name="prefix" value="/WEB-INF/views/" />
|
|
|
|
<property name="prefix" value="/WEB-INF/views/" />
|
|
|
|
<property name="suffix" value=".jsp" />
|
|
|
|
<property name="suffix" value=".jsp" />
|
|
|
|
<property name="order" value="2" />
|
|
|
|
<property name="order" value="2" />
|
|
|
@ -159,12 +151,6 @@
|
|
|
|
<property name="order" value="1" />
|
|
|
|
<property name="order" value="1" />
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Map our custom exception classes to named views -->
|
|
|
|
|
|
|
|
<!-- <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> -->
|
|
|
|
|
|
|
|
<!-- <property name="exceptionMappings"> -->
|
|
|
|
|
|
|
|
<!-- </property> -->
|
|
|
|
|
|
|
|
<!-- </bean> -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- JSON views for each type of model object -->
|
|
|
|
<!-- JSON views for each type of model object -->
|
|
|
|
|
|
|
|
|
|
|
|
<bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
|
|
|
|
<bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
|
|
|
@ -178,21 +164,16 @@
|
|
|
|
<bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView" />
|
|
|
|
<bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView" />
|
|
|
|
<bean id="jsonClientView" class="org.mitre.openid.connect.view.JSONClientView" />
|
|
|
|
<bean id="jsonClientView" class="org.mitre.openid.connect.view.JSONClientView" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- Map our custom exception classes to named views -->
|
|
|
|
<bean name="exceptionAsJSONView" class="org.mitre.openid.connect.view.ExceptionAsJSONView" />
|
|
|
|
<bean name="exceptionAsJSONView" class="org.mitre.openid.connect.view.ExceptionAsJSONView" />
|
|
|
|
|
|
|
|
|
|
|
|
<bean
|
|
|
|
<bean
|
|
|
|
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
|
|
|
|
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
|
|
|
|
<property name="exceptionMappings">
|
|
|
|
<property name="exceptionMappings">
|
|
|
|
<props>
|
|
|
|
<props>
|
|
|
|
<prop key="org.mitre.openid.connect.web.InvalidJwtSignatureException">
|
|
|
|
<prop key="org.mitre.openid.connect.web.InvalidJwtSignatureException">exceptionAsJSONView</prop>
|
|
|
|
exceptionAsJSONView
|
|
|
|
<prop key="org.mitre.openid.connect.web.ExpiredTokenException">exceptionAsJSONView</prop>
|
|
|
|
</prop>
|
|
|
|
<prop key="org.mitre.openid.connect.web.InvalidJwtIssuerException">exceptionAsJSONView</prop>
|
|
|
|
<prop key="org.mitre.openid.connect.web.ExpiredTokenException">
|
|
|
|
|
|
|
|
exceptionAsJSONView
|
|
|
|
|
|
|
|
</prop>
|
|
|
|
|
|
|
|
<prop key="org.mitre.openid.connect.web.InvalidJwtIssuerException">
|
|
|
|
|
|
|
|
exceptionAsJSONView
|
|
|
|
|
|
|
|
</prop>
|
|
|
|
|
|
|
|
</props>
|
|
|
|
</props>
|
|
|
|
</property>
|
|
|
|
</property>
|
|
|
|
</bean>
|
|
|
|
</bean>
|
|
|
@ -202,9 +183,7 @@
|
|
|
|
<!-- scheduled tasks -->
|
|
|
|
<!-- scheduled tasks -->
|
|
|
|
<!-- <task:scheduler id="taskScheduler" pool-size="10" /> -->
|
|
|
|
<!-- <task:scheduler id="taskScheduler" pool-size="10" /> -->
|
|
|
|
<!-- <task:executor id="taskExecutor" pool-size="5" /> -->
|
|
|
|
<!-- <task:executor id="taskExecutor" pool-size="5" /> -->
|
|
|
|
<!-- <task:annotation-driven scheduler="taskScheduler" executor="taskExecutor"
|
|
|
|
<!-- <task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" /> -->
|
|
|
|
/> -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- import application-local configuration information (such as bean definitions) -->
|
|
|
|
<!-- import application-local configuration information (such as bean definitions) -->
|
|
|
|
<import resource="local-config.xml" />
|
|
|
|
<import resource="local-config.xml" />
|
|
|
|