Moved SPEL to app-context, and added enpoint permitAlls

2012-08-21 12:53:17 -04:00 · 2012-08-21 12:53:17 -04:00 · d2f7e8edf9
parent bdfdbbadbc
commit d2f7e8edf9
2 changed files with 26 additions and 4 deletions
--- a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
@ -29,6 +29,16 @@
 	<!-- Import the data context -->
 	<import resource="data-context.xml" />
 	<!-- SPEL processors -->
 	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
 	<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
 		<security:expression-handler ref="oauthExpressionHandler" />
 	</security:global-method-security>
 	<oauth2:expression-handler id="oauthExpressionHandler" />
 	<oauth2:web-expression-handler id="oauthWebExpressionHandler" />
 	<!-- Spring Security configuration -->
 	<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" />
@ -46,6 +56,18 @@
 		<security:access-denied-handler ref="oauthAccessDeniedHandler" />
 	</security:http>
 	<!-- Allow open access to required endpoints -->
 	<security:http auto-config="true">
 		<security:intercept-url pattern="/jwk**" access="permitAll"/>
 		<security:intercept-url pattern="/.well-known**" access="permitAll"/>
 		<security:intercept-url pattern="/x509**" access="permitAll"/>	
 	</security:http>
 	<security:http auto-config="true" pattern="/userinfo**">
 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:expression-handler ref="oauthWebExpressionHandler" />
 	</security:http>
 	<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
 		<property name="realmName" value="openidconnect" />
 	</bean>
--- a/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
@ -15,15 +15,15 @@
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
-	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
+<!--	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
-		<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
+-->		<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
-		<security:expression-handler ref="oauthExpressionHandler" />
+<!--		<security:expression-handler ref="oauthExpressionHandler" />
 	</security:global-method-security>
 	<oauth2:expression-handler id="oauthExpressionHandler" />
 	<oauth2:web-expression-handler id="oauthWebExpressionHandler" />
-
+-->
 	<security:authentication-manager alias="authenticationManager">
 		<security:authentication-provider>
 			<security:user-service id="userDetailsService">