github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Moved SPEL to app-context, and added enpoint permitAlls

pull/210/head
Stephen Moore 2012-08-21 12:53:17 -04:00
parent bdfdbbadbc
commit d2f7e8edf9
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
View File

@ -29,6 +29,16 @@
<!-- Import the data context -->
<import resource="data-context.xml" />
<!-- SPEL processors -->
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
<security:expression-handler ref="oauthExpressionHandler" />
</security:global-method-security>
<oauth2:expression-handler id="oauthExpressionHandler" />
<oauth2:web-expression-handler id="oauthWebExpressionHandler" />
<!-- Spring Security configuration -->
<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" />
@ -46,6 +56,18 @@
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
</security:http>
<!-- Allow open access to required endpoints -->
<security:http auto-config="true">
<security:intercept-url pattern="/jwk**" access="permitAll"/>
<security:intercept-url pattern="/.well-known**" access="permitAll"/>
<security:intercept-url pattern="/x509**" access="permitAll"/>
</security:http>
<security:http auto-config="true" pattern="/userinfo**">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:expression-handler ref="oauthWebExpressionHandler" />
</security:http>
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="openidconnect" />
</bean>

8
openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
View File

@ -15,15 +15,15 @@
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
<security:expression-handler ref="oauthExpressionHandler" />
<!-- <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
--> <!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
<!-- <security:expression-handler ref="oauthExpressionHandler" />
</security:global-method-security>
<oauth2:expression-handler id="oauthExpressionHandler" />
<oauth2:web-expression-handler id="oauthWebExpressionHandler" />
-->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service id="userDetailsService">