attempting to allow make use of SPEL

pull/105/merge
Justin Richer 13 years ago
parent f0c949fd09
commit dbd563f3f2

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<beansProjectDescription> <beansProjectDescription>
<version>1</version> <version>1</version>
<pluginVersion><![CDATA[2.8.1.201111220115-RELEASE]]></pluginVersion> <pluginVersion><![CDATA[2.9.2.201205070117-RELEASE]]></pluginVersion>
<configSuffixes> <configSuffixes>
<configSuffix><![CDATA[xml]]></configSuffix> <configSuffix><![CDATA[xml]]></configSuffix>
</configSuffixes> </configSuffixes>
@ -12,6 +12,7 @@
<config>src/main/webapp/WEB-INF/local-config.xml</config> <config>src/main/webapp/WEB-INF/local-config.xml</config>
<config>src/main/webapp/WEB-INF/data-context.xml</config> <config>src/main/webapp/WEB-INF/data-context.xml</config>
<config>src/main/webapp/WEB-INF/crypto-config.xml</config> <config>src/main/webapp/WEB-INF/crypto-config.xml</config>
<config>src/main/webapp/WEB-INF/application-context.xml</config>
</configs> </configs>
<configSets> <configSets>
</configSets> </configSets>

@ -63,7 +63,7 @@ public class UserInfoEndpoint {
* @throws UsernameNotFoundException if the user does not exist or cannot be found * @throws UsernameNotFoundException if the user does not exist or cannot be found
* @throws UnknownUserInfoSchemaException if an unknown schema is used * @throws UnknownUserInfoSchemaException if an unknown schema is used
*/ */
@PreAuthorize("hasRole('ROLE_USER')") // TODO: need to add the check for the "openid" scope, which is REQUIRED @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('openid')") // TODO: need to add the check for the "openid" scope, which is REQUIRED
@RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST}) @RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST})
public String getInfo(Principal p, @RequestParam("schema") String schema, Model model) { public String getInfo(Principal p, @RequestParam("schema") String schema, Model model) {

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
</beans>

@ -20,7 +20,7 @@
<security:authentication property="authorities" var="roles"/> <security:authentication property="authorities" var="roles"/>
<security:authorize ifAnyGranted="ROLE_USER"> <security:authorize access="hasRole('ROLE_USER')">
Logged in as <a href="#"><%= request.getUserPrincipal().getName() %></a> Logged in as <a href="#"><%= request.getUserPrincipal().getName() %></a>
</security:authorize> </security:authorize>
</p> </p>

@ -13,7 +13,14 @@
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd"> http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/> <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
<security:expression-handler ref="oauthExpressionHandler" />
</security:global-method-security>
<oauth2:expression-handler id="oauthExpressionHandler" />
<oauth2:web-expression-handler id="oauthWebExpressionHandler" />
<security:authentication-manager alias="authenticationManager"> <security:authentication-manager alias="authenticationManager">
<security:authentication-provider> <security:authentication-provider>
@ -29,11 +36,12 @@
</security:authentication-provider> </security:authentication-provider>
</security:authentication-manager> </security:authentication-manager>
<security:http auto-config="true" disable-url-rewriting="true"> <!-- authentication-manager-ref="springSecurityAuthenticationManager" --> <security:http auto-config="true" disable-url-rewriting="true" use-expressions="true"> <!-- authentication-manager-ref="springSecurityAuthenticationManager" -->
<security:intercept-url pattern="/oauth/**" access="ROLE_USER" /> <security:intercept-url pattern="/oauth/**" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/**" access="permitAll" />
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:anonymous /> <security:anonymous />
<security:expression-handler ref="oauthWebExpressionHandler" />
</security:http> </security:http>
</beans> </beans>

@ -3,6 +3,19 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/application-context.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- filter through Spring Security --> <!-- filter through Spring Security -->
<filter> <filter>

Loading…
Cancel
Save