Testing SECOAUTH authorization server

13 years ago · fc00872800
2 changed files with 23 additions and 20 deletions
--- a/server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/server/src/main/webapp/WEB-INF/spring/application-context.xml
@ -27,25 +27,7 @@
 		<property name="showSql" value="true" />
 	</bean>
 	
-	<!-- Authorization Code Service, used by TokenGranter -->
-	<bean id="jdbcAuthCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices">
-		<constructor-arg>
-			<bean class="org.apache.commons.dbcp.BasicDataSource"/>
-		</constructor-arg>
-	</bean>
-	
-	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
-		<constructor-arg>
-			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
-		</constructor-arg>
-	</bean>
 	
-	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
-	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
-		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
-		authorization-endpoint-url="/openidconnect/auth*">
-		<!-- <oauth:authorization-code disabled="true"/> -->
-	</oauth:authorization-server>
 	
 	<!-- Map our custom exception classes to named views -->
 	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
--- a/server/src/main/webapp/WEB-INF/spring/security-context.xml
+++ b/server/src/main/webapp/WEB-INF/spring/security-context.xml
@ -10,11 +10,32 @@

 	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"/>

-	<security:http use-expressions="true">
+	<security:http use-expressions="true" auto-config="true">
 <!-- 		<security:intercept-url pattern="/oauth/user/**" access="hasRole('ROLE_USER')"/> -->
-		<security:openid-login login-page="/j_spring_openid_security_check?openid_identifier=OPENID_IDENTIFIER" />
+		<security:intercept-url pattern="/*" access="permitAll"/>
+		
 	</security:http>
 	
+	<!-- Authorization Code Service, used by TokenGranter -->
+	<bean id="jdbcAuthCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices">
+		<constructor-arg>
+			<bean class="org.apache.commons.dbcp.BasicDataSource"/>
+		</constructor-arg>
+	</bean>
+	
+	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
+		<constructor-arg>
+			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
+		</constructor-arg>
+	</bean>
+	
+	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
+	<oauth2:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
+		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
+		authorization-endpoint-url="/openidconnect/auth*">
+		<oauth2:authorization-code />
+	</oauth2:authorization-server>
+	
 	<security:authentication-manager>
 		<security:authentication-provider>
 			<security:user-service id="userDetailsService">