Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.tai;
- import com.tai.config.BuddyAuthenticationSuccessHandler;
- import com.tai.model.User;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.boot.SpringApplication;
- import org.springframework.boot.autoconfigure.SpringBootApplication;
- import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
- import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
- import org.springframework.boot.context.embedded.FilterRegistrationBean;
- import org.springframework.boot.context.properties.ConfigurationProperties;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.core.annotation.Order;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.oauth2.client.OAuth2ClientContext;
- import org.springframework.security.oauth2.client.OAuth2RestTemplate;
- import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
- import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
- import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
- import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
- import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
- import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
- import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
- import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
- import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
- import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
- import org.springframework.security.web.csrf.CsrfFilter;
- import org.springframework.security.web.csrf.CsrfToken;
- import org.springframework.security.web.csrf.CsrfTokenRepository;
- import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RestController;
- import org.springframework.web.filter.CompositeFilter;
- import org.springframework.web.filter.OncePerRequestFilter;
- import org.springframework.web.util.WebUtils;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.ServletException;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import java.io.IOException;
- import java.security.Principal;
- import java.util.ArrayList;
- import java.util.LinkedHashMap;
- import java.util.List;
- import java.util.Map;
- @SpringBootApplication
- @RestController
- @EnableOAuth2Client
- @EnableAuthorizationServer
- @Order(6)
- public class BuddyFinderApplication extends WebSecurityConfigurerAdapter {
- class ClientResources {
- private OAuth2ProtectedResourceDetails client = new AuthorizationCodeResourceDetails();
- private ResourceServerProperties resource = new ResourceServerProperties();
- public OAuth2ProtectedResourceDetails getClient() {
- return client;
- }
- public ResourceServerProperties getResource() {
- return resource;
- }
- }
- @Autowired
- OAuth2ClientContext oauth2ClientContext;
- @Autowired
- BuddyAuthenticationSuccessHandler authenticationSuccessHandler;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // @formatter:off
- http.antMatcher("/**")
- .authorizeRequests()
- .antMatchers("/", "/login**", "/assets/**", "/templates/**").permitAll()
- .anyRequest().authenticated()
- .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
- .and().logout().logoutSuccessUrl("/").permitAll()
- .and().csrf().csrfTokenRepository(csrfTokenRepository())
- .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
- .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
- // @formatter:on
- }
- @Configuration
- @EnableResourceServer
- protected static class ResourceServerConfiguration
- extends ResourceServerConfigurerAdapter {
- @Override
- public void configure(HttpSecurity http) throws Exception {
- // @formatter:off
- http
- .antMatcher("/me")
- .authorizeRequests().anyRequest().authenticated();
- // @formatter:on
- }
- }
- public static void main(String[] args) {
- SpringApplication.run(BuddyFinderApplication.class, args);
- }
- @Bean
- public FilterRegistrationBean oauth2ClientFilterRegistration(
- OAuth2ClientContextFilter filter) {
- FilterRegistrationBean registration = new FilterRegistrationBean();
- registration.setFilter(filter);
- registration.setOrder(-100);
- return registration;
- }
- @Bean
- @ConfigurationProperties("github")
- ClientResources github() {
- return new ClientResources();
- }
- @Bean
- @ConfigurationProperties("facebook")
- ClientResources facebook() {
- return new ClientResources();
- }
- private Filter ssoFilter() {
- CompositeFilter filter = new CompositeFilter();
- List<Filter> filters = new ArrayList<>();
- Filter facebook = ssoFilter(facebook(), "/login/facebook");
- Filter github = ssoFilter(github(), "/login/github");
- filters.add(facebook);
- filters.add(github);
- filter.setFilters(filters);
- return filter;
- }
- private Filter ssoFilter(ClientResources client, String path) {
- OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter =
- new OAuth2ClientAuthenticationProcessingFilter(path);
- OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(),
- oauth2ClientContext);
- oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
- UserInfoTokenServices tokenServices = new UserInfoTokenServices(
- client.getResource().getUserInfoUri(), client.getClient().getClientId());
- tokenServices.setRestTemplate(oAuth2RestTemplate);
- oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
- oAuth2ClientAuthenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
- return oAuth2ClientAuthenticationFilter;
- }
- private Filter csrfHeaderFilter() {
- return new OncePerRequestFilter() {
- @Override
- protected void doFilterInternal(HttpServletRequest request,
- HttpServletResponse response, FilterChain filterChain)
- throws ServletException, IOException {
- CsrfToken csrf = (CsrfToken) request
- .getAttribute(CsrfToken.class.getName());
- if (csrf != null) {
- Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
- String token = csrf.getToken();
- if (cookie == null
- || token != null && !token.equals(cookie.getValue())) {
- cookie = new Cookie("XSRF-TOKEN", token);
- cookie.setPath("/");
- response.addCookie(cookie);
- }
- }
- filterChain.doFilter(request, response);
- }
- };
- }
- private CsrfTokenRepository csrfTokenRepository() {
- HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
- repository.setHeaderName("X-XSRF-TOKEN");
- return repository;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement