Untitled

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

  private final AuthenticationManager authenticationManager;

  @Autowired
  public AuthorizationServerConfig(AuthenticationManager authenticationManager) {
    this.authenticationManager = authenticationManager;
  }

  @Bean
  public JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setSigningKey("as466gf");
    return converter;
  }

  @Bean
  public TokenStore tokenStore() {
    return new JwtTokenStore(accessTokenConverter());
  }


  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients
      .inMemory()
      .withClient("my-client-id")
      .authorizedGrantTypes("authorization_code", "implicit", "refresh_token", "password")
      .authorities("ADMIN")
      .scopes("all")
      .resourceIds("product_api")
      .secret("$2a$10$jfAHmk4szDU/t1qLGlFTLukuBZL0ZHZGUJQICePjjyq6IrLOS934.")
      .redirectUris("https://example.com")
      .accessTokenValiditySeconds(7200)
      .refreshTokenValiditySeconds(7200);
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer
      .tokenKeyAccess("permitAll()")
      .checkTokenAccess("permitAll()");
  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) {

    endpoints
      .authenticationManager(authenticationManager)
      .accessTokenConverter(accessTokenConverter());
  }

}

@Configuration
@EnableResourceServer
@Order(2)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {


  @Override
  public void configure(ResourceServerSecurityConfigurer resources) {
    resources.resourceId("product_api");
  }

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http
      .requestMatchers()
      .antMatchers("/**")
      .and().authorizeRequests()
      .antMatchers("/**").permitAll()
      .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
  }


}

@Configuration
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Resource(name = "userDetailService")
  private UserDetailService userDetailsService;

  @Bean
  public BCryptPasswordEncoder encoder() {
    return new BCryptPasswordEncoder();
  }

  @Override
  @Bean
  public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
  }

  @Autowired
  public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()
      .antMatchers("/api/v1/**")
      .hasAnyRole("ADMIN", "USER").and()
      .httpBasic().and().formLogin().and().authorizeRequests().anyRequest().authenticated();
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .userDetailsService(userDetailsService)
      .passwordEncoder(encoder());
  }
}

curl --request POST
  --url http://localhost:8080/oauth/token
  --header 'authorization: Basic bXktY2xpZW50Om15LXNlY3JldA=='
  --header 'content-type: application/x-www-form-urlencoded'
  --data 'grant_type=password&username=admin&password=test'