Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://localhost:8080/springsecurity-oauth2-POC/oauth/token?grant_type=password&client_id=my-trusted-client-with-secret&client_secret=somesecret&username=marissa&password=koala
- http://localhost:8080/springsecurity-oauth2-POC/resources/MyResource/getMyInfo
- <?xml version="1.0" encoding="UTF-8" ?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
- xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc"
- xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
- http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd ">
- <http pattern="/oauth/token" create-session="stateless"
- authentication-manager-ref="clientAuthenticationManager"
- xmlns="http://www.springframework.org/schema/security" >
- <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
- <anonymous enabled="false" />
- <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
- <!-- include this only if you need to authenticate clients via request parameters -->
- <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
- <access-denied-handler ref="oauthAccessDeniedHandler" />
- </http>
- <!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
- separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
- <http pattern="/resources/*" create-session="never"
- entry-point-ref="oauthAuthenticationEntryPoint"
- access-decision-manager-ref="accessDecisionManager"
- xmlns="http://www.springframework.org/schema/security">
- <anonymous enabled="false" />
- <intercept-url pattern="/resources/*" access="ROLE_USER" />
- <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
- <access-denied-handler ref="oauthAccessDeniedHandler" />
- </http>
- <http pattern="/logout" create-session="never"
- entry-point-ref="oauthAuthenticationEntryPoint"
- xmlns="http://www.springframework.org/schema/security">
- <anonymous enabled="false" />
- <intercept-url pattern="/logout" method="GET" />
- <sec:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
- <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
- <access-denied-handler ref="oauthAccessDeniedHandler" />
- </http>
- <bean id="logoutSuccessHandler" class="demo.oauth2.authentication.security.LogoutImpl" >
- <property name="tokenstore" ref="tokenStore"></property>
- </bean>
- <bean id="oauthAuthenticationEntryPoint"
- class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
- </bean>
- <bean id="clientAuthenticationEntryPoint"
- class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
- <!-- <property name="realmName" value="springsec/client" /> -->
- <property name="realmName" value="test/client" />
- <property name="typeName" value="Basic" />
- </bean>
- <bean id="oauthAccessDeniedHandler"
- class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
- </bean>
- <bean id="clientCredentialsTokenEndpointFilter"
- class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
- <property name="authenticationManager" ref="clientAuthenticationManager" />
- </bean>
- <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
- <constructor-arg>
- <list>
- <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
- <bean class="org.springframework.security.access.vote.RoleVoter" />
- <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
- </list>
- </constructor-arg>
- </bean>
- <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
- <authentication-provider user-service-ref="clientDetailsUserService" />
- </authentication-manager>
- <authentication-manager alias="authenticationManager"
- xmlns="http://www.springframework.org/schema/security">
- <!-- <authentication-provider user-service-ref="clientDetailsUserService" /> -->
- <authentication-provider>
- <user-service id="userDetailsService">
- <user name="marissa" password="koala" authorities="ROLE_USER" />
- <user name="paul" password="emu" authorities="ROLE_USER" />
- </user-service>
- </authentication-provider>
- </authentication-manager>
- <bean id="clientDetailsUserService"
- class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
- <constructor-arg ref="clientDetails" />
- </bean>
- <!-- Used for the persistenceof tokens (currently an in memory implementation) -->
- <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
- <!-- Used to create token and and every thing about them except for their persistence that is reposibility of TokenStore (Given here is a default implementation) -->
- <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
- <property name="tokenStore" ref="tokenStore" />
- <property name="supportRefreshToken" value="true" />
- <property name="accessTokenValiditySeconds" value="300000"></property>
- <property name="clientDetailsService" ref="clientDetails" />
- </bean>
- <bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
- <property name="tokenServices" ref="tokenServices" />
- </bean>
- <!-- authorization-server aka AuthorizationServerTokenServices is an interface that defines everything necessary for token management -->
- <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
- user-approval-handler-ref="userApprovalHandler">
- <oauth:authorization-code />
- <oauth:implicit />
- <oauth:refresh-token />
- <oauth:client-credentials />
- <oauth:password />
- </oauth:authorization-server>
- <oauth:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenServices" />
- <!-- ClientsDeailsService: Entry Point to clients database (given is in memory implementation) -->
- <oauth:client-details-service id="clientDetails">
- <oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,implicit"
- authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" />
- <oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,implicit"
- secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
- <oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
- scope="read" secret="secret" />
- <oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit"
- authorities="ROLE_CLIENT" />
- <oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit"
- authorities="ROLE_CLIENT" />
- <oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials"
- authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" />
- <oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code"
- authorities="ROLE_CLIENT" redirect-uri="http://anywhere" scope="read" />
- <oauth:client client-id="tonr" resource-ids="test" authorized-grant-types="authorization_code,implicit"
- authorities="ROLE_CLIENT" scope="read,write" secret="secret" />
- <!--Self defined client-->
- <oauth:client client-id="the_client" authorized-grant-types="authorization_code,client_credentials"
- authorities="ROLE_USER" scope="read,write,trust" secret="secret" />
- </oauth:client-details-service>
- <sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
- <!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
- <sec:expression-handler ref="oauthExpressionHandler" />
- </sec:global-method-security>
- <oauth:expression-handler id="oauthExpressionHandler" />
- <oauth:web-expression-handler id="oauthWebExpressionHandler" />
- <mvc:annotation-driven /> <!-- Declares explicit support for annotation-driven MVC controllers @RequestMapping, @Controller -->
- <mvc:default-servlet-handler />
- </beans>
- <?xml version="1.0" encoding="UTF-8"?>
- <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
- <display-name>Spring Secure REST</display-name>
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring-servlet.xml</param-value>
- </context-param>
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
- </listener>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- <init-param>
- <param-name>contextAttribute</param-name>
- <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <servlet>
- <servlet-name>RESTService</servlet-name>
- <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>RESTService</servlet-name>
- <url-pattern>/resources/*</url-pattern>
- </servlet-mapping>
- <servlet>
- <servlet-name>spring</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>spring</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
- </web-app>
- package demo.oauth2.authentication.resources;
- import javax.ws.rs.GET;
- import javax.ws.rs.Path;
- @Path("/MyResource")
- public class MyResource {
- @GET
- @Path("/createInfo")
- public String createInfo(){
- return "nnt!!!Protected Resource(createInfo) Accessed !!!! Returning from Myresource createInfon";
- }
- @GET
- @Path("/getMyInfo")
- public String getMyInfo(){
- return "nnt Protected Resource(getMyInfo) Accessed !!!! Returning from Myresource getMyInfon";
- }
- @GET
- @Path("/updateInfo")
- public String updateMyInfo(){
- return "nnt Protected Resource(updateInfo) Accessed !!!! Returning from Myresource updateInfon";
- }
- }
- <http pattern="/resources/**"
- <http pattern="/resources/*"
- <http pattern="/resources/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
- xmlns="http://www.springframework.org/schema/security">
- <anonymous enabled="false" />
- <intercept-url pattern="/resources/**" method="GET" />
- <intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_FULLY" />
- <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
- <access-denied-handler ref="oauthAccessDeniedHandler" />
- </http>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- <init-param>
- <param-name>contextAttribute</param-name>
- <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
- </init-param>
- <web-app id="WebApp_ID" version="2.4"
- xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
- http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <display-name>Spring REStEasy Restful Web Application</display-name>
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>classpath:resteasy-servlet.xml
- classpath:security-config.xml</param-value>
- </context-param>
- <!-- <context-param> <param-name>resteasy.scan</param-name> <param-value>true</param-value>
- </context-param> -->
- <context-param>
- <param-name>resteasy.servlet.mapping.prefix</param-name>
- <param-value>/rest</param-value>
- </context-param>
- <context-param>
- <param-name>javax.ws.rs.core.Application</param-name>
- <param-value>org.test.service.MyRestApplication</param-value>
- </context-param>
- <listener>
- <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
- </listener>
- <!-- Spring Bootstrap -->
- <listener>
- <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.jboss.resteasy.plugins.spring.SpringContextLoaderListener</listener-class>
- </listener>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- <init-param>
- <param-name>contextAttribute</param-name>
- <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <servlet>
- <servlet-name>resteasy</servlet-name>
- <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
- <init-param>
- <param-name>javax.ws.rs.Application</param-name>
- <param-value>org.test.service.MyRestApplication</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>resteasy</servlet-name>
- <url-pattern>/rest/*</url-pattern>
- </servlet-mapping>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement