API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 21st, 2016
216
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.04 KB | None | 0 0
raw download clone embed print report
  1. http://localhost:8080/springsecurity-oauth2-POC/oauth/token?grant_type=password&client_id=my-trusted-client-with-secret&client_secret=somesecret&username=marissa&password=koala
  2.  
  3. http://localhost:8080/springsecurity-oauth2-POC/resources/MyResource/getMyInfo
  4.  
  5. <?xml version="1.0" encoding="UTF-8" ?>
  6. <beans xmlns="http://www.springframework.org/schema/beans"
  7. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
  8. xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc"
  9. xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
  10. http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
  11. http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
  12. http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd ">
  13.  
  14.  
  15. <http pattern="/oauth/token" create-session="stateless"
  16. authentication-manager-ref="clientAuthenticationManager"
  17. xmlns="http://www.springframework.org/schema/security" >
  18. <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
  19. <anonymous enabled="false" />
  20. <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
  21. <!-- include this only if you need to authenticate clients via request parameters -->
  22. <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
  23. <access-denied-handler ref="oauthAccessDeniedHandler" />
  24. </http>
  25.  
  26. <!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
  27. separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
  28. <http pattern="/resources/*" create-session="never"
  29. entry-point-ref="oauthAuthenticationEntryPoint"
  30. access-decision-manager-ref="accessDecisionManager"
  31. xmlns="http://www.springframework.org/schema/security">
  32. <anonymous enabled="false" />
  33. <intercept-url pattern="/resources/*" access="ROLE_USER" />
  34. <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
  35. <access-denied-handler ref="oauthAccessDeniedHandler" />
  36. </http>
  37.  
  38. <http pattern="/logout" create-session="never"
  39. entry-point-ref="oauthAuthenticationEntryPoint"
  40. xmlns="http://www.springframework.org/schema/security">
  41. <anonymous enabled="false" />
  42. <intercept-url pattern="/logout" method="GET" />
  43. <sec:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
  44. <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
  45. <access-denied-handler ref="oauthAccessDeniedHandler" />
  46. </http>
  47.  
  48.  
  49. <bean id="logoutSuccessHandler" class="demo.oauth2.authentication.security.LogoutImpl" >
  50. <property name="tokenstore" ref="tokenStore"></property>
  51. </bean>
  52.  
  53. <bean id="oauthAuthenticationEntryPoint"
  54. class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
  55. </bean>
  56.  
  57. <bean id="clientAuthenticationEntryPoint"
  58. class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
  59. <!-- <property name="realmName" value="springsec/client" /> -->
  60. <property name="realmName" value="test/client" />
  61. <property name="typeName" value="Basic" />
  62. </bean>
  63.  
  64. <bean id="oauthAccessDeniedHandler"
  65. class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
  66. </bean>
  67.  
  68. <bean id="clientCredentialsTokenEndpointFilter"
  69. class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
  70. <property name="authenticationManager" ref="clientAuthenticationManager" />
  71. </bean>
  72.  
  73. <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
  74. <constructor-arg>
  75. <list>
  76. <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
  77. <bean class="org.springframework.security.access.vote.RoleVoter" />
  78. <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
  79. </list>
  80. </constructor-arg>
  81. </bean>
  82.  
  83. <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
  84. <authentication-provider user-service-ref="clientDetailsUserService" />
  85. </authentication-manager>
  86.  
  87. <authentication-manager alias="authenticationManager"
  88. xmlns="http://www.springframework.org/schema/security">
  89. <!-- <authentication-provider user-service-ref="clientDetailsUserService" /> -->
  90. <authentication-provider>
  91. <user-service id="userDetailsService">
  92. <user name="marissa" password="koala" authorities="ROLE_USER" />
  93. <user name="paul" password="emu" authorities="ROLE_USER" />
  94. </user-service>
  95. </authentication-provider>
  96. </authentication-manager>
  97.  
  98. <bean id="clientDetailsUserService"
  99. class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
  100. <constructor-arg ref="clientDetails" />
  101. </bean>
  102.  
  103. <!-- Used for the persistenceof tokens (currently an in memory implementation) -->
  104. <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
  105.  
  106. <!-- Used to create token and and every thing about them except for their persistence that is reposibility of TokenStore (Given here is a default implementation) -->
  107. <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
  108. <property name="tokenStore" ref="tokenStore" />
  109. <property name="supportRefreshToken" value="true" />
  110. <property name="accessTokenValiditySeconds" value="300000"></property>
  111. <property name="clientDetailsService" ref="clientDetails" />
  112. </bean>
  113.  
  114. <bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
  115. <property name="tokenServices" ref="tokenServices" />
  116. </bean>
  117.  
  118. <!-- authorization-server aka AuthorizationServerTokenServices is an interface that defines everything necessary for token management -->
  119. <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
  120. user-approval-handler-ref="userApprovalHandler">
  121. <oauth:authorization-code />
  122. <oauth:implicit />
  123. <oauth:refresh-token />
  124. <oauth:client-credentials />
  125. <oauth:password />
  126. </oauth:authorization-server>
  127.  
  128. <oauth:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenServices" />
  129. <!-- ClientsDeailsService: Entry Point to clients database (given is in memory implementation) -->
  130. <oauth:client-details-service id="clientDetails">
  131.  
  132. <oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,implicit"
  133. authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" />
  134.  
  135. <oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,implicit"
  136. secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
  137. <oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
  138. scope="read" secret="secret" />
  139.  
  140. <oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit"
  141. authorities="ROLE_CLIENT" />
  142.  
  143. <oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit"
  144. authorities="ROLE_CLIENT" />
  145.  
  146. <oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials"
  147. authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" />
  148.  
  149. <oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code"
  150. authorities="ROLE_CLIENT" redirect-uri="http://anywhere" scope="read" />
  151.  
  152. <oauth:client client-id="tonr" resource-ids="test" authorized-grant-types="authorization_code,implicit"
  153. authorities="ROLE_CLIENT" scope="read,write" secret="secret" />
  154.  
  155. <!--Self defined client-->
  156. <oauth:client client-id="the_client" authorized-grant-types="authorization_code,client_credentials"
  157. authorities="ROLE_USER" scope="read,write,trust" secret="secret" />
  158.  
  159. </oauth:client-details-service>
  160. <sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
  161. <!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
  162. <sec:expression-handler ref="oauthExpressionHandler" />
  163. </sec:global-method-security>
  164.  
  165. <oauth:expression-handler id="oauthExpressionHandler" />
  166.  
  167. <oauth:web-expression-handler id="oauthWebExpressionHandler" />
  168.  
  169. <mvc:annotation-driven /> <!-- Declares explicit support for annotation-driven MVC controllers @RequestMapping, @Controller -->
  170.  
  171. <mvc:default-servlet-handler />
  172. </beans>
  173.  
  174. <?xml version="1.0" encoding="UTF-8"?>
  175. <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  176. <display-name>Spring Secure REST</display-name>
  177. <context-param>
  178. <param-name>contextConfigLocation</param-name>
  179. <param-value>/WEB-INF/spring-servlet.xml</param-value>
  180. </context-param>
  181. <listener>
  182. <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  183. </listener>
  184. <listener>
  185. <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
  186. </listener>
  187. <filter>
  188. <filter-name>springSecurityFilterChain</filter-name>
  189. <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  190. <init-param>
  191. <param-name>contextAttribute</param-name>
  192. <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
  193. </init-param>
  194. </filter>
  195. <filter-mapping>
  196. <filter-name>springSecurityFilterChain</filter-name>
  197. <url-pattern>/*</url-pattern>
  198. </filter-mapping>
  199. <servlet>
  200. <servlet-name>RESTService</servlet-name>
  201. <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
  202. <load-on-startup>1</load-on-startup>
  203. </servlet>
  204. <servlet-mapping>
  205. <servlet-name>RESTService</servlet-name>
  206. <url-pattern>/resources/*</url-pattern>
  207. </servlet-mapping>
  208. <servlet>
  209. <servlet-name>spring</servlet-name>
  210. <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
  211. <load-on-startup>1</load-on-startup>
  212. </servlet>
  213. <servlet-mapping>
  214. <servlet-name>spring</servlet-name>
  215. <url-pattern>/</url-pattern>
  216. </servlet-mapping>
  217. </web-app>
  218.  
  219. package demo.oauth2.authentication.resources;
  220.  
  221. import javax.ws.rs.GET;
  222. import javax.ws.rs.Path;
  223.  
  224.  
  225. @Path("/MyResource")
  226. public class MyResource {
  227.  
  228.  
  229. @GET
  230. @Path("/createInfo")
  231. public String createInfo(){
  232. return "nnt!!!Protected Resource(createInfo) Accessed !!!! Returning from Myresource createInfon";
  233.  
  234. }
  235.  
  236. @GET
  237. @Path("/getMyInfo")
  238. public String getMyInfo(){
  239.  
  240. return "nnt Protected Resource(getMyInfo) Accessed !!!! Returning from Myresource getMyInfon";
  241. }
  242.  
  243.  
  244. @GET
  245. @Path("/updateInfo")
  246. public String updateMyInfo(){
  247. return "nnt Protected Resource(updateInfo) Accessed !!!! Returning from Myresource updateInfon";
  248.  
  249. }
  250.  
  251. }
  252.  
  253. <http pattern="/resources/**"
  254.  
  255. <http pattern="/resources/*"
  256.  
  257. <http pattern="/resources/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
  258. xmlns="http://www.springframework.org/schema/security">
  259. <anonymous enabled="false" />
  260. <intercept-url pattern="/resources/**" method="GET" />
  261. <intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_FULLY" />
  262. <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
  263. <access-denied-handler ref="oauthAccessDeniedHandler" />
  264. </http>
  265.  
  266. <filter-name>springSecurityFilterChain</filter-name>
  267. <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  268.  
  269. <init-param>
  270. <param-name>contextAttribute</param-name>
  271. <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
  272. </init-param>
  273.  
  274. <web-app id="WebApp_ID" version="2.4"
  275. xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  276. xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
  277. http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  278. <display-name>Spring REStEasy Restful Web Application</display-name>
  279.  
  280. <context-param>
  281. <param-name>contextConfigLocation</param-name>
  282. <param-value>classpath:resteasy-servlet.xml
  283. classpath:security-config.xml</param-value>
  284. </context-param>
  285. <!-- <context-param> <param-name>resteasy.scan</param-name> <param-value>true</param-value>
  286. </context-param> -->
  287. <context-param>
  288. <param-name>resteasy.servlet.mapping.prefix</param-name>
  289. <param-value>/rest</param-value>
  290. </context-param>
  291.  
  292. <context-param>
  293. <param-name>javax.ws.rs.core.Application</param-name>
  294. <param-value>org.test.service.MyRestApplication</param-value>
  295. </context-param>
  296.  
  297. <listener>
  298. <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
  299. </listener>
  300.  
  301. <!-- Spring Bootstrap -->
  302. <listener>
  303. <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
  304. </listener>
  305.  
  306. <listener>
  307. <listener-class>org.jboss.resteasy.plugins.spring.SpringContextLoaderListener</listener-class>
  308. </listener>
  309.  
  310.  
  311. <filter>
  312. <filter-name>springSecurityFilterChain</filter-name>
  313. <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  314. <init-param>
  315. <param-name>contextAttribute</param-name>
  316. <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
  317. </init-param>
  318. </filter>
  319. <filter-mapping>
  320. <filter-name>springSecurityFilterChain</filter-name>
  321. <url-pattern>/*</url-pattern>
  322. </filter-mapping>
  323.  
  324. <servlet>
  325. <servlet-name>resteasy</servlet-name>
  326. <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
  327. <init-param>
  328. <param-name>javax.ws.rs.Application</param-name>
  329. <param-value>org.test.service.MyRestApplication</param-value>
  330. </init-param>
  331. <load-on-startup>1</load-on-startup>
  332. </servlet>
  333.  
  334.  
  335. <servlet-mapping>
  336. <servlet-name>resteasy</servlet-name>
  337. <url-pattern>/rest/*</url-pattern>
  338. </servlet-mapping>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!