daily pastebin goal
78%
SHARE
TWEET

Untitled

a guest Jan 15th, 2019 58 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. @Configuration
  2. @EnableResourceServer
  3. @EnableGlobalMethodSecurity(prePostEnabled = true)
  4. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER-1)
  5. public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
  6.     public static final String RESOURCE_ID = "resources";
  7.  
  8.     @Override
  9.     public void configure(final ResourceServerSecurityConfigurer resources) {
  10.         resources
  11.                 .resourceId(RESOURCE_ID);
  12.     }
  13.  
  14.     @Override
  15.     public void configure(final HttpSecurity http) throws Exception {
  16.         http
  17.                 .authorizeRequests()
  18.                 .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
  19.                 .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
  20.                 .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
  21.                 .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
  22.                 .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
  23.                 .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
  24.                 .antMatchers(HttpMethod.GET, "/health").permitAll();
  25.     }
  26.  
  27. }
  28.    
  29. @Configuration
  30. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
  31. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  32.  
  33.     @Autowired
  34.     private UserDetailsService userDetailsService;
  35.  
  36.     @Override
  37.     public void configure(final AuthenticationManagerBuilder auth) throws Exception {
  38.         auth
  39.                 .userDetailsService(userDetailsService)
  40.                 .passwordEncoder(new BCryptPasswordEncoder());
  41.     }
  42.  
  43.     @Override
  44.     protected void configure(final HttpSecurity http) throws Exception {
  45.         http
  46.                 .authorizeRequests()
  47.                 .anyRequest().authenticated()
  48.                 .and().httpBasic().realmName("OAuth Server");
  49.     }
  50. }
  51.    
  52. protected void configure(HttpSecurity http) throws Exception {
  53.     ...
  54.     .authorizeRequests()
  55.             .antMatchers("/actuator/**").permitAll()
  56. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top