Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @SpringBootApplication
- @EnableResourceServer
- @RestController
- public class Application {
- public static void main(String[] args) {
- SpringApplication.run(Application.class, args);
- }
- @RequestMapping("/home")
- public String home() {
- return "Hello World";
- }
- @RequestMapping("/reg/a")
- public String reg() {
- return "REGISTERED";
- }
- @RequestMapping(value = "/", method = RequestMethod.POST)
- @ResponseStatus(HttpStatus.CREATED)
- public String create(@RequestBody MultiValueMap<String, String> map) {
- return "OK";
- }
- @Configuration
- @EnableAuthorizationServer
- protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
- @Autowired
- private AuthenticationManager authenticationManager;
- @Override
- public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
- endpoints.authenticationManager(authenticationManager);
- }
- @Override
- public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
- security.checkTokenAccess("isAuthenticated()");
- }
- @Override
- public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
- clients.inMemory()
- .withClient("my-client-with-secret")
- .authorizedGrantTypes("client_credentials", "password")
- .authorities("ROLE_CLIENT")
- .scopes("read")
- .resourceIds("oauth2-resource")
- .secret("secret");
- }
- }}
- @Configuration
- @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
- public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Bean(name="authenticationManager")
- @Override
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManager();
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- String password = "pass";
- String user = "user";
- auth.inMemoryAuthentication()
- .withUser(user).password(password).roles("USER")
- .and().withUser("admin").password("admin").roles("ADMIN");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .requestMatchers().antMatchers("/reg/**")
- .and()
- .authorizeRequests()
- .antMatchers("/reg/**").access("hasRole('ADMIN')");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement