Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- curl -X POST -d "client_id=client-id&client_secret=secret&grant_type=password&username=demo&password=1234" http://localhost:8080/oauth/token
- {"timestamp":"2018-01-25T14:47:42.286+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/oauth/token"}
- @Configuration
- @EnableAuthorizationServer
- class AuthorizationServerConfiguration : AuthorizationServerConfigurerAdapter() {
- @Autowired
- private val tokenStore: TokenStore? = null
- @Autowired
- private val userApprovalHandler: UserApprovalHandler? = null
- @Autowired
- @Qualifier("authenticationManagerBean")
- private val authenticationManager: AuthenticationManager? = null
- @Throws(Exception::class)
- override fun configure(clients: ClientDetailsServiceConfigurer?) {
- clients!!.inMemory()
- .withClient("client-id")
- .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
- .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
- .scopes("read", "write", "trust")
- .secret("secret")
- .accessTokenValiditySeconds(120)//Access token is only valid for 2 minutes.
- .refreshTokenValiditySeconds(600)//Refresh token is only valid for 10 minutes.
- }
- @Throws(Exception::class)
- override fun configure(endpoints: AuthorizationServerEndpointsConfigurer?) {
- endpoints!!.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
- .authenticationManager(authenticationManager)
- }
- @Throws(Exception::class)
- override fun configure(oauthServer: AuthorizationServerSecurityConfigurer?) {
- oauthServer!!.realm(REALM + "/client")
- }
- companion object {
- private val REALM = "MY_OAUTH_REALM"
- }
- }
- @Configuration
- @EnableResourceServer
- class ResourceServerConfiguration : ResourceServerConfigurerAdapter() {
- override fun configure(resources: ResourceServerSecurityConfigurer?) {
- resources!!.resourceId(RESOURCE_ID).stateless(false)
- }
- @Throws(Exception::class)
- override fun configure(http: HttpSecurity) {
- http.anonymous().disable()
- .requestMatchers().antMatchers("/users/**")
- .and().authorizeRequests()
- .antMatchers("/users/**").access("hasRole('ADMIN')")
- .and().exceptionHandling().accessDeniedHandler(OAuth2AccessDeniedHandler())
- }
- companion object {
- private val RESOURCE_ID = "my_rest_api"
- }
- }
- @Configuration
- @EnableWebSecurity
- class OAuth2SecurityConfiguration : WebSecurityConfigurerAdapter() {
- @Autowired
- private val clientDetailsService: ClientDetailsService? = null
- @Autowired
- @Throws(Exception::class)
- fun globalUserDetails(auth: AuthenticationManagerBuilder) {
- auth.inMemoryAuthentication()
- .withUser("bill").password("abc123").roles("ADMIN").and()
- .withUser("demo").password("1234").roles("USER")
- }
- @Throws(Exception::class)
- override fun configure(http: HttpSecurity) {
- http
- .csrf().disable()
- .anonymous().disable()
- .authorizeRequests()
- .antMatchers("/oauth/token").permitAll()
- }
- @Bean
- @Throws(Exception::class)
- override fun authenticationManagerBean(): AuthenticationManager {
- return super.authenticationManagerBean()
- }
- @Bean
- fun tokenStore(): TokenStore {
- return InMemoryTokenStore()
- }
- @Bean
- @Autowired
- fun userApprovalHandler(tokenStore: TokenStore): TokenStoreUserApprovalHandler {
- val handler = TokenStoreUserApprovalHandler()
- handler.setTokenStore(tokenStore)
- handler.setRequestFactory(DefaultOAuth2RequestFactory(clientDetailsService))
- handler.setClientDetailsService(clientDetailsService)
- return handler
- }
- @Bean
- @Autowired
- @Throws(Exception::class)
- fun approvalStore(tokenStore: TokenStore): ApprovalStore {
- val store = TokenApprovalStore()
- store.setTokenStore(tokenStore)
- return store
- }
- }
Add Comment
Please, Sign In to add comment
