SHOW:
|
|
- or go back to the newest paste.
1 | - | <?xml version="1.0" encoding="UTF-8"?> |
1 | + | <?xml version="1.0" encoding="UTF-8"?> |
2 | - | <beans:beans xmlns="http://www.springframework.org/schema/security" |
2 | + | <beans:beans xmlns="http://www.springframework.org/schema/security" |
3 | - | xmlns:beans="http://www.springframework.org/schema/beans" |
3 | + | xmlns:beans="http://www.springframework.org/schema/beans" |
4 | - | xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" |
4 | + | xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" |
5 | - | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
5 | + | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
6 | - | xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 |
6 | + | xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 |
7 | - | http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd |
7 | + | http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd |
8 | - | http://www.springframework.org/schema/beans |
8 | + | http://www.springframework.org/schema/beans |
9 | - | http://www.springframework.org/schema/beans/spring-beans.xsd |
9 | + | http://www.springframework.org/schema/beans/spring-beans.xsd |
10 | - | http://www.springframework.org/schema/security |
10 | + | http://www.springframework.org/schema/security |
11 | - | http://www.springframework.org/schema/security/spring-security.xsd"> |
11 | + | http://www.springframework.org/schema/security/spring-security.xsd"> |
12 | - | |
12 | + | |
13 | - | <global-method-security jsr250-annotations="enabled" /> |
13 | + | <global-method-security jsr250-annotations="enabled" /> |
14 | - | <http pattern="/**/*.css" security="none" /> |
14 | + | <http pattern="/**/*.css" security="none" /> |
15 | - | <http pattern="/**/*.css.map" security="none" /> |
15 | + | <http pattern="/**/*.css.map" security="none" /> |
16 | - | |
16 | + | |
17 | - | |
17 | + | |
18 | - | <http pattern="/**/*.gif" security="none" /> |
18 | + | <http pattern="/**/*.gif" security="none" /> |
19 | - | <http pattern="/**/*.html" security="none" /> |
19 | + | <http pattern="/**/*.html" security="none" /> |
20 | - | <http pattern="/**/*.ttf" security="none" /> |
20 | + | <http pattern="/**/*.ttf" security="none" /> |
21 | - | <http pattern="/**/*.eot" security="none" /> |
21 | + | <http pattern="/**/*.eot" security="none" /> |
22 | - | <http pattern="/**/*.svg" security="none" /> |
22 | + | <http pattern="/**/*.svg" security="none" /> |
23 | - | <http pattern="/**/*.woff" security="none" /> |
23 | + | <http pattern="/**/*.woff" security="none" /> |
24 | - | <http pattern="/**/*.woff2" security="none" /> |
24 | + | <http pattern="/**/*.woff2" security="none" /> |
25 | - | <http pattern="/**/*.xls" security="none" /> |
25 | + | <http pattern="/**/*.xls" security="none" /> |
26 | - | <http pattern="/**/*.ico" security="none" /> |
26 | + | <http pattern="/**/*.ico" security="none" /> |
27 | - | <http pattern="/**/*.jpg" security="none" /> |
27 | + | <http pattern="/**/*.jpg" security="none" /> |
28 | - | <http pattern="/**/*.js" security="none" /> |
28 | + | <http pattern="/**/*.js" security="none" /> |
29 | - | <http pattern="/**/*.png" security="none" /> |
29 | + | <http pattern="/**/*.png" security="none" /> |
30 | - | <http pattern="/**/*.xml" security="none" /> |
30 | + | <http pattern="/**/*.xml" security="none" /> |
31 | - | <http pattern="/**/*.mp4" security="none" /> |
31 | + | <http pattern="/**/*.mp4" security="none" /> |
32 | - | <http pattern="editCustomerTrnx" security="none"/> |
32 | + | <http pattern="editCustomerTrnx" security="none"/> |
33 | - | <!--<http pattern="/embed/*" security="none"/> --> |
33 | + | <!--<http pattern="/embed/*" security="none"/> --> |
34 | - | |
34 | + | |
35 | - | <!-- Default URL provided by spring to get the token(access and refresh) from oauth --> |
35 | + | <!-- Default URL provided by spring to get the token(access and refresh) from oauth --> |
36 | - | <http pattern="/oauth/token" create-session="never" |
36 | + | <http pattern="/oauth/token" create-session="never" |
37 | - | authentication-manager-ref="clientAuthenticationManager" |
37 | + | authentication-manager-ref="clientAuthenticationManager" |
38 | - | xmlns="http://www.springframework.org/schema/security"> |
38 | + | xmlns="http://www.springframework.org/schema/security"> |
39 | - | <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/> |
39 | + | <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/> |
40 | - | <http-basic entry-point-ref="clientAuthenticationEntryPoint"/> |
40 | + | <http-basic entry-point-ref="clientAuthenticationEntryPoint"/> |
41 | - | <!-- Using this to authenticate client using request parameter --> |
41 | + | <!-- Using this to authenticate client using request parameter --> |
42 | - | <custom-filter ref="clientCredentialsTokenEndPointFilter" after="BASIC_AUTH_FILTER"/> |
42 | + | <custom-filter ref="clientCredentialsTokenEndPointFilter" after="BASIC_AUTH_FILTER"/> |
43 | - | <access-denied-handler ref="oauthAccessDeniedHandler"/> |
43 | + | <access-denied-handler ref="oauthAccessDeniedHandler"/> |
44 | - | </http> |
44 | + | </http> |
45 | - | |
45 | + | |
46 | - | <!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling |
46 | + | <!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling |
47 | - | separately. This isn't mandatory, but it makes it easier to control the behaviour --> |
47 | + | separately. This isn't mandatory, but it makes it easier to control the behaviour --> |
48 | - | <http pattern="/Api/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint" |
48 | + | <http pattern="/Api/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint" |
49 | - | access-decision-manager-ref="accessDecisionManager" |
49 | + | access-decision-manager-ref="accessDecisionManager" |
50 | - | xmlns="http://www.springframework.org/schema/security"> |
50 | + | xmlns="http://www.springframework.org/schema/security"> |
51 | - | <anonymous enabled="false"/> |
51 | + | <anonymous enabled="false"/> |
52 | - | <intercept-url pattern="/Api/**" access="ROLE_ADMIN"/> |
52 | + | <intercept-url pattern="/Api/**" access="ROLE_ADMIN"/> |
53 | - | <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> |
53 | + | <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> |
54 | - | <access-denied-handler ref="oauthAccessDeniedHandler"/> |
54 | + | <access-denied-handler ref="oauthAccessDeniedHandler"/> |
55 | - | </http> |
55 | + | </http> |
56 | - | |
56 | + | |
57 | - | <!-- 2 --> |
57 | + | <!-- 2 --> |
58 | - | <http auto-config="true"> |
58 | + | <http auto-config="true"> |
59 | - | <intercept-url pattern="/Admin/**" |
59 | + | <intercept-url pattern="/Admin/**" |
60 | - | access="ROLE_ADMINISTRATOR,ROLE_AUTHENTICATED" requires-channel="any" /> |
60 | + | access="ROLE_ADMINISTRATOR,ROLE_AUTHENTICATED" requires-channel="any" /> |
61 | - | <intercept-url pattern="/Seller/**" access="ROLE_AUTHENTICATED,ROLE_SELLER" |
61 | + | <intercept-url pattern="/Seller/**" access="ROLE_AUTHENTICATED,ROLE_SELLER" |
62 | - | requires-channel="any" /> |
62 | + | requires-channel="any" /> |
63 | - | <intercept-url pattern="/login/**" access="IS_AUTHENTICATED_ANONYMOUSLY" |
63 | + | <intercept-url pattern="/login/**" access="IS_AUTHENTICATED_ANONYMOUSLY" |
64 | - | requires-channel="any" /> |
64 | + | requires-channel="any" /> |
65 | - | <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" |
65 | + | <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" |
66 | - | requires-channel="any" /> |
66 | + | requires-channel="any" /> |
67 | - | <!-- <remember-me key="remittancerm" /> --> |
67 | + | <!-- <remember-me key="remittancerm" /> --> |
68 | - | <custom-filter position="CONCURRENT_SESSION_FILTER" ref="customSessionFilter" /> |
68 | + | <custom-filter position="CONCURRENT_SESSION_FILTER" ref="customSessionFilter" /> |
69 | - | <form-login login-page="/main" |
69 | + | <form-login login-page="/main" |
70 | - | |
70 | + | |
71 | - | authentication-failure-handler-ref="failureHandler" |
71 | + | authentication-failure-handler-ref="failureHandler" |
72 | - | always-use-default-target="false" default-target-url="/" |
72 | + | always-use-default-target="false" default-target-url="/" |
73 | - | authentication-success-handler-ref="ash" /> |
73 | + | authentication-success-handler-ref="ash" /> |
74 | - | <logout logout-url="/logout" logout-success-url="/" /> |
74 | + | <logout logout-url="/logout" logout-success-url="/" /> |
75 | - | <access-denied-handler ref="" error-page="/" /> |
75 | + | <access-denied-handler ref="" error-page="/" /> |
76 | - | <!-- authentication-failure-url="/main?errormessage=authentication.login.failed" --> |
76 | + | <!-- authentication-failure-url="/main?errormessage=authentication.login.failed" --> |
77 | - | <session-management |
77 | + | <session-management |
78 | - | session-authentication-strategy-ref="sls" /> |
78 | + | session-authentication-strategy-ref="sls" /> |
79 | - | <port-mappings> |
79 | + | <port-mappings> |
80 | - | <port-mapping http="8080" https="8443" /> |
80 | + | <port-mapping http="8080" https="8443" /> |
81 | - | </port-mappings> |
81 | + | </port-mappings> |
82 | - | </http> |
82 | + | </http> |
83 | - | |
83 | + | |
84 | - | <authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security"> |
84 | + | <authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security"> |
85 | - | <authentication-provider> <!-- user-service-ref="userDetailService" --> |
85 | + | <authentication-provider> <!-- user-service-ref="userDetailService" --> |
86 | - | <user-service> |
86 | + | <user-service> |
87 | - | <user name="subash" authorities="ROLE_ADMIN" password="123456"/> |
87 | + | <user name="subash" authorities="ROLE_ADMIN" password="123456"/> |
88 | - | </user-service> |
88 | + | </user-service> |
89 | - | <!-- <password-encoder ref="passwordEncoder"> |
89 | + | <!-- <password-encoder ref="passwordEncoder"> |
90 | - | </password-encoder> --> |
90 | + | </password-encoder> --> |
91 | - | </authentication-provider> |
91 | + | </authentication-provider> |
92 | - | </authentication-manager> |
92 | + | </authentication-manager> |
93 | - | |
93 | + | |
94 | - | <beans:bean id="ash" |
94 | + | <beans:bean id="ash" |
95 | - | class="com.remittance.session.CustomSavedRequestAwareAuthenticationSuccessHandler"> |
95 | + | class="com.remittance.session.CustomSavedRequestAwareAuthenticationSuccessHandler"> |
96 | - | </beans:bean> |
96 | + | |
97 | - | |
97 | + | |
98 | - | <beans:bean id="failureHandler" class="com.remittance.session.CustomAuthenticationFailureHandler"> |
98 | + | <beans:bean id="failureHandler" class="com.remittance.session.CustomAuthenticationFailureHandler"> |
99 | - | </beans:bean> |
99 | + | |
100 | - | <beans:bean id="forbiddenEntryPoint" |
100 | + | <beans:bean id="forbiddenEntryPoint" |
101 | - | class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" /> |
101 | + | class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" /> |
102 | - | |
102 | + | |
103 | - | |
103 | + | |
104 | - | <beans:bean id="customSessionFilter" class="com.remittance.session.CustomSessionFilter"> |
104 | + | <beans:bean id="customSessionFilter" class="com.remittance.session.CustomSessionFilter"> |
105 | - | <beans:constructor-arg ref="sessionRegistry" /> |
105 | + | <beans:constructor-arg ref="sessionRegistry" /> |
106 | - | </beans:bean> |
106 | + | |
107 | - | |
107 | + | |
108 | - | <beans:bean id="sls" |
108 | + | <beans:bean id="sls" |
109 | - | class="com.remittance.session.SessionLoggingStrategy"> |
109 | + | class="com.remittance.session.SessionLoggingStrategy"> |
110 | - | <beans:constructor-arg ref="sas" /> |
110 | + | <beans:constructor-arg ref="sas" /> |
111 | - | <beans:constructor-arg ref="sessionLogApi" /> |
111 | + | <beans:constructor-arg ref="sessionLogApi" /> |
112 | - | </beans:bean> |
112 | + | |
113 | - | |
113 | + | |
114 | - | <beans:bean id="sas" |
114 | + | <beans:bean id="sas" |
115 | - | class="com.remittance.session.PersistingConcurrentSessionControlStrategy"> |
115 | + | class="com.remittance.session.PersistingConcurrentSessionControlStrategy"> |
116 | - | <beans:constructor-arg name="sessionRegistry" |
116 | + | <beans:constructor-arg name="sessionRegistry" |
117 | - | ref="sessionRegistry" /> |
117 | + | ref="sessionRegistry" /> |
118 | - | <beans:constructor-arg name="sessionApi" ref="sessionApi" /> |
118 | + | <beans:constructor-arg name="sessionApi" ref="sessionApi" /> |
119 | - | <beans:property name="maximumSessions" value="-1" /> |
119 | + | <beans:property name="maximumSessions" value="-1" /> |
120 | - | </beans:bean> |
120 | + | |
121 | - | |
121 | + | |
122 | - | <beans:bean id="sessionRegistry" |
122 | + | <beans:bean id="sessionRegistry" |
123 | - | class="com.remittance.session.PersistingSessionRegistry"> |
123 | + | class="com.remittance.session.PersistingSessionRegistry"> |
124 | - | <beans:constructor-arg ref="sessionApi" /> |
124 | + | <beans:constructor-arg ref="sessionApi" /> |
125 | - | </beans:bean> |
125 | + | |
126 | - | |
126 | + | |
127 | - | <beans:bean id="userDetailService" |
127 | + | <beans:bean id="userDetailService" |
128 | - | class="com.remittance.session.UserDetailsServiceImpl"> |
128 | + | class="com.remittance.session.UserDetailsServiceImpl"> |
129 | - | <beans:constructor-arg ref="userRepository" /> |
129 | + | <beans:constructor-arg ref="userRepository" /> |
130 | - | </beans:bean> |
130 | + | |
131 | - | |
131 | + | |
132 | - | <beans:bean id="passwordEncoder" |
132 | + | <beans:bean id="passwordEncoder" |
133 | - | class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> |
133 | + | class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> |
134 | - | |
134 | + | |
135 | - | |
135 | + | |
136 | - | <beans:bean id="userTest" class="com.remittance.session.UserTest"> |
136 | + | <beans:bean id="userTest" class="com.remittance.session.UserTest"> |
137 | - | <beans:constructor-arg ref="userRepository" /> |
137 | + | <beans:constructor-arg ref="userRepository" /> |
138 | - | </beans:bean> |
138 | + | |
139 | - | |
139 | + | |
140 | - | |
140 | + | |
141 | - | |
141 | + | |
142 | - | <!-- OAuth2 Security --> |
142 | + | <!-- OAuth2 Security --> |
143 | - | |
143 | + | |
144 | - | |
144 | + | |
145 | - | <!-- Resource protected by oauth2 security --> |
145 | + | <!-- Resource protected by oauth2 security --> |
146 | - | |
146 | + | |
147 | - | <!-- OAuth Client Details --> |
147 | + | <!-- OAuth Client Details --> |
148 | - | <oauth2:client-details-service id="clientDetails"> |
148 | + | <oauth2:client-details-service id="clientDetails"> |
149 | - | <oauth2:client client-id="android5.5" secret="1234567890" authorized-grant-types="password,authorization_code,refresh_token,implicit,client_credentials" |
149 | + | <oauth2:client client-id="android5.5" secret="1234567890" authorized-grant-types="password,authorization_code,refresh_token,implicit,client_credentials" |
150 | - | authorities="ROLE_CLIENT,ROLE_TRUSTED_CLIENT" scope="read,write,trust"/> |
150 | + | authorities="ROLE_CLIENT,ROLE_TRUSTED_CLIENT" scope="read,write,trust"/> |
151 | - | <oauth2:client client-id="nokia3320" secret="0987654321" authorized-grant-types="password,authorization_code,refresh_token,implicit,client_credentials" |
151 | + | <oauth2:client client-id="nokia3320" secret="0987654321" authorized-grant-types="password,authorization_code,refresh_token,implicit,client_credentials" |
152 | - | authorities="ROLE_CLIENT,ROLE_TRUSTED_CLIENT" scope="read,write,trust"/> |
152 | + | authorities="ROLE_CLIENT,ROLE_TRUSTED_CLIENT" scope="read,write,trust"/> |
153 | - | </oauth2:client-details-service> |
153 | + | </oauth2:client-details-service> |
154 | - | |
154 | + | |
155 | - | <!-- This defined token store, we have used in memory token store for now but this can be changed to a user defined one --> |
155 | + | <!-- This defined token store, we have used in memory token store for now but this can be changed to a user defined one --> |
156 | - | <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/> |
156 | + | <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/> |
157 | - | |
157 | + | |
158 | - | <!-- Load User By User name --> |
158 | + | <!-- Load User By User name --> |
159 | - | <beans:bean id="clientDetailsUserDetailsService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> |
159 | + | <beans:bean id="clientDetailsUserDetailsService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> |
160 | - | <beans:constructor-arg ref="clientDetails"/> |
160 | + | <beans:constructor-arg ref="clientDetails"/> |
161 | - | </beans:bean> |
161 | + | </beans:bean> |
162 | - | |
162 | + | |
163 | - | <!-- This is where we defined token based configurations, token validity and other things --> |
163 | + | <!-- This is where we defined token based configurations, token validity and other things --> |
164 | - | <beans:bean id="tokenService" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> |
164 | + | <beans:bean id="tokenService" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> |
165 | - | <beans:property name="tokenStore" ref="tokenStore"/> |
165 | + | <beans:property name="tokenStore" ref="tokenStore"/> |
166 | - | <beans:property name="accessTokenValiditySeconds" value="500"/> |
166 | + | <beans:property name="accessTokenValiditySeconds" value="500"/> |
167 | - | <beans:property name="clientDetailsService" ref="clientDetails"/> |
167 | + | <beans:property name="clientDetailsService" ref="clientDetails"/> |
168 | - | <beans:property name="supportRefreshToken" value="true"/> |
168 | + | <beans:property name="supportRefreshToken" value="true"/> |
169 | - | </beans:bean> |
169 | + | </beans:bean> |
170 | - | |
170 | + | |
171 | - | <!-- It Determine whether a given client authentication request has been approved by user or not --> |
171 | + | <!-- It Determine whether a given client authentication request has been approved by user or not --> |
172 | - | <!-- ToeknStoreUserApprovalHandler : A user approval handler that remembers approval decisions by consulting existing tokens --> |
172 | + | <!-- ToeknStoreUserApprovalHandler : A user approval handler that remembers approval decisions by consulting existing tokens --> |
173 | - | <beans:bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler"> |
173 | + | <beans:bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler"> |
174 | - | <beans:property name="tokenStore" ref="tokenStore"/> |
174 | + | <beans:property name="tokenStore" ref="tokenStore"/> |
175 | - | <beans:property name="requestFactory" ref="oauth2RequestFactory"/> |
175 | + | <beans:property name="requestFactory" ref="oauth2RequestFactory"/> |
176 | - | </beans:bean> |
176 | + | </beans:bean> |
177 | - | |
177 | + | |
178 | - | |
178 | + | |
179 | - | <!-- Server issuing access token to the client after successfully authenticating the resource owner and obtaining authorization --> |
179 | + | <!-- Server issuing access token to the client after successfully authenticating the resource owner and obtaining authorization --> |
180 | - | <oauth2:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenService" |
180 | + | <oauth2:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenService" |
181 | - | user-approval-handler-ref="userApprovalHandler"> |
181 | + | user-approval-handler-ref="userApprovalHandler"> |
182 | - | <!-- <oauth2:authorization-code/> --> |
182 | + | <!-- <oauth2:authorization-code/> --> |
183 | - | <!-- <oauth2:client-credentials/> --> |
183 | + | <!-- <oauth2:client-credentials/> --> |
184 | - | <!-- <oauth2:implicit/> --> |
184 | + | <!-- <oauth2:implicit/> --> |
185 | - | <oauth2:password/> |
185 | + | <oauth2:password/> |
186 | - | <!-- <oauth2:refresh-token/> --> |
186 | + | <!-- <oauth2:refresh-token/> --> |
187 | - | </oauth2:authorization-server> |
187 | + | </oauth2:authorization-server> |
188 | - | |
188 | + | |
189 | - | <authentication-manager id="clientAuthenticationManager"> |
189 | + | <authentication-manager id="clientAuthenticationManager"> |
190 | - | <authentication-provider user-service-ref="clientDetailsUserDetailsService"/> |
190 | + | <authentication-provider user-service-ref="clientDetailsUserDetailsService"/> |
191 | - | </authentication-manager> |
191 | + | </authentication-manager> |
192 | - | |
192 | + | |
193 | - | <!-- Include this if you need to authenticate client via request parameter --> |
193 | + | <!-- Include this if you need to authenticate client via request parameter --> |
194 | - | <beans:bean id="clientCredentialsTokenEndPointFilter" |
194 | + | <beans:bean id="clientCredentialsTokenEndPointFilter" |
195 | - | class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> |
195 | + | class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> |
196 | - | <beans:property name="authenticationManager" ref="clientAuthenticationManager" /> |
196 | + | <beans:property name="authenticationManager" ref="clientAuthenticationManager" /> |
197 | - | </beans:bean> |
197 | + | |
198 | - | |
198 | + | |
199 | - | <!-- Server hosting the protected resource ,capable of accepting and responding to protected resource request using access tokens --> |
199 | + | <!-- Server hosting the protected resource ,capable of accepting and responding to protected resource request using access tokens --> |
200 | - | <oauth2:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenService"/> |
200 | + | <oauth2:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenService"/> |
201 | - | |
201 | + | |
202 | - | <!-- Authentication Entry Point --> |
202 | + | <!-- Authentication Entry Point --> |
203 | - | <beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> |
203 | + | <beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> |
204 | - | <beans:property name="realmName" value="test" /> |
204 | + | <beans:property name="realmName" value="test" /> |
205 | - | </beans:bean> |
205 | + | </beans:bean> |
206 | - | |
206 | + | |
207 | - | <beans:bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> |
207 | + | <beans:bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> |
208 | - | <beans:property name="realmName" value="test/client" /> |
208 | + | <beans:property name="realmName" value="test/client" /> |
209 | - | <beans:property name="typeName" value="Basic" /> |
209 | + | <beans:property name="typeName" value="Basic" /> |
210 | - | </beans:bean> |
210 | + | </beans:bean> |
211 | - | |
211 | + | |
212 | - | <!-- Access Denied Handler --> |
212 | + | <!-- Access Denied Handler --> |
213 | - | <beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/> |
213 | + | <beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/> |
214 | - | |
214 | + | |
215 | - | <!-- This beans prepares oauth2Request using incoming request parameter --> |
215 | + | <!-- This beans prepares oauth2Request using incoming request parameter --> |
216 | - | <beans:bean id="oauth2RequestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory"> |
216 | + | <beans:bean id="oauth2RequestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory"> |
217 | - | <beans:constructor-arg ref="clientDetails"/> |
217 | + | <beans:constructor-arg ref="clientDetails"/> |
218 | - | </beans:bean> |
218 | + | |
219 | - | |
219 | + | |
220 | - | <!-- Access Decision Manager --> |
220 | + | <!-- Access Decision Manager --> |
221 | - | <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans"> |
221 | + | <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans"> |
222 | - | <beans:constructor-arg> |
222 | + | <beans:constructor-arg> |
223 | - | <beans:list> |
223 | + | <beans:list> |
224 | - | <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" /> |
224 | + | <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" /> |
225 | - | <beans:bean class="org.springframework.security.access.vote.RoleVoter" /> |
225 | + | <beans:bean class="org.springframework.security.access.vote.RoleVoter" /> |
226 | - | <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> |
226 | + | <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> |
227 | - | </beans:list> |
227 | + | </beans:list> |
228 | - | </beans:constructor-arg> |
228 | + | </beans:constructor-arg> |
229 | </beans:bean> | |
230 | ||
231 | - | { |
231 | + | { |
232 | - | "access_token": "9f5a89ce-a0d9-4d65-8e83-5d3b16d8c025", |
232 | + | "access_token": "9f5a89ce-a0d9-4d65-8e83-5d3b16d8c025", |
233 | - | "token_type": "bearer", |
233 | + | "token_type": "bearer", |
234 | - | "refresh_token": "c2ac82ec-9f41-46dd-b7c2-4772c018505c", |
234 | + | "refresh_token": "c2ac82ec-9f41-46dd-b7c2-4772c018505c", |
235 | - | "expires_in": 499, |
235 | + | "expires_in": 499, |
236 | - | "scope": "read trust write" |
236 | + | "scope": "read trust write" |
237 | } | |
238 | ||
239 | - | { |
239 | + | { |
240 | - | "error": "unauthorized", |
240 | + | "error": "unauthorized", |
241 | - | "error_description": "An Authentication object was not found in the |
241 | + | "error_description": "An Authentication object was not found in the |
242 | - | SecurityContext" |
242 | + | SecurityContext" |
243 | } |