Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- curl -X POST -H "Authorization: Basic **************************" -v -H "Accept: application/json" -d "username=my.user&password=pass&client_id=my.user&client_secret=4e1d635a-7c9d-426b-a942-cc166438f996&grant_type=password&scope=read write" http://localhost:8080/oauth/token
- curl -v -H "Authorization : Bearer ecfa5bfb-c224-4b4a-abf4-cb4a828c2efb" -H "Accept: application/json" http://localhost:8443/oauth/api/meetings/9
- @Configuration
- @EnableWebSecurity
- @ComponentScan("com.springapp.mvc")
- @EnableResourceServer
- @Order(4)
- public class Oauth2ResourcesConfigurationAdapter extends ResourceServerConfigurerAdapter {
- @Autowired
- private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
- @Autowired
- private PreAuthUserDetailsService preAuthUserDetailsService;
- @Autowired
- private OAuth2AccessDeniedHandler accessDeniedHandler;
- @Autowired
- private DefaultTokenServices tokenServices;
- @Autowired
- private TokenStore tokenStore;
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- .antMatchers("/oauth/api/**")
- .access("#oauth2.hasScope('read') and #oauth2.hasScope('write') and #oauth2.hasAnyRole('ROLE_USER','ROLE_ADMIN')")
- .accessDecisionManager(accessDecisionManager())
- .anyRequest()
- .fullyAuthenticated();
- http
- .anonymous()
- .disable();
- http
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.NEVER);
- http
- .exceptionHandling()
- .accessDeniedHandler(accessDeniedHandler);
- http
- .logout()
- .logoutUrl("/oauth/logout")
- .logoutSuccessHandler(logoutSuccessHandler())
- .invalidateHttpSession(true);
- http
- .requiresChannel()
- .antMatchers("/oauth/api/**")
- .requiresSecure();
- http
- .portMapper()
- .http(8080)
- .mapsTo(8443);
- }
- @Override
- public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
- resources
- .authenticationManager(getAuthenticationManager())
- .tokenServices(tokenServices)
- .tokenStore(tokenStore);
- }
- private AuthenticationManager getAuthenticationManager() {
- final OAuth2AuthenticationManager oAuth2AuthenticationManager = new OAuth2AuthenticationManager();
- oAuth2AuthenticationManager.setTokenServices(tokenServices);
- return oAuth2AuthenticationManager;
- }
- private PreAuthenticatedAuthenticationProvider preAuthAuthenticationProvider() {
- final PreAuthenticatedAuthenticationProvider preAuthAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
- preAuthAuthenticationProvider.setPreAuthenticatedUserDetailsService(preAuthUserDetailsService);
- return preAuthAuthenticationProvider;
- }
- private AccessDecisionManager accessDecisionManager() {
- return new UnanimousBased(Arrays.<AccessDecisionVoter>asList(new ScopeVoter(),
- new AuthenticatedVoter(),
- new WebExpressionVoter()));
- }
- private LogoutSuccessHandler logoutSuccessHandler() {
- return new OAuth2SuccessLogoutHandler(tokenStore);
- }
- static final class OAuth2SuccessLogoutHandler implements LogoutSuccessHandler {
- private final TokenStore tokenStore;
- public OAuth2SuccessLogoutHandler(final TokenStore tokenStore) {
- this.tokenStore = tokenStore;
- }
- @Override
- public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
- request.toString();
- }
- }
- }
- @Configuration
- @EnableOAuth2Sso
- @EnableWebSecurity
- protected static class ResourceConfiguration extends WebSecurityConfigurerAdapter {
- @Value("${sso.url}")
- private String ssoUrl;
- @Autowired
- private RedisConnectionFactory redisConnectionFactory;
- @Bean
- protected TokenStore tokenStore() {
- return new RedisTokenStore(redisConnectionFactory);
- }
- @Bean
- @Primary
- protected ResourceServerTokenServices tokenServices() {
- DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
- defaultTokenServices.setTokenStore(tokenStore());
- defaultTokenServices.setSupportRefreshToken(true);
- return defaultTokenServices;
- }
- @Override
- @Bean
- public AuthenticationManager authenticationManagerBean() throws Exception {
- OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager();
- authenticationManager.setTokenServices(tokenServices());
- return authenticationManager;
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.requestMatchers()
- .and().authorizeRequests()
- .antMatchers("/").permitAll()
- .antMatchers(HttpMethod.GET, "/static/**").permitAll()
- .antMatchers(HttpMethod.GET, "/profile/**").permitAll()
- .antMatchers(HttpMethod.GET, "/services/**").permitAll()
- .anyRequest().authenticated()
- .and().logout()
- .invalidateHttpSession(true)
- .logoutSuccessUrl(ssoUrl+"/logout")
- .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
- .deleteCookies("JSESSIONID").invalidateHttpSession(true)
- .permitAll();
- }
- }
- @Configuration
- @EnableResourceServer
- @Order(1)
- protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter {
- @Override
- public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
- resources.resourceId("resource-id");
- }
- @Override
- public void configure(HttpSecurity http) throws Exception {
- http.requestMatcher(new OAuthRequestedMatcher())
- .authorizeRequests().anyRequest().fullyAuthenticated();
- }
- }
- private static class OAuthRequestedMatcher implements RequestMatcher {
- public boolean matches(HttpServletRequest request) {
- String auth = request.getHeader("Authorization");
- boolean haveOauth2Token = (auth != null) && auth.startsWith("Bearer");
- boolean haveAccessToken = request.getParameter("access_token")!=null;
- return haveOauth2Token || haveAccessToken;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement