API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 25th, 2018
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.28 KB | None | 0 0
raw download clone embed print report
  1. curl -X POST -H "Authorization: Basic **************************" -v -H "Accept: application/json" -d "username=my.user&password=pass&client_id=my.user&client_secret=4e1d635a-7c9d-426b-a942-cc166438f996&grant_type=password&scope=read write" http://localhost:8080/oauth/token
  2.  
  3. curl -v -H "Authorization : Bearer ecfa5bfb-c224-4b4a-abf4-cb4a828c2efb" -H "Accept: application/json" http://localhost:8443/oauth/api/meetings/9
  4.  
  5. @Configuration
  6. @EnableWebSecurity
  7. @ComponentScan("com.springapp.mvc")
  8. @EnableResourceServer
  9. @Order(4)
  10. public class Oauth2ResourcesConfigurationAdapter extends ResourceServerConfigurerAdapter {
  11.  
  12. @Autowired
  13. private OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint;
  14.  
  15. @Autowired
  16. private PreAuthUserDetailsService preAuthUserDetailsService;
  17.  
  18. @Autowired
  19. private OAuth2AccessDeniedHandler accessDeniedHandler;
  20.  
  21. @Autowired
  22. private DefaultTokenServices tokenServices;
  23.  
  24. @Autowired
  25. private TokenStore tokenStore;
  26.  
  27. @Override
  28. public void configure(HttpSecurity http) throws Exception {
  29. http
  30. .authorizeRequests()
  31. .antMatchers("/oauth/api/**")
  32. .access("#oauth2.hasScope('read') and #oauth2.hasScope('write') and #oauth2.hasAnyRole('ROLE_USER','ROLE_ADMIN')")
  33. .accessDecisionManager(accessDecisionManager())
  34. .anyRequest()
  35. .fullyAuthenticated();
  36. http
  37. .anonymous()
  38. .disable();
  39. http
  40. .sessionManagement()
  41. .sessionCreationPolicy(SessionCreationPolicy.NEVER);
  42. http
  43. .exceptionHandling()
  44. .accessDeniedHandler(accessDeniedHandler);
  45. http
  46. .logout()
  47. .logoutUrl("/oauth/logout")
  48. .logoutSuccessHandler(logoutSuccessHandler())
  49. .invalidateHttpSession(true);
  50. http
  51. .requiresChannel()
  52. .antMatchers("/oauth/api/**")
  53. .requiresSecure();
  54. http
  55. .portMapper()
  56. .http(8080)
  57. .mapsTo(8443);
  58. }
  59.  
  60. @Override
  61. public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
  62. resources
  63. .authenticationManager(getAuthenticationManager())
  64. .tokenServices(tokenServices)
  65. .tokenStore(tokenStore);
  66. }
  67.  
  68. private AuthenticationManager getAuthenticationManager() {
  69. final OAuth2AuthenticationManager oAuth2AuthenticationManager = new OAuth2AuthenticationManager();
  70. oAuth2AuthenticationManager.setTokenServices(tokenServices);
  71.  
  72. return oAuth2AuthenticationManager;
  73. }
  74.  
  75. private PreAuthenticatedAuthenticationProvider preAuthAuthenticationProvider() {
  76. final PreAuthenticatedAuthenticationProvider preAuthAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
  77. preAuthAuthenticationProvider.setPreAuthenticatedUserDetailsService(preAuthUserDetailsService);
  78.  
  79. return preAuthAuthenticationProvider;
  80. }
  81.  
  82. private AccessDecisionManager accessDecisionManager() {
  83. return new UnanimousBased(Arrays.<AccessDecisionVoter>asList(new ScopeVoter(),
  84. new AuthenticatedVoter(),
  85. new WebExpressionVoter()));
  86. }
  87.  
  88. private LogoutSuccessHandler logoutSuccessHandler() {
  89. return new OAuth2SuccessLogoutHandler(tokenStore);
  90. }
  91.  
  92. static final class OAuth2SuccessLogoutHandler implements LogoutSuccessHandler {
  93.  
  94. private final TokenStore tokenStore;
  95.  
  96. public OAuth2SuccessLogoutHandler(final TokenStore tokenStore) {
  97. this.tokenStore = tokenStore;
  98. }
  99.  
  100. @Override
  101. public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
  102. request.toString();
  103. }
  104. }
  105.  
  106. }
  107.  
  108. @Configuration
  109. @EnableOAuth2Sso
  110. @EnableWebSecurity
  111. protected static class ResourceConfiguration extends WebSecurityConfigurerAdapter {
  112.  
  113. @Value("${sso.url}")
  114. private String ssoUrl;
  115.  
  116. @Autowired
  117. private RedisConnectionFactory redisConnectionFactory;
  118.  
  119. @Bean
  120. protected TokenStore tokenStore() {
  121. return new RedisTokenStore(redisConnectionFactory);
  122. }
  123.  
  124. @Bean
  125. @Primary
  126. protected ResourceServerTokenServices tokenServices() {
  127. DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
  128. defaultTokenServices.setTokenStore(tokenStore());
  129. defaultTokenServices.setSupportRefreshToken(true);
  130.  
  131. return defaultTokenServices;
  132. }
  133.  
  134.  
  135. @Override
  136. @Bean
  137. public AuthenticationManager authenticationManagerBean() throws Exception {
  138. OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager();
  139. authenticationManager.setTokenServices(tokenServices());
  140. return authenticationManager;
  141. }
  142.  
  143. @Override
  144. protected void configure(HttpSecurity http) throws Exception {
  145. http.requestMatchers()
  146. .and().authorizeRequests()
  147. .antMatchers("/").permitAll()
  148. .antMatchers(HttpMethod.GET, "/static/**").permitAll()
  149. .antMatchers(HttpMethod.GET, "/profile/**").permitAll()
  150. .antMatchers(HttpMethod.GET, "/services/**").permitAll()
  151. .anyRequest().authenticated()
  152. .and().logout()
  153. .invalidateHttpSession(true)
  154. .logoutSuccessUrl(ssoUrl+"/logout")
  155. .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
  156. .deleteCookies("JSESSIONID").invalidateHttpSession(true)
  157. .permitAll();
  158. }
  159.  
  160. }
  161.  
  162. @Configuration
  163. @EnableResourceServer
  164. @Order(1)
  165. protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter {
  166.  
  167.  
  168.  
  169. @Override
  170. public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
  171. resources.resourceId("resource-id");
  172. }
  173.  
  174. @Override
  175. public void configure(HttpSecurity http) throws Exception {
  176. http.requestMatcher(new OAuthRequestedMatcher())
  177. .authorizeRequests().anyRequest().fullyAuthenticated();
  178.  
  179. }
  180. }
  181.  
  182. private static class OAuthRequestedMatcher implements RequestMatcher {
  183. public boolean matches(HttpServletRequest request) {
  184. String auth = request.getHeader("Authorization");
  185. boolean haveOauth2Token = (auth != null) && auth.startsWith("Bearer");
  186. boolean haveAccessToken = request.getParameter("access_token")!=null;
  187. return haveOauth2Token || haveAccessToken;
  188. }
  189. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!