Example 1 with FrameworkEndpointHandlerMapping
use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.
the class AuthorizationServerBeanDefinitionParserTests method testCheckTokenCustomEndpoint.
@Test
public void testCheckTokenCustomEndpoint() {
if (!CHECK_TOKEN_CUSTOM_ENDPOINT_RESOURCE.equals(this.resource)) {
return;
}
FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping = context.getBean(FrameworkEndpointHandlerMapping.class);
assertNotNull(frameworkEndpointHandlerMapping);
assertEquals("/custom_check_token", frameworkEndpointHandlerMapping.getPath("/oauth/check_token"));
}
Also used :
FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)
Test(org.junit.Test)
Example 2 with FrameworkEndpointHandlerMapping
use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.
the class AuthorizationServerSecurityConfiguration method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer();
FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping();
http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping);
configure(configurer);
http.apply(configurer);
String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token");
String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key");
String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token");
if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) {
UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class);
endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService);
}
// @formatter:off
http.authorizeRequests().antMatchers(tokenEndpointPath).fullyAuthenticated().antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()).antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()).and().requestMatchers().antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
// @formatter:on
http.setSharedObject(ClientDetailsService.class, clientDetailsService);
}
Also used :
AuthorizationServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer)
FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)
UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService)
Example 3 with FrameworkEndpointHandlerMapping
use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.
the class AuthorizationServerEndpointsConfigurer method frameworkEndpointHandlerMapping.
private FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping() {
if (frameworkEndpointHandlerMapping == null) {
frameworkEndpointHandlerMapping = new FrameworkEndpointHandlerMapping();
frameworkEndpointHandlerMapping.setMappings(patternMap);
frameworkEndpointHandlerMapping.setPrefix(prefix);
frameworkEndpointHandlerMapping.setInterceptors(interceptors.toArray());
}
return frameworkEndpointHandlerMapping;
}
Also used :
FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)
Example 4 with FrameworkEndpointHandlerMapping
use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.
the class AuthorizationServerSecurityConfigurer method clientCredentialsTokenEndpointFilter.
private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(HttpSecurity http) {
ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(frameworkEndpointHandlerMapping().getServletPath("/oauth/token"));
clientCredentialsTokenEndpointFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
authenticationEntryPoint.setTypeName("Form");
authenticationEntryPoint.setRealmName(realm);
clientCredentialsTokenEndpointFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);
http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class);
return clientCredentialsTokenEndpointFilter;
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
ClientCredentialsTokenEndpointFilter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter)
OAuth2AuthenticationEntryPoint(org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint)
Example 5 with FrameworkEndpointHandlerMapping
use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.
the class AuthorizationServerSecurityConfigurer method configure.
@Override
public void configure(HttpSecurity http) throws Exception {
// ensure this is initialized
frameworkEndpointHandlerMapping();
if (allowFormAuthenticationForClients) {
clientCredentialsTokenEndpointFilter(http);
}
for (Filter filter : tokenEndpointAuthenticationFilters) {
http.addFilterBefore(filter, BasicAuthenticationFilter.class);
}
http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
Also used :
Filter(javax.servlet.Filter)
BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter)
ClientCredentialsTokenEndpointFilter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter)
Aggregations
FrameworkEndpointHandlerMapping (org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)4
ClientCredentialsTokenEndpointFilter (org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter)2
Filter (javax.servlet.Filter)1
Test (org.junit.Test)1
FactoryBean (org.springframework.beans.factory.FactoryBean)1
AbstractFactoryBean (org.springframework.beans.factory.config.AbstractFactoryBean)1
Bean (org.springframework.context.annotation.Bean)1
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1
UserDetailsService (org.springframework.security.core.userdetails.UserDetailsService)1
AuthorizationServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer)1
AuthorizationEndpoint (org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint)1
OAuth2AuthenticationEntryPoint (org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint)1
BasicAuthenticationFilter (org.springframework.security.web.authentication.www.BasicAuthenticationFilter)1
