Example 1 with ResourceServerSecurityConfigurer
use of org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer in project spring-security-oauth by spring-projects.
the class ResourceServerConfiguration method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
ResourceServerTokenServices services = resolveTokenServices();
if (services != null) {
resources.tokenServices(services);
} else {
if (tokenStore != null) {
resources.tokenStore(tokenStore);
} else if (endpoints != null) {
resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
}
}
if (eventPublisher != null) {
resources.eventPublisher(eventPublisher);
}
for (ResourceServerConfigurer configurer : configurers) {
configurer.configure(resources);
}
// @formatter:off
http.authenticationProvider(new AnonymousAuthenticationProvider("default")).exceptionHandling().accessDeniedHandler(resources.getAccessDeniedHandler()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
// @formatter:on
http.apply(resources);
if (endpoints != null) {
// Assume we are in an Authorization Server
http.requestMatcher(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
}
for (ResourceServerConfigurer configurer : configurers) {
// Delegates can add authorizeRequests() here
configurer.configure(http);
}
if (configurers.isEmpty()) {
// Add anyRequest() last as a fall back. Spring Security would
// replace an existing anyRequest() matcher with this one, so to
// avoid that we only add it if the user hasn't configured anything.
http.authorizeRequests().anyRequest().authenticated();
}
}
Also used :
ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)
ResourceServerTokenServices(org.springframework.security.oauth2.provider.token.ResourceServerTokenServices)
AnonymousAuthenticationProvider(org.springframework.security.authentication.AnonymousAuthenticationProvider)
Example 2 with ResourceServerSecurityConfigurer
use of org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer in project spring-security-oauth by spring-projects.
the class Application method adminResources.
@Bean
protected ResourceServerConfiguration adminResources() {
ResourceServerConfiguration resource = new ResourceServerConfiguration() {
// Switch off the Spring Boot @Autowired configurers
public void setConfigurers(List<ResourceServerConfigurer> configurers) {
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter() {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("oauth2/admin");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/admin/**").authorizeRequests().anyRequest().access("#oauth2.hasScope('read')");
}
}));
resource.setOrder(3);
return resource;
}
Also used :
ResourceServerConfiguration(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
ResourceServerConfigurerAdapter(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter)
List(java.util.List)
ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)
Bean(org.springframework.context.annotation.Bean)
Example 3 with ResourceServerSecurityConfigurer
use of org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer in project spring-security-oauth by spring-projects.
the class Application method otherResources.
@Bean
protected ResourceServerConfiguration otherResources() {
ResourceServerConfiguration resource = new ResourceServerConfiguration() {
// Switch off the Spring Boot @Autowired configurers
public void setConfigurers(List<ResourceServerConfigurer> configurers) {
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter() {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("oauth2/other");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().access("#oauth2.hasScope('trust')");
}
}));
resource.setOrder(4);
return resource;
}
Also used :
ResourceServerConfiguration(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
ResourceServerConfigurerAdapter(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter)
List(java.util.List)
ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)
Bean(org.springframework.context.annotation.Bean)
Aggregations
ResourceServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)3
List (java.util.List)2
Bean (org.springframework.context.annotation.Bean)2
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)2
ResourceServerConfiguration (org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration)2
ResourceServerConfigurerAdapter (org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter)2
AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)1
ResourceServerTokenServices (org.springframework.security.oauth2.provider.token.ResourceServerTokenServices)1
