Search in sources :

Example 1 with FrameworkEndpointHandlerMapping

use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.

the class AuthorizationServerBeanDefinitionParserTests method testCheckTokenCustomEndpoint.

@Test
public void testCheckTokenCustomEndpoint() {
    if (!CHECK_TOKEN_CUSTOM_ENDPOINT_RESOURCE.equals(this.resource)) {
        return;
    }
    FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping = context.getBean(FrameworkEndpointHandlerMapping.class);
    assertNotNull(frameworkEndpointHandlerMapping);
    assertEquals("/custom_check_token", frameworkEndpointHandlerMapping.getPath("/oauth/check_token"));
}
Also used : FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping) Test(org.junit.Test)

Example 2 with FrameworkEndpointHandlerMapping

use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfiguration method configure.

@Override
protected void configure(HttpSecurity http) throws Exception {
    AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer();
    FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping();
    http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping);
    configure(configurer);
    http.apply(configurer);
    String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token");
    String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key");
    String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token");
    if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) {
        UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class);
        endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService);
    }
    // @formatter:off
    http.authorizeRequests().antMatchers(tokenEndpointPath).fullyAuthenticated().antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()).antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()).and().requestMatchers().antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
    // @formatter:on
    http.setSharedObject(ClientDetailsService.class, clientDetailsService);
}
Also used : AuthorizationServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer) FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService)

Example 3 with FrameworkEndpointHandlerMapping

use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfigurer method frameworkEndpointHandlerMapping.

private FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping() {
    if (frameworkEndpointHandlerMapping == null) {
        frameworkEndpointHandlerMapping = new FrameworkEndpointHandlerMapping();
        frameworkEndpointHandlerMapping.setMappings(patternMap);
        frameworkEndpointHandlerMapping.setPrefix(prefix);
        frameworkEndpointHandlerMapping.setInterceptors(interceptors.toArray());
    }
    return frameworkEndpointHandlerMapping;
}
Also used : FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)

Example 4 with FrameworkEndpointHandlerMapping

use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfigurer method clientCredentialsTokenEndpointFilter.

private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(HttpSecurity http) {
    ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(frameworkEndpointHandlerMapping().getServletPath("/oauth/token"));
    clientCredentialsTokenEndpointFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    authenticationEntryPoint.setTypeName("Form");
    authenticationEntryPoint.setRealmName(realm);
    clientCredentialsTokenEndpointFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
    clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);
    http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class);
    return clientCredentialsTokenEndpointFilter;
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) ClientCredentialsTokenEndpointFilter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter) OAuth2AuthenticationEntryPoint(org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint)

Example 5 with FrameworkEndpointHandlerMapping

use of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfigurer method configure.

@Override
public void configure(HttpSecurity http) throws Exception {
    // ensure this is initialized
    frameworkEndpointHandlerMapping();
    if (allowFormAuthenticationForClients) {
        clientCredentialsTokenEndpointFilter(http);
    }
    for (Filter filter : tokenEndpointAuthenticationFilters) {
        http.addFilterBefore(filter, BasicAuthenticationFilter.class);
    }
    http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
Also used : Filter(javax.servlet.Filter) BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter) ClientCredentialsTokenEndpointFilter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter)

Aggregations

FrameworkEndpointHandlerMapping (org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping)4 ClientCredentialsTokenEndpointFilter (org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter)2 Filter (javax.servlet.Filter)1 Test (org.junit.Test)1 FactoryBean (org.springframework.beans.factory.FactoryBean)1 AbstractFactoryBean (org.springframework.beans.factory.config.AbstractFactoryBean)1 Bean (org.springframework.context.annotation.Bean)1 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 UserDetailsService (org.springframework.security.core.userdetails.UserDetailsService)1 AuthorizationServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer)1 AuthorizationEndpoint (org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint)1 OAuth2AuthenticationEntryPoint (org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint)1 BasicAuthenticationFilter (org.springframework.security.web.authentication.www.BasicAuthenticationFilter)1