Java 使用xml文件中的OAuth和SpringMVC设置的Spring安全性
我在使用xml正确配置SpringOAuth时遇到了一个问题,因为我必须将此支持添加到现有项目中,如果需要从xml执行配置,我必须集成SpringMVC、Spring和SpringSecurityOAuth。我有一个项目是为了试用Spring MVC和Spring security而设置的,我还有另一个项目可以配置Spring Oauth它执行身份验证密码,我无法在第一个项目中集成Oauth(通过验证代码安全地进行),这对我来说不是缺失的,有什么建议或提示来配置这个吗 *文件:spring-security.xmlJava 使用xml文件中的OAuth和SpringMVC设置的Spring安全性,java,spring,spring-mvc,oauth,spring-security,Java,Spring,Spring Mvc,Oauth,Spring Security,我在使用xml正确配置SpringOAuth时遇到了一个问题,因为我必须将此支持添加到现有项目中,如果需要从xml执行配置,我必须集成SpringMVC、Spring和SpringSecurityOAuth。我有一个项目是为了试用Spring MVC和Spring security而设置的,我还有另一个项目可以配置Spring Oauth它执行身份验证密码,我无法在第一个项目中集成Oauth(通过验证代码安全地进行),这对我来说不是缺失的,有什么建议或提示来配置这个吗 *文件:spring-se
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
</security:global-method-security>
<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="authenticationManager" xmlns="http://www.springframework.org/schema/security">
<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<security:anonymous enabled="false" />
<security:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
</security:http>
<!-- This is where we tells spring security what URL should be protected and what roles have access to them -->
<security:http pattern="/oauth/api/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
<security:anonymous enabled="false" />
<security:intercept-url pattern="/oauth/api/**" access="hasAnyRole('ROLE_USER')" />
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
</security:http>
<!-- Configuracion de spring global -->
<security:http pattern="/login**" security="none" />
<security:http pattern="/login/**" security="none" />
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER') or #oauth2.clientHasRole('ROLE_USER')"/>
<security:intercept-url pattern="/main" access="hasAnyRole('ROLE_USER') or #oauth2.clientHasRole('ROLE_USER')"/>
<security:form-login authentication-success-handler-ref="authenticationSuccessRedirectHandler"
login-page="/login" default-target-url="/" authentication-failure-url="/login/fail" />
<security:logout logout-success-url="/login" delete-cookies="true" invalidate-session="true" />
</security:http>
<bean id="authenticationSuccessRedirectHandler" class="mx.oauth.resourceserver.AuthenticationHandler" />
<security:authentication-manager id="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="marcos" password="pwd" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<!-- Configuracion 2 Oauth -->
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices" user-approval-handler-ref="userApprovalHandler" >
<oauth:authorization-code/>
<oauth:implicit/>
<oauth:refresh-token />
<oauth:password authentication-manager-ref="authenticationManager"/>
</oauth:authorization-server>
<oauth:client-details-service id="clientDetails">
<!-- client -->
<oauth:client client-id="restapp2" authorized-grant-types="authorization_code,client_credentials" authorities="ROLE_USER" scope="read,write,trust" secret="secret" />
<oauth:client client-id="restapp" authorized-grant-types="password,authorization_code,refresh_token,implicit" secret="restapp" authorities="ROLE_USER" />
</oauth:client-details-service>
<!-- This defined token store, we have used inmemory tokenstore for now but this can be changed to a user defined one -->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
<!-- This is where we defined token based configurations, token validity
and other things -->
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="accessTokenValiditySeconds" value="120" />
<property name="clientDetailsService" ref="clientDetails" />
</bean>
<bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<property name="tokenServices" ref="tokenServices" />
</bean>
<bean id="accessConfirmationController" class="mx.oauth.resourceserver.AccessConfirmationController">
<property name="clientDetailsService" ref=""clientDetails />
<property name="approvalStore" ref="clientDetails" />
</bean>
</beans>