Fatal编程技术网
  • spring-mvc/
  • Spring mvc Spring安全资源服务器配置

Spring mvc Spring安全资源服务器配置

spring-mvc

Spring mvc Spring安全资源服务器配置,spring-mvc,spring-security-oauth2,oauth2,Spring Mvc,Spring Security Oauth2,Oauth2,我已经使用xml配置和oauth2身份验证实现了Spring安全性,它在硬编码值和xml配置中运行良好。但我需要配置它是在java中,我配置了大部分部分,但有些部分比较混乱。如何用java实现它 xml配置是 <oauth:client-details-service id="clientDetails"> <!-- client --> <oauth:client client-id="restapp" authorized-gra

我已经使用xml配置和oauth2身份验证实现了Spring安全性,它在硬编码值和xml配置中运行良好。但我需要配置它是在java中,我配置了大部分部分,但有些部分比较混乱。如何用java实现它

xml配置是

<oauth:client-details-service id="clientDetails">
    <!-- client -->
    <oauth:client client-id="restapp"
        authorized-grant-types="authorization_code,client_credentials"
        authorities="ROLE_APP" scope="read,write,trust" secret="secret" />

    <oauth:client client-id="restapp"
        authorized-grant-types="password,authorization_code,refresh_token,implicit"
        secret="restapp" authorities="ROLE_APP" />

</oauth:client-details-service>



<sec:global-method-security
    pre-post-annotations="enabled" proxy-target-class="true">
    <!--you could also wire in the expression handler up at the layer of the 
        http filters. See https://jira.springsource.org/browse/SEC-1452 -->
    <sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>

<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />



<oauth:authorization-server
    client-details-service-ref="clientDetails" token-services-ref="tokenServices"
    user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code />
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <oauth:password />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter"
    resource-id="test" token-services-ref="tokenServices" />

<oauth:client-details-service id="clientDetails">
    <!-- client -->
    <oauth:client client-id="restapp"
        authorized-grant-types="authorization_code,client_credentials"
        authorities="ROLE_APP" scope="read,write,trust" secret="secret" />

    <oauth:client client-id="restapp"
        authorized-grant-types="password,authorization_code,refresh_token,implicit"
        secret="restapp" authorities="ROLE_APP" />

</oauth:client-details-service>
这个怎么样

@Configuration
public class SecurityConfiguration {

    @Configuration
    @EnableResourceServer
    @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
    public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration {
        @Override
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            return new OAuth2MethodSecurityExpressionHandler();
        }

    }

    @Configuration
    @EnableAuthorizationServer
    public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

        @Autowired
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.authenticationManager(authenticationManager);
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients.inMemory()
                    .withClient("restapp")
                    .secret("secret")
                    .scopes("read", "write", "trust")
                    .authorities("ROLE_APP")
                    .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token", "implicit");
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
            security
                    .tokenKeyAccess("permitAll()")
                    .checkTokenAccess("isAuthenticated()");
        }
    }

    @Configuration
    public class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication()
                    .withUser("user").password("user").roles("USER")
                    .and()
                    .withUser("admin").password("admin").roles("ADMIN");
        }
    }

    @Configuration
    public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .formLogin().loginPage("/login").permitAll()
                    .and()
                    .requestMatchers()
                    .antMatchers("/", "/login", "/oauth/authorize", "/oauth/confirm_access")
                    .and()
                    .authorizeRequests()
                    .anyRequest().authenticated();
        }
    }
}
你能在github上分享你的项目吗?我能在这里分享我的所有spring安全配置吗?嘿,试着看看。您可以简单地用我提供的类替换配置包中的所有类,它应该可以工作。尝试类似的方法:
curl-XPOST-u restapp:secret localhost:9090/oauth/token-d grant\u type=password-d username=user-d password=use
,您应该会看到为您创建的令牌