modify oauth scopes
This commit is contained in:
DOHA
parent
a7a28893d9
commit
87392e16b6
@ -29,13 +29,15 @@ public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter
|
||||
http
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||
.and()
|
||||
.requestMatchers().antMatchers("/foos/**","/bars/**")
|
||||
.requestMatchers().antMatchers("/foos/**","/bars/**","/bazes/**")
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('read')")
|
||||
.antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('write')")
|
||||
.antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
|
||||
.antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
|
||||
.antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('foo') and #oauth2.hasScope('read')")
|
||||
.antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('foo') and #oauth2.hasScope('write')")
|
||||
.antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('bar') and #oauth2.hasScope('read')")
|
||||
.antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('bar') and #oauth2.hasScope('write')")
|
||||
.antMatchers(HttpMethod.GET,"/bazes/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
|
||||
.antMatchers(HttpMethod.POST,"/bazes/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
|
||||
;
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -21,7 +21,7 @@ public class BarController {
|
||||
}
|
||||
|
||||
// API - read
|
||||
// @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
|
||||
// @PreAuthorize("#oauth2.hasScope('bar') and #oauth2.hasScope('read')")
|
||||
@RequestMapping(method = RequestMethod.GET, value = "/bars/{id}")
|
||||
@ResponseBody
|
||||
public Bar findById(@PathVariable final long id) {
|
||||
@ -29,7 +29,7 @@ public class BarController {
|
||||
}
|
||||
|
||||
// API - write
|
||||
// @PreAuthorize("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
|
||||
// @PreAuthorize("#oauth2.hasScope('bar') and #oauth2.hasScope('write')")
|
||||
@RequestMapping(method = RequestMethod.POST, value = "/bars")
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@ResponseBody
|
||||
|
||||
@ -0,0 +1,41 @@
|
||||
package org.baeldung.web.controller;
|
||||
|
||||
import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
|
||||
import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
|
||||
|
||||
import org.baeldung.web.dto.Baz;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
@Controller
|
||||
public class BazController {
|
||||
|
||||
public BazController() {
|
||||
super();
|
||||
}
|
||||
|
||||
// API - read
|
||||
// @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
|
||||
@RequestMapping(method = RequestMethod.GET, value = "/bazes/{id}")
|
||||
@ResponseBody
|
||||
public Baz findById(@PathVariable final long id) {
|
||||
return new Baz(Long.parseLong(randomNumeric(2)), randomAlphabetic(4));
|
||||
}
|
||||
|
||||
// API - write
|
||||
// @PreAuthorize("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
|
||||
@RequestMapping(method = RequestMethod.POST, value = "/bazes")
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@ResponseBody
|
||||
public Baz create(@RequestBody final Baz baz) {
|
||||
baz.setId(Long.parseLong(randomNumeric(2)));
|
||||
return baz;
|
||||
}
|
||||
|
||||
}
|
||||
@ -21,7 +21,7 @@ public class FooController {
|
||||
}
|
||||
|
||||
// API - read
|
||||
// @PreAuthorize("#oauth2.hasScope('read')")
|
||||
// @PreAuthorize("#oauth2.hasScope('foo') and #oauth2.hasScope('read')")
|
||||
@RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
|
||||
@ResponseBody
|
||||
public Foo findById(@PathVariable final long id) {
|
||||
@ -29,7 +29,7 @@ public class FooController {
|
||||
}
|
||||
|
||||
// API - write
|
||||
// @PreAuthorize("#oauth2.hasScope('write')")
|
||||
// @PreAuthorize("#oauth2.hasScope('foo') and #oauth2.hasScope('write')")
|
||||
@RequestMapping(method = RequestMethod.POST, value = "/foos")
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@ResponseBody
|
||||
|
||||
@ -0,0 +1,36 @@
|
||||
package org.baeldung.web.dto;
|
||||
|
||||
public class Baz {
|
||||
private long id;
|
||||
private String name;
|
||||
|
||||
public Baz() {
|
||||
super();
|
||||
}
|
||||
|
||||
public Baz(final long id, final String name) {
|
||||
super();
|
||||
|
||||
this.id = id;
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
public long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(final long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(final String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
}
|
||||
@ -49,13 +49,19 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
|
||||
clients.jdbc(dataSource())
|
||||
.withClient("sampleClientId")
|
||||
.authorizedGrantTypes("implicit")
|
||||
.scopes("read","write")
|
||||
.scopes("read","write","foo","bar")
|
||||
.autoApprove(false)
|
||||
.and()
|
||||
.withClient("clientIdPassword")
|
||||
.withClient("fooClientIdPassword")
|
||||
.secret("secret")
|
||||
.authorizedGrantTypes("password","authorization_code", "refresh_token")
|
||||
.scopes("read","write");
|
||||
.scopes("foo","read","write")
|
||||
.and()
|
||||
.withClient("barClientIdPassword")
|
||||
.secret("secret")
|
||||
.authorizedGrantTypes("password","authorization_code", "refresh_token")
|
||||
.scopes("bar","read","write")
|
||||
;
|
||||
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
site="http://localhost:8081/spring-security-oauth-server"
|
||||
client-id="sampleClientId"
|
||||
redirect-uri="http://localhost:8081/spring-security-oauth-ui-implicit/"
|
||||
scope="read write"
|
||||
scope="read write foo bar"
|
||||
template="oauthTemp">
|
||||
</oauth>
|
||||
|
||||
@ -94,6 +94,26 @@ app.controller('mainCtrl', function($scope,$resource,$http,$rootScope) {
|
||||
});
|
||||
}
|
||||
|
||||
// baz
|
||||
$scope.baz = {id:0 , name:"sample baz"};
|
||||
$scope.bazes = $resource("http://localhost:8081/spring-security-oauth-resource/bazes/:bazId",{bazId:'@id'});
|
||||
|
||||
$scope.getBaz = function(){
|
||||
$scope.baz = $scope.bazes.get({bazId:$scope.baz.id});
|
||||
}
|
||||
|
||||
$scope.createBaz = function(){
|
||||
if($scope.baz.name.length==0)
|
||||
{
|
||||
$rootScope.message = "Baz name can not be empty";
|
||||
return;
|
||||
}
|
||||
$scope.baz.id = null;
|
||||
$scope.baz = $scope.bazes.save($scope.baz, function(){
|
||||
$rootScope.message = "Baz Created Successfully";
|
||||
});
|
||||
}
|
||||
|
||||
});
|
||||
/*]]>*/
|
||||
</script>
|
||||
|
||||
@ -50,8 +50,31 @@
|
||||
<a class="btn btn-default" href="#" ng-click="getBar()">Get Bar</a>
|
||||
<a class="btn btn-default" href="#" ng-click="createBar()">Create Bar</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<br/>
|
||||
<hr/>
|
||||
<br/>
|
||||
<br/>
|
||||
<br/>
|
||||
<h1>Baz Details</h1>
|
||||
<div class="col-sm-6">
|
||||
<div class="col-sm-12">
|
||||
<label class="col-sm-2">ID</label>
|
||||
<span class="col-sm-10"><input class="form-control" ng-model="baz.id"/></span>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12">
|
||||
<label class="col-sm-2">Name</label>
|
||||
<span class="col-sm-10"><input class="form-control" ng-model="baz.name"/></span>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12">
|
||||
<a class="btn btn-default" href="#" ng-click="getBaz()">Get Baz</a>
|
||||
<a class="btn btn-default" href="#" ng-click="createBaz()">Create Baz</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
@ -28,8 +28,8 @@ app.controller('mainCtrl', function($scope,$resource,$http,$httpParamSerializer,
|
||||
$scope.foo = $scope.foos.get({fooId:$scope.foo.id});
|
||||
}
|
||||
|
||||
$scope.data = {grant_type:"password", username: "", password: "", client_id: "clientIdPassword"};
|
||||
$scope.encoded = btoa("clientIdPassword:secret");
|
||||
$scope.data = {grant_type:"password", username: "", password: "", client_id: "fooClientIdPassword"};
|
||||
$scope.encoded = btoa("fooClientIdPassword:secret");
|
||||
|
||||
var isLoginPage = window.location.href.indexOf("login") != -1;
|
||||
if(isLoginPage){
|
||||
|
||||
@ -13,45 +13,76 @@ import com.jayway.restassured.response.Response;
|
||||
|
||||
public class AuthorizationLiveTest {
|
||||
|
||||
private String obtainAccessToken(String username, String password) {
|
||||
private String obtainAccessToken(String clientId, String username, String password) {
|
||||
final Map<String, String> params = new HashMap<String, String>();
|
||||
params.put("grant_type", "password");
|
||||
params.put("client_id", "clientIdPassword");
|
||||
params.put("client_id", clientId);
|
||||
params.put("username", username);
|
||||
params.put("password", password);
|
||||
final Response response = RestAssured.given().auth().preemptive().basic("clientIdPassword", "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
|
||||
final Response response = RestAssured.given().auth().preemptive().basic(clientId, "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
|
||||
return response.jsonPath().getString("access_token");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenUser_whenAccessFoosResource_thenOk() {
|
||||
final String accessToken = obtainAccessToken("john", "123");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
assertNotNull(response.jsonPath().get("name"));
|
||||
public void givenUser_whenUseFooClient_thenOkForFooResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("fooClientIdPassword", "john", "123");
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, fooResponse.getStatusCode());
|
||||
assertNotNull(fooResponse.jsonPath().get("name"));
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(403, barResponse.getStatusCode());
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(403, bazResponse.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenUser_whenAccessBarssResource_thenUnauthorized() {
|
||||
final String accessToken = obtainAccessToken("john", "123");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(403, response.getStatusCode());
|
||||
public void givenUser_whenUseBarClient_thenOkForBarResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("barClientIdPassword", "john", "123");
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(200, barResponse.getStatusCode());
|
||||
assertNotNull(barResponse.jsonPath().get("name"));
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(403, fooResponse.getStatusCode());
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(403, bazResponse.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenAdmin_whenAccessFoosResource_thenOk() {
|
||||
final String accessToken = obtainAccessToken("tom", "111");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
assertNotNull(response.jsonPath().get("name"));
|
||||
public void givenAdmin_whenUseFooClient_thenOkForFooAndBazResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("fooClientIdPassword", "tom", "111");
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(200, fooResponse.getStatusCode());
|
||||
assertNotNull(fooResponse.jsonPath().get("name"));
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(200, bazResponse.getStatusCode());
|
||||
assertNotNull(bazResponse.jsonPath().get("name"));
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(403, barResponse.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenAdmin_whenAccessBarssResource_thenOk() {
|
||||
final String accessToken = obtainAccessToken("tom", "111");
|
||||
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
assertNotNull(response.jsonPath().get("name"));
|
||||
public void givenAdmin_whenUseBarClient_thenOkForBarAndBazResourceOnly() {
|
||||
final String accessToken = obtainAccessToken("barClientIdPassword", "tom", "111");
|
||||
|
||||
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
|
||||
assertEquals(200, barResponse.getStatusCode());
|
||||
assertNotNull(barResponse.jsonPath().get("name"));
|
||||
|
||||
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
|
||||
assertEquals(200, bazResponse.getStatusCode());
|
||||
assertNotNull(bazResponse.jsonPath().get("name"));
|
||||
|
||||
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
|
||||
assertEquals(403, fooResponse.getStatusCode());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user