iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modify oauth scopes

This commit is contained in:
DOHA 2016-02-23 21:44:57 +02:00
parent a7a28893d9
commit 87392e16b6
10 changed files with 197 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
View File

@ -29,13 +29,15 @@ public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter
http http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and() .and()
.requestMatchers().antMatchers("/foos/**","/bars/**") .requestMatchers().antMatchers("/foos/**","/bars/**","/bazes/**")
.and() .and()
.authorizeRequests() .authorizeRequests()
.antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('read')") .antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('foo') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('write')") .antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('foo') and #oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('bar') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('bar') and #oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET,"/bazes/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
.antMatchers(HttpMethod.POST,"/bazes/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
; ;
// @formatter:on // @formatter:on
} }

4
spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java
View File

@ -21,7 +21,7 @@ public class BarController {
} }
// API - read // API - read
// @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')") // @PreAuthorize("#oauth2.hasScope('bar') and #oauth2.hasScope('read')")
@RequestMapping(method = RequestMethod.GET, value = "/bars/{id}") @RequestMapping(method = RequestMethod.GET, value = "/bars/{id}")
@ResponseBody @ResponseBody
public Bar findById(@PathVariable final long id) { public Bar findById(@PathVariable final long id) {
@ -29,7 +29,7 @@ public class BarController {
} }
// API - write // API - write
// @PreAuthorize("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')") // @PreAuthorize("#oauth2.hasScope('bar') and #oauth2.hasScope('write')")
@RequestMapping(method = RequestMethod.POST, value = "/bars") @RequestMapping(method = RequestMethod.POST, value = "/bars")
@ResponseStatus(HttpStatus.CREATED) @ResponseStatus(HttpStatus.CREATED)
@ResponseBody @ResponseBody

41
spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BazController.java Normal file
View File

@ -0,0 +1,41 @@
package org.baeldung.web.controller;
import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
import org.baeldung.web.dto.Baz;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
@Controller
public class BazController {
public BazController() {
super();
}
// API - read
// @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
@RequestMapping(method = RequestMethod.GET, value = "/bazes/{id}")
@ResponseBody
public Baz findById(@PathVariable final long id) {
return new Baz(Long.parseLong(randomNumeric(2)), randomAlphabetic(4));
}
// API - write
// @PreAuthorize("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
@RequestMapping(method = RequestMethod.POST, value = "/bazes")
@ResponseStatus(HttpStatus.CREATED)
@ResponseBody
public Baz create(@RequestBody final Baz baz) {
baz.setId(Long.parseLong(randomNumeric(2)));
return baz;
}
}

4
spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java
View File

@ -21,7 +21,7 @@ public class FooController {
} }
// API - read // API - read
// @PreAuthorize("#oauth2.hasScope('read')") // @PreAuthorize("#oauth2.hasScope('foo') and #oauth2.hasScope('read')")
@RequestMapping(method = RequestMethod.GET, value = "/foos/{id}") @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
@ResponseBody @ResponseBody
public Foo findById(@PathVariable final long id) { public Foo findById(@PathVariable final long id) {
@ -29,7 +29,7 @@ public class FooController {
} }
// API - write // API - write
// @PreAuthorize("#oauth2.hasScope('write')") // @PreAuthorize("#oauth2.hasScope('foo') and #oauth2.hasScope('write')")
@RequestMapping(method = RequestMethod.POST, value = "/foos") @RequestMapping(method = RequestMethod.POST, value = "/foos")
@ResponseStatus(HttpStatus.CREATED) @ResponseStatus(HttpStatus.CREATED)
@ResponseBody @ResponseBody

36
spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Baz.java Normal file
View File

@ -0,0 +1,36 @@
package org.baeldung.web.dto;
public class Baz {
private long id;
private String name;
public Baz() {
super();
}
public Baz(final long id, final String name) {
super();
this.id = id;
this.name = name;
}
//
public long getId() {
return id;
}
public void setId(final long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(final String name) {
this.name = name;
}
}

12
spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
View File

@ -49,13 +49,19 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
clients.jdbc(dataSource()) clients.jdbc(dataSource())
.withClient("sampleClientId") .withClient("sampleClientId")
.authorizedGrantTypes("implicit") .authorizedGrantTypes("implicit")
.scopes("read","write") .scopes("read","write","foo","bar")
.autoApprove(false) .autoApprove(false)
.and() .and()
.withClient("clientIdPassword") .withClient("fooClientIdPassword")
.secret("secret") .secret("secret")
.authorizedGrantTypes("password","authorization_code", "refresh_token") .authorizedGrantTypes("password","authorization_code", "refresh_token")
.scopes("read","write"); .scopes("foo","read","write")
.and()
.withClient("barClientIdPassword")
.secret("secret")
.authorizedGrantTypes("password","authorization_code", "refresh_token")
.scopes("bar","read","write")
;
// @formatter:on // @formatter:on
} }

22
spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html
View File

@ -13,7 +13,7 @@
site="http://localhost:8081/spring-security-oauth-server" site="http://localhost:8081/spring-security-oauth-server"
client-id="sampleClientId" client-id="sampleClientId"
redirect-uri="http://localhost:8081/spring-security-oauth-ui-implicit/" redirect-uri="http://localhost:8081/spring-security-oauth-ui-implicit/"
scope="read write" scope="read write foo bar"
template="oauthTemp"> template="oauthTemp">
</oauth> </oauth>
@ -94,6 +94,26 @@ app.controller('mainCtrl', function($scope,$resource,$http,$rootScope) {
}); });
} }
// baz
$scope.baz = {id:0 , name:"sample baz"};
$scope.bazes = $resource("http://localhost:8081/spring-security-oauth-resource/bazes/:bazId",{bazId:'@id'});
$scope.getBaz = function(){
$scope.baz = $scope.bazes.get({bazId:$scope.baz.id});
}
$scope.createBaz = function(){
if($scope.baz.name.length==0)
{
$rootScope.message = "Baz name can not be empty";
return;
}
$scope.baz.id = null;
$scope.baz = $scope.bazes.save($scope.baz, function(){
$rootScope.message = "Baz Created Successfully";
});
}
}); });
/*]]>*/ /*]]>*/
</script> </script>

25
spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html
View File

@ -50,8 +50,31 @@
<a class="btn btn-default" href="#" ng-click="getBar()">Get Bar</a> <a class="btn btn-default" href="#" ng-click="getBar()">Get Bar</a>
<a class="btn btn-default" href="#" ng-click="createBar()">Create Bar</a> <a class="btn btn-default" href="#" ng-click="createBar()">Create Bar</a>
</div> </div>
</div> </div>
<br/>
<hr/>
<br/>
<br/>
<br/>
<h1>Baz Details</h1>
<div class="col-sm-6">
<div class="col-sm-12">
<label class="col-sm-2">ID</label>
<span class="col-sm-10"><input class="form-control" ng-model="baz.id"/></span>
</div>
<div class="col-sm-12">
<label class="col-sm-2">Name</label>
<span class="col-sm-10"><input class="form-control" ng-model="baz.name"/></span>
</div>
<div class="col-sm-12">
<a class="btn btn-default" href="#" ng-click="getBaz()">Get Baz</a>
<a class="btn btn-default" href="#" ng-click="createBaz()">Create Baz</a>
</div>
</div>
</div> </div>
</body> </body>
</html> </html>

4
spring-security-oauth/spring-security-oauth-ui-password/src/main/resources/templates/header.html
View File

@ -28,8 +28,8 @@ app.controller('mainCtrl', function($scope,$resource,$http,$httpParamSerializer,
$scope.foo = $scope.foos.get({fooId:$scope.foo.id}); $scope.foo = $scope.foos.get({fooId:$scope.foo.id});
} }
$scope.data = {grant_type:"password", username: "", password: "", client_id: "clientIdPassword"}; $scope.data = {grant_type:"password", username: "", password: "", client_id: "fooClientIdPassword"};
$scope.encoded = btoa("clientIdPassword:secret"); $scope.encoded = btoa("fooClientIdPassword:secret");
var isLoginPage = window.location.href.indexOf("login") != -1; var isLoginPage = window.location.href.indexOf("login") != -1;
if(isLoginPage){ if(isLoginPage){

75
spring-security-oauth/spring-security-oauth-ui-password/src/test/java/org/baeldung/live/AuthorizationLiveTest.java
View File

@ -13,45 +13,76 @@ import com.jayway.restassured.response.Response;
public class AuthorizationLiveTest { public class AuthorizationLiveTest {
private String obtainAccessToken(String username, String password) { private String obtainAccessToken(String clientId, String username, String password) {
final Map<String, String> params = new HashMap<String, String>(); final Map<String, String> params = new HashMap<String, String>();
params.put("grant_type", "password"); params.put("grant_type", "password");
params.put("client_id", "clientIdPassword"); params.put("client_id", clientId);
params.put("username", username); params.put("username", username);
params.put("password", password); params.put("password", password);
final Response response = RestAssured.given().auth().preemptive().basic("clientIdPassword", "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token"); final Response response = RestAssured.given().auth().preemptive().basic(clientId, "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
return response.jsonPath().getString("access_token"); return response.jsonPath().getString("access_token");
} }
@Test @Test
public void givenUser_whenAccessFoosResource_thenOk() { public void givenUser_whenUseFooClient_thenOkForFooResourceOnly() {
final String accessToken = obtainAccessToken("john", "123"); final String accessToken = obtainAccessToken("fooClientIdPassword", "john", "123");
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
assertEquals(200, response.getStatusCode()); final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
assertNotNull(response.jsonPath().get("name")); assertEquals(200, fooResponse.getStatusCode());
assertNotNull(fooResponse.jsonPath().get("name"));
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
assertEquals(403, barResponse.getStatusCode());
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
assertEquals(403, bazResponse.getStatusCode());
} }
@Test @Test
public void givenUser_whenAccessBarssResource_thenUnauthorized() { public void givenUser_whenUseBarClient_thenOkForBarResourceOnly() {
final String accessToken = obtainAccessToken("john", "123"); final String accessToken = obtainAccessToken("barClientIdPassword", "john", "123");
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
assertEquals(403, response.getStatusCode()); final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
assertEquals(200, barResponse.getStatusCode());
assertNotNull(barResponse.jsonPath().get("name"));
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
assertEquals(403, fooResponse.getStatusCode());
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
assertEquals(403, bazResponse.getStatusCode());
} }
@Test @Test
public void givenAdmin_whenAccessFoosResource_thenOk() { public void givenAdmin_whenUseFooClient_thenOkForFooAndBazResourceOnly() {
final String accessToken = obtainAccessToken("tom", "111"); final String accessToken = obtainAccessToken("fooClientIdPassword", "tom", "111");
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
assertEquals(200, response.getStatusCode()); final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
assertNotNull(response.jsonPath().get("name")); assertEquals(200, fooResponse.getStatusCode());
assertNotNull(fooResponse.jsonPath().get("name"));
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
assertEquals(200, bazResponse.getStatusCode());
assertNotNull(bazResponse.jsonPath().get("name"));
final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
assertEquals(403, barResponse.getStatusCode());
} }
@Test @Test
public void givenAdmin_whenAccessBarssResource_thenOk() { public void givenAdmin_whenUseBarClient_thenOkForBarAndBazResourceOnly() {
final String accessToken = obtainAccessToken("tom", "111"); final String accessToken = obtainAccessToken("barClientIdPassword", "tom", "111");
final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
assertEquals(200, response.getStatusCode()); final Response barResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
assertNotNull(response.jsonPath().get("name")); assertEquals(200, barResponse.getStatusCode());
assertNotNull(barResponse.jsonPath().get("name"));
final Response bazResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bazes/1");
assertEquals(200, bazResponse.getStatusCode());
assertNotNull(bazResponse.jsonPath().get("name"));
final Response fooResponse = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
assertEquals(403, fooResponse.getStatusCode());
} }
} }