oauth multiple resources authorization
This commit is contained in:
DOHA
parent
e38a4d77b7
commit
95bc7e515d
|
|
@ -7,12 +7,13 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.jdbc.datasource.DriverManagerDataSource;
|
||||
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
||||
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
|
||||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.provider.token.TokenStore;
|
||||
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
|
||||
|
||||
|
|
@ -20,14 +21,25 @@ import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
|
|||
@PropertySource({ "classpath:persistence.properties" })
|
||||
@EnableResourceServer
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration {
|
||||
|
||||
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
||||
@Autowired
|
||||
private Environment env;
|
||||
|
||||
@Override
|
||||
protected MethodSecurityExpressionHandler createExpressionHandler() {
|
||||
return new OAuth2MethodSecurityExpressionHandler();
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||
.and()
|
||||
.requestMatchers().antMatchers("/foos/**","/bars/**")
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('read')")
|
||||
.antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('write')")
|
||||
.antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
|
||||
.antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
|
||||
;
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -0,0 +1,41 @@
|
|||
package org.baeldung.web.controller;
|
||||
|
||||
import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
|
||||
import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
|
||||
|
||||
import org.baeldung.web.dto.Bar;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
@Controller
|
||||
public class BarController {
|
||||
|
||||
public BarController() {
|
||||
super();
|
||||
}
|
||||
|
||||
// API - read
|
||||
// @PreAuthorize("#oauth2.hasScope('read')")
|
||||
@RequestMapping(method = RequestMethod.GET, value = "/bars/{id}")
|
||||
@ResponseBody
|
||||
public Bar findById(@PathVariable final long id) {
|
||||
return new Bar(Long.parseLong(randomNumeric(2)), randomAlphabetic(4));
|
||||
}
|
||||
|
||||
// API - write
|
||||
// @PreAuthorize("#oauth2.hasScope('write')")
|
||||
@RequestMapping(method = RequestMethod.POST, value = "/bars")
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@ResponseBody
|
||||
public Bar create(@RequestBody final Bar bar) {
|
||||
bar.setId(Long.parseLong(randomNumeric(2)));
|
||||
return bar;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -4,12 +4,14 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
|
|||
import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
|
||||
|
||||
import org.baeldung.web.dto.Foo;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
@Controller
|
||||
public class FooController {
|
||||
|
|
@ -19,11 +21,21 @@ public class FooController {
|
|||
}
|
||||
|
||||
// API - read
|
||||
@PreAuthorize("#oauth2.hasScope('read')")
|
||||
// @PreAuthorize("#oauth2.hasScope('read')")
|
||||
@RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
|
||||
@ResponseBody
|
||||
public Foo findById(@PathVariable final long id) {
|
||||
return new Foo(Long.parseLong(randomNumeric(2)), randomAlphabetic(4));
|
||||
}
|
||||
|
||||
// API - write
|
||||
// @PreAuthorize("#oauth2.hasScope('write')")
|
||||
@RequestMapping(method = RequestMethod.POST, value = "/foos")
|
||||
@ResponseStatus(HttpStatus.CREATED)
|
||||
@ResponseBody
|
||||
public Foo create(@RequestBody final Foo foo) {
|
||||
foo.setId(Long.parseLong(randomNumeric(2)));
|
||||
return foo;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,36 @@
|
|||
package org.baeldung.web.dto;
|
||||
|
||||
public class Bar {
|
||||
private long id;
|
||||
private String name;
|
||||
|
||||
public Bar() {
|
||||
super();
|
||||
}
|
||||
|
||||
public Bar(final long id, final String name) {
|
||||
super();
|
||||
|
||||
this.id = id;
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
public long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(final long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(final String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -47,10 +47,10 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
|
|||
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
||||
// @formatter:off
|
||||
clients.jdbc(dataSource())
|
||||
.withClient("clientId")
|
||||
.withClient("sampleClientId")
|
||||
.authorizedGrantTypes("implicit")
|
||||
.scopes("read")
|
||||
.autoApprove(true)
|
||||
.scopes("read","write")
|
||||
.autoApprove(false)
|
||||
.and()
|
||||
.withClient("clientIdPassword")
|
||||
.secret("secret")
|
||||
|
|
|
|||
|
|
@ -12,8 +12,7 @@ public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication().withUser("john").password("123").roles("USER");
|
||||
|
||||
auth.inMemoryAuthentication().withUser("john").password("123").roles("USER").and().withUser("tom").password("111").roles("ADMIN");
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -25,11 +25,6 @@
|
|||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.m2e.core.maven2Builder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.springframework.ide.eclipse.core.springbuilder</name>
|
||||
<arguments>
|
||||
|
|
@ -40,6 +35,11 @@
|
|||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.m2e.core.maven2Builder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@
|
|||
|
||||
<oauth
|
||||
site="http://localhost:8081/spring-security-oauth-server"
|
||||
client-id="clientId"
|
||||
client-id="sampleClientId"
|
||||
redirect-uri="http://localhost:8081/spring-security-oauth-ui-implicit/"
|
||||
scope="read"
|
||||
scope="read write"
|
||||
template="oauthTemp">
|
||||
</oauth>
|
||||
|
||||
|
|
@ -34,9 +34,21 @@ app.config(function($locationProvider) {
|
|||
}).hashPrefix('!');
|
||||
});
|
||||
|
||||
app.config(['$httpProvider', function ($httpProvider) {
|
||||
$httpProvider.interceptors.push(function ($q,$rootScope) {
|
||||
return {
|
||||
'responseError': function (responseError) {
|
||||
$rootScope.message = responseError.statusText;
|
||||
console.log("error here");
|
||||
console.log(responseError);
|
||||
return $q.reject(responseError);
|
||||
}
|
||||
};
|
||||
});
|
||||
}]);
|
||||
|
||||
|
||||
app.controller('mainCtrl', function($scope,$resource,$http) {
|
||||
app.controller('mainCtrl', function($scope,$resource,$http,$rootScope) {
|
||||
|
||||
$scope.$on('oauth:login', function(event, token) {
|
||||
$http.defaults.headers.common.Authorization= 'Bearer ' + token.access_token;
|
||||
|
|
@ -49,6 +61,38 @@ app.controller('mainCtrl', function($scope,$resource,$http) {
|
|||
$scope.getFoo = function(){
|
||||
$scope.foo = $scope.foos.get({fooId:$scope.foo.id});
|
||||
}
|
||||
|
||||
$scope.createFoo = function(){
|
||||
if($scope.foo.name.length==0)
|
||||
{
|
||||
$rootScope.message = "Foo name can not be empty";
|
||||
return;
|
||||
}
|
||||
$scope.foo.id = null;
|
||||
$scope.foo = $scope.foos.save($scope.foo, function(){
|
||||
$rootScope.message = "Foo Created Successfully";
|
||||
});
|
||||
}
|
||||
|
||||
// bar
|
||||
$scope.bar = {id:0 , name:"sample bar"};
|
||||
$scope.bars = $resource("http://localhost:8081/spring-security-oauth-resource/bars/:barId",{barId:'@id'});
|
||||
|
||||
$scope.getBar = function(){
|
||||
$scope.bar = $scope.bars.get({barId:$scope.bar.id});
|
||||
}
|
||||
|
||||
$scope.createBar = function(){
|
||||
if($scope.bar.name.length==0)
|
||||
{
|
||||
$rootScope.message = "Bar name can not be empty";
|
||||
return;
|
||||
}
|
||||
$scope.bar.id = null;
|
||||
$scope.bar = $scope.bars.save($scope.bar, function(){
|
||||
$rootScope.message = "Bar Created Successfully";
|
||||
});
|
||||
}
|
||||
|
||||
});
|
||||
/*]]>*/
|
||||
|
|
|
|||
|
|
@ -10,19 +10,47 @@
|
|||
<div th:include="header"></div>
|
||||
|
||||
<div class="container">
|
||||
<h1 class="col-sm-12">Foo Details</h1>
|
||||
<div class="alert alert-info" ng-show="message">{{message}}</div>
|
||||
<h1>Foo Details</h1>
|
||||
<div class="col-sm-6">
|
||||
<div class="col-sm-12">
|
||||
<label class="col-sm-3">ID</label>
|
||||
<span>{{foo.id}}</span>
|
||||
<label class="col-sm-2">ID</label>
|
||||
<span class="col-sm-10"><input class="form-control" ng-model="foo.id"/></span>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12">
|
||||
<label class="col-sm-3">Name</label>
|
||||
<span>{{foo.name}}</span>
|
||||
<label class="col-sm-2">Name</label>
|
||||
<span class="col-sm-10"><input class="form-control" ng-model="foo.name"/></span>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12">
|
||||
<a class="btn btn-default" href="#" ng-click="getFoo()">New Foo</a>
|
||||
<a class="btn btn-default" href="#" ng-click="getFoo()">Get Foo</a>
|
||||
<a class="btn btn-default" href="#" ng-click="createFoo()">Create Foo</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<br/>
|
||||
<hr/>
|
||||
<br/>
|
||||
<br/>
|
||||
<br/>
|
||||
<h1>Bar Details</h1>
|
||||
<div class="col-sm-6">
|
||||
<div class="col-sm-12">
|
||||
<label class="col-sm-2">ID</label>
|
||||
<span class="col-sm-10"><input class="form-control" ng-model="bar.id"/></span>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12">
|
||||
<label class="col-sm-2">Name</label>
|
||||
<span class="col-sm-10"><input class="form-control" ng-model="bar.name"/></span>
|
||||
</div>
|
||||
|
||||
<div class="col-sm-12">
|
||||
<a class="btn btn-default" href="#" ng-click="getBar()">Get Bar</a>
|
||||
<a class="btn btn-default" href="#" ng-click="createBar()">Create Bar</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
|
|
|||
Loading…
Reference in New Issue