From 95bc7e515d37107a12b9d3e6b1f792bd15889ecb Mon Sep 17 00:00:00 2001 From: DOHA Date: Fri, 19 Feb 2016 22:12:57 +0200 Subject: [PATCH] oauth multiple resources authorization --- .../config/OAuth2ResourceServerConfig.java | 26 +++++++--- .../web/controller/BarController.java | 41 +++++++++++++++ .../web/controller/FooController.java | 16 +++++- .../main/java/org/baeldung/web/dto/Bar.java | 36 +++++++++++++ .../OAuth2AuthorizationServerConfig.java | 6 +-- .../baeldung/config/ServerSecurityConfig.java | 3 +- .../.project | 10 ++-- .../src/main/resources/templates/header.html | 50 +++++++++++++++++-- .../src/main/resources/templates/index.html | 40 ++++++++++++--- 9 files changed, 200 insertions(+), 28 deletions(-) create mode 100644 spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java create mode 100644 spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java index c5e33739ae..52bfeb4233 100644 --- a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java +++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java @@ -7,12 +7,13 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; +import org.springframework.http.HttpMethod; import org.springframework.jdbc.datasource.DriverManagerDataSource; -import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; -import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler; +import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; @@ -20,14 +21,25 @@ import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; @PropertySource({ "classpath:persistence.properties" }) @EnableResourceServer @EnableGlobalMethodSecurity(prePostEnabled = true) -public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration { - +public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter { @Autowired private Environment env; @Override - protected MethodSecurityExpressionHandler createExpressionHandler() { - return new OAuth2MethodSecurityExpressionHandler(); + public void configure(HttpSecurity http) throws Exception { + // @formatter:off + http + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) + .and() + .requestMatchers().antMatchers("/foos/**","/bars/**") + .and() + .authorizeRequests() + .antMatchers(HttpMethod.GET,"/foos/**").access("#oauth2.hasScope('read')") + .antMatchers(HttpMethod.POST,"/foos/**").access("#oauth2.hasScope('write')") + .antMatchers(HttpMethod.GET,"/bars/**").access("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')") + .antMatchers(HttpMethod.POST,"/bars/**").access("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')") + ; + // @formatter:on } @Bean diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java new file mode 100644 index 0000000000..a716635f6d --- /dev/null +++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java @@ -0,0 +1,41 @@ +package org.baeldung.web.controller; + +import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; +import static org.apache.commons.lang3.RandomStringUtils.randomNumeric; + +import org.baeldung.web.dto.Bar; +import org.springframework.http.HttpStatus; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.ResponseStatus; + +@Controller +public class BarController { + + public BarController() { + super(); + } + + // API - read + // @PreAuthorize("#oauth2.hasScope('read')") + @RequestMapping(method = RequestMethod.GET, value = "/bars/{id}") + @ResponseBody + public Bar findById(@PathVariable final long id) { + return new Bar(Long.parseLong(randomNumeric(2)), randomAlphabetic(4)); + } + + // API - write + // @PreAuthorize("#oauth2.hasScope('write')") + @RequestMapping(method = RequestMethod.POST, value = "/bars") + @ResponseStatus(HttpStatus.CREATED) + @ResponseBody + public Bar create(@RequestBody final Bar bar) { + bar.setId(Long.parseLong(randomNumeric(2))); + return bar; + } + +} diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java index 8dfa19bd84..a1275670f0 100644 --- a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java +++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/FooController.java @@ -4,12 +4,14 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; import static org.apache.commons.lang3.RandomStringUtils.randomNumeric; import org.baeldung.web.dto.Foo; -import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.ResponseStatus; @Controller public class FooController { @@ -19,11 +21,21 @@ public class FooController { } // API - read - @PreAuthorize("#oauth2.hasScope('read')") + // @PreAuthorize("#oauth2.hasScope('read')") @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}") @ResponseBody public Foo findById(@PathVariable final long id) { return new Foo(Long.parseLong(randomNumeric(2)), randomAlphabetic(4)); } + // API - write + // @PreAuthorize("#oauth2.hasScope('write')") + @RequestMapping(method = RequestMethod.POST, value = "/foos") + @ResponseStatus(HttpStatus.CREATED) + @ResponseBody + public Foo create(@RequestBody final Foo foo) { + foo.setId(Long.parseLong(randomNumeric(2))); + return foo; + } + } diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java new file mode 100644 index 0000000000..adbb2aa2ad --- /dev/null +++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/dto/Bar.java @@ -0,0 +1,36 @@ +package org.baeldung.web.dto; + +public class Bar { + private long id; + private String name; + + public Bar() { + super(); + } + + public Bar(final long id, final String name) { + super(); + + this.id = id; + this.name = name; + } + + // + + public long getId() { + return id; + } + + public void setId(final long id) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + +} \ No newline at end of file diff --git a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java index c2f6ca41ae..a0f8baa4bc 100644 --- a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java +++ b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java @@ -47,10 +47,10 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur public void configure(ClientDetailsServiceConfigurer clients) throws Exception { // @formatter:off clients.jdbc(dataSource()) - .withClient("clientId") + .withClient("sampleClientId") .authorizedGrantTypes("implicit") - .scopes("read") - .autoApprove(true) + .scopes("read","write") + .autoApprove(false) .and() .withClient("clientIdPassword") .secret("secret") diff --git a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java index 3e1a8a8ccb..46870f3fc3 100644 --- a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java +++ b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/ServerSecurityConfig.java @@ -12,8 +12,7 @@ public class ServerSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication().withUser("john").password("123").roles("USER"); - + auth.inMemoryAuthentication().withUser("john").password("123").roles("USER").and().withUser("tom").password("111").roles("ADMIN"); } @Override diff --git a/spring-security-oauth/spring-security-oauth-ui-implicit/.project b/spring-security-oauth/spring-security-oauth-ui-implicit/.project index c9fc2aa8f0..b96a26c60d 100644 --- a/spring-security-oauth/spring-security-oauth-ui-implicit/.project +++ b/spring-security-oauth/spring-security-oauth-ui-implicit/.project @@ -25,11 +25,6 @@ - - org.eclipse.m2e.core.maven2Builder - - - org.springframework.ide.eclipse.core.springbuilder @@ -40,6 +35,11 @@ + + org.eclipse.m2e.core.maven2Builder + + + org.eclipse.jem.workbench.JavaEMFNature diff --git a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html index a62bce9747..8cd7be67c3 100644 --- a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html +++ b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/header.html @@ -11,9 +11,9 @@ @@ -34,9 +34,21 @@ app.config(function($locationProvider) { }).hashPrefix('!'); }); +app.config(['$httpProvider', function ($httpProvider) { + $httpProvider.interceptors.push(function ($q,$rootScope) { + return { + 'responseError': function (responseError) { + $rootScope.message = responseError.statusText; + console.log("error here"); + console.log(responseError); + return $q.reject(responseError); + } + }; + }); +}]); -app.controller('mainCtrl', function($scope,$resource,$http) { +app.controller('mainCtrl', function($scope,$resource,$http,$rootScope) { $scope.$on('oauth:login', function(event, token) { $http.defaults.headers.common.Authorization= 'Bearer ' + token.access_token; @@ -49,6 +61,38 @@ app.controller('mainCtrl', function($scope,$resource,$http) { $scope.getFoo = function(){ $scope.foo = $scope.foos.get({fooId:$scope.foo.id}); } + + $scope.createFoo = function(){ + if($scope.foo.name.length==0) + { + $rootScope.message = "Foo name can not be empty"; + return; + } + $scope.foo.id = null; + $scope.foo = $scope.foos.save($scope.foo, function(){ + $rootScope.message = "Foo Created Successfully"; + }); + } + + // bar + $scope.bar = {id:0 , name:"sample bar"}; + $scope.bars = $resource("http://localhost:8081/spring-security-oauth-resource/bars/:barId",{barId:'@id'}); + + $scope.getBar = function(){ + $scope.bar = $scope.bars.get({barId:$scope.bar.id}); + } + + $scope.createBar = function(){ + if($scope.bar.name.length==0) + { + $rootScope.message = "Bar name can not be empty"; + return; + } + $scope.bar.id = null; + $scope.bar = $scope.bars.save($scope.bar, function(){ + $rootScope.message = "Bar Created Successfully"; + }); + } }); /*]]>*/ diff --git a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html index c98ed493bd..c50781caf1 100755 --- a/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html +++ b/spring-security-oauth/spring-security-oauth-ui-implicit/src/main/resources/templates/index.html @@ -10,19 +10,47 @@
-

Foo Details

+
{{message}}
+

Foo Details

+
- - {{foo.id}} + +
- -{{foo.name}} + +
+
+ +
+
+
+
+
+

Bar Details

+
+
+ + +
+ +
+ + +
+ + +