security work for new scenario

2016-03-01 22:31:35 +02:00 · 2016-03-01 22:31:35 +02:00 · d3bed13184
parent 03010d8f9f
commit d3bed13184
5 changed files with 100 additions and 42 deletions
--- a/spring-security-oauth/spring-security-oauth-resource-demo/pom.xml
+++ b/spring-security-oauth/spring-security-oauth-resource-demo/pom.xml
@ -1,37 +1,41 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<artifactId>spring-security-oauth-resource-demo</artifactId>
-	<name>spring-security-oauth-resource-demo</name>
-	<packaging>war</packaging>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-security-oauth-resource-demo</artifactId>
+    <name>spring-security-oauth-resource-demo</name>
+    <packaging>war</packaging>

-	<parent>
-		<groupId>org.baeldung</groupId>
-		<artifactId>spring-security-oauth</artifactId>
-		<version>1.0.0-SNAPSHOT</version>
-	</parent>
+    <parent>
+        <groupId>org.baeldung</groupId>
+        <artifactId>spring-security-oauth</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>

-	<dependencies>
-    
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-	
-		<!-- oauth -->
-		<dependency>
-			<groupId>org.springframework.security.oauth</groupId>
-			<artifactId>spring-security-oauth2</artifactId>
-			<version>${oauth.version}</version>
-		</dependency>
-	
-		<dependency>
-			<groupId>org.apache.commons</groupId>
-			<artifactId>commons-lang3</artifactId>
-			<version>${commons-lang3.version}</version>
-		</dependency>
-	
-	</dependencies>
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <!-- oauth -->
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>${oauth.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt</artifactId>
+        </dependency>
+
+        <!-- utils -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons-lang3.version}</version>
+        </dependency>
+
+    </dependencies>

    <build>
        <finalName>spring-security-oauth-resource-demo</finalName>
--- a/spring-security-oauth/spring-security-oauth-resource-demo/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig2.java
+++ b/spring-security-oauth/spring-security-oauth-resource-demo/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig2.java
@ -2,12 +2,16 @@ package org.baeldung.config;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@Configuration
@EnableResourceServer
@ -25,9 +29,31 @@ public class OAuth2ResourceServerConfig2 extends ResourceServerConfigurerAdapter
        // @formatter:on
    }

+    @Override
+    public void configure(final ResourceServerSecurityConfigurer config) {
+        config.tokenServices(tokenServices());
+    }
+
+    // JWT
+
+    @Bean
+    @Primary
+    public DefaultTokenServices tokenServices() {
+        final DefaultTokenServices tokenServices = new DefaultTokenServices();
+        tokenServices.setTokenStore(tokenStore());
+        return tokenServices;
+    }
+
    @Bean
    public TokenStore tokenStore() {
-        return new InMemoryTokenStore();
+        return new JwtTokenStore(accessTokenConverter());
+    }
+
+    @Bean
+    public JwtAccessTokenConverter accessTokenConverter() {
+        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        converter.setSigningKey("123");
+        return converter;
    }

 }
--- a/spring-security-oauth/spring-security-oauth-server-demo/pom.xml
+++ b/spring-security-oauth/spring-security-oauth-server-demo/pom.xml
@ -24,6 +24,10 @@
            <artifactId>spring-security-oauth2</artifactId>
            <version>${oauth.version}</version>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt</artifactId>
+        </dependency>

    </dependencies>

--- a/spring-security-oauth/spring-security-oauth-server-demo/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig1.java
+++ b/spring-security-oauth/spring-security-oauth-server-demo/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig1.java
@ -31,10 +31,9 @@ public class OAuth2AuthorizationServerConfig1 extends AuthorizationServerConfigu
        clients.inMemory()
               .withClient("fooClientIdPassword")
               .secret("secret")
-               .authorizedGrantTypes("password", "authorization_code", "refresh_token")
+               .authorizedGrantTypes("password", "authorization_code")
               .scopes("foo", "read", "write")
               .accessTokenValiditySeconds(3600) // 1 hour
-               .refreshTokenValiditySeconds(2592000) // 30 days
               ;
    } // @formatter:on

--- a/spring-security-oauth/spring-security-oauth-server-demo/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig2.java
+++ b/spring-security-oauth/spring-security-oauth-server-demo/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig2.java
@ -4,14 +4,18 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
 import org.springframework.security.oauth2.provider.token.TokenStore;
-import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@Configuration
@EnableAuthorizationServer
@ -33,21 +37,42 @@ public class OAuth2AuthorizationServerConfig2 extends AuthorizationServerConfigu
        clients.inMemory()
               .withClient("fooClientIdPassword")
               .secret("secret")
-               .authorizedGrantTypes("password", "authorization_code", "refresh_token")
+               .authorizedGrantTypes("password", "authorization_code" )
               .scopes("foo", "read", "write")
               .accessTokenValiditySeconds(3600) // 1 hour
-               .refreshTokenValiditySeconds(2592000) // 30 days
               ;
    } // @formatter:on

    @Override
-    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-        endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager);
+    public void configure(final AuthorizationServerEndpointsConfigurer conf) { // @formatter:off
+        conf.
+          tokenStore(tokenStore())
+          .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
+          .accessTokenConverter(accessTokenConverter())
+          .authenticationManager(authenticationManager)
+          ;
+    } // @formatter:on
+
+    // JWT
+
+    @Bean
+    @Primary
+    public DefaultTokenServices tokenServices() {
+        final DefaultTokenServices tokenServices = new DefaultTokenServices();
+        tokenServices.setTokenStore(tokenStore());
+        return tokenServices;
    }

    @Bean
    public TokenStore tokenStore() {
-        return new InMemoryTokenStore();
+        return new JwtTokenStore(accessTokenConverter());
+    }
+
+    @Bean
+    public JwtAccessTokenConverter accessTokenConverter() {
+        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        converter.setSigningKey("123");
+        return converter;
    }

 }