Design how firewall oauth2_resource should looks like.

authbucket · Jul 11, 2014 · 5b31f3c · 5b31f3c
1 parent a835376
commit 5b31f3c
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 17 deletions.
diff --git a/DependencyInjection/AuthBucketOAuth2Extension.php b/DependencyInjection/AuthBucketOAuth2Extension.php
@@ -44,6 +44,7 @@ public function load(array $configs, ContainerBuilder $container)
         $container->setParameter('authbucket_oauth2.response_handler', $config['response_handler']);
         $container->setParameter('authbucket_oauth2.grant_handler', $config['grant_handler']);
         $container->setParameter('authbucket_oauth2.token_handler', $config['token_handler']);
+        $container->setParameter('authbucket_oauth2.resource_handler', $config['resource_handler']);
 
         if (!empty($config['user_provider'])) {
             $container->getDefinition('authbucket_oauth2.token_controller')

diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -63,6 +63,13 @@ public function getConfigTreeBuilder()
                 ->end()
             ->end();
 
+        $rootNode
+            ->children()
+                ->arrayNode('resource_handler')
+                    ->prototype('scalar')->end()
+                ->end()
+            ->end();
+
         return $treeBuilder;
     }
 }
diff --git a/DependencyInjection/Security/Factory/ResourceFactory.php b/DependencyInjection/Security/Factory/ResourceFactory.php
@@ -44,5 +44,24 @@ public function getKey()
 
     public function addConfiguration(NodeDefinition $node)
     {
+        $node
+            ->children()
+                ->scalarNode('resource_type')->defaultValue('model')->end()
+            ->end();
+
+        $node
+            ->children()
+                ->arrayNode('scope')
+                    ->prototype('scalar')->end()
+                ->end()
+            ->end();
+
+        $node
+            ->children()
+                ->arrayNode('options')
+                    ->useAttributeAsKey('key')
+                    ->prototype('scalar')->end()
+                ->end()
+            ->end();
     }
 }
diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -4,6 +4,7 @@ parameters:
     authbucket_oauth2.response_handler.factory.class: AuthBucket\OAuth2\ResponseType\ResponseTypeHandlerFactory
     authbucket_oauth2.grant_handler.factory.class: AuthBucket\OAuth2\GrantType\GrantTypeHandlerFactory
     authbucket_oauth2.token_handler.factory.class: AuthBucket\OAuth2\TokenType\TokenTypeHandlerFactory
+    authbucket_oauth2.resource_handler.factory.class: AuthBucket\OAuth2\ResourceType\ResourceTypeHandlerFactory
 
     authbucket_oauth2.authorize_controller.class: AuthBucket\OAuth2\Controller\AuthorizeController
     authbucket_oauth2.token_controller.class: AuthBucket\OAuth2\Controller\TokenController
@@ -33,6 +34,9 @@ services:
     authbucket_oauth2.token_handler.factory:
         class: %authbucket_oauth2.token_handler.factory.class%
         arguments: ["%authbucket_oauth2.token_handler%"]
+    authbucket_oauth2.resource_handler.factory:
+        class: %authbucket_oauth2.resource_handler.factory.class%
+        arguments: ["%authbucket_oauth2.resource_handler%"]
 
     authbucket_oauth2.authorize_controller:
         class: %authbucket_oauth2.authorize_controller.class%

diff --git a/app/config/config.yml b/app/config/config.yml
@@ -66,3 +66,7 @@ authbucket_oauth2:
     token_handler:
         bearer:             AuthBucket\OAuth2\TokenType\BearerTokenTypeHandler
         mac:                AuthBucket\OAuth2\TokenType\MacTokenTypeHandler
+
+    resource_handler:
+        model:              AuthBucket\OAuth2\ResourceType\ModelResourceTypeHandler
+        debug_endpoint:     AuthBucket\OAuth2\ResourceType\DebugEndpointResourceTypeHandler
diff --git a/app/config/security.yml b/app/config/security.yml
@@ -17,36 +17,44 @@ security:
 
     firewalls:
         admin:
-            pattern:            ^/admin
+            pattern:                ^/admin
             http_basic:
-                provider:       admin
+                provider:           admin
 
         oauth2_login:
-            pattern:            ^/oauth2/login$
-            anonymous:          true
+            pattern:                ^/oauth2/login$
+            anonymous:              true
 
         oauth2_authorize_http:
-            pattern:            ^/oauth2/authorize/http$
+            pattern:                ^/oauth2/authorize/http$
             http_basic:
-                provider:       default
+                provider:           default
 
         oauth2_authorize:
-            pattern:            ^/oauth2/authorize
+            pattern:                ^/oauth2/authorize
             form_login:
-                login_path:     /oauth2/login
-                check_path:     /oauth2/authorize/login_check
-                provider:       default
+                login_path:         /oauth2/login
+                check_path:         /oauth2/authorize/login_check
+                provider:           default
             logout:
-                path:           /oauth2/authorize/logout
+                path:               /oauth2/authorize/logout
 
         oauth2_token:
-            pattern:            ^/oauth2/token$
-            oauth2_token:       true
+            pattern:                ^/oauth2/token$
+            oauth2_token:           true
 
         oauth2_debug:
-            pattern:            ^/oauth2/debug$
-            oauth2_debug:       true
+            pattern:                ^/oauth2/debug$
+            oauth2_resource:
+                resource_type:      model
+                scope:              [ demoscope1, demoscope2, demoscope3 ]
 
         oauth2_resource:
-            pattern:            ^/resource/debug$
-            oauth2_resource:    true
+            pattern:                ^/resource/debug$
+            oauth2_resource:
+                resource_type:      debug_endpoint
+                scope:              [ demoscope1, demoscope2, demoscope3 ]
+                options:
+                    request_uri:    /oauth2/debug
+                    client_id:      ~
+                    client_secret:  ~