Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

file 120 lines (102 sloc) 4.942 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
<?xml version="1.0" encoding="UTF-8"?>

<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:u="http://www.springframework.org/schema/util"
xmlns:oauth="http://www.springframework.org/schema/security/oauth"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/security/oauth http://www.springframework.org/schema/security/spring-security-oauth-1.0.xsd">

<http entry-point-ref="loginEntryPoint">
<intercept-url pattern="/**" access="ROLE_USER" />

<logout logout-success-url="/loggedout.jsp" />
<anonymous enabled="false" />
<custom-filter ref="standardOAuthFilters" after="EXCEPTION_TRANSLATION_FILTER" />

<custom-filter ref="oauthAuthenticationProcessingFilter"
before="FILTER_SECURITY_INTERCEPTOR" />
</http>

<b:bean id="loginEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<b:constructor-arg value="/login" />
</b:bean>

<b:bean id="oauthAuthenticationProcessingFilter"
class="com.example.oauth1.loginconsumer.OAuthAuthenticationProcessingFilter">
<b:constructor-arg value="/login" />

<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="userInfoUrl"
value="http://localhost:8080/loginprovider1/userinfo" />
<b:property name="restTemplate" ref="oauthLoginProviderTemplate" />
</b:bean>


<b:bean id="oauthLoginProviderTemplate"
class="org.springframework.security.oauth.consumer.client.OAuthRestTemplate">
<b:constructor-arg ref="oauthLoginProvider" />
</b:bean>

<authentication-manager alias="authenticationManager" />

<b:bean id="standardOAuthFilters" class="org.springframework.web.filter.CompositeFilter">
<b:property name="filters">
<b:list>
<b:ref bean="oauthConsumerContextFilter" />
<b:ref bean="oauthConsumerFilter" />
</b:list>
</b:property>
</b:bean>

<!--
START OF STANDARD OAUTH FILTERS
-->
<b:bean id="oauthConsumerContextFilter"
class="org.springframework.security.oauth.consumer.filter.OAuthConsumerContextFilter">
<b:property name="OAuthFailureHandler">
<b:bean
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<b:property name="errorPage" value="/oauth_error.jsp" />
</b:bean>
</b:property>
<b:property name="messageSource" ref="messageSource" />
<b:property name="consumerSupport">
<b:bean
class="org.springframework.security.oauth.consumer.client.CoreOAuthConsumerSupport">
<b:property name="protectedResourceDetailsService" ref="resourceDetails" />
</b:bean>
</b:property>
</b:bean>

<b:bean id="oauthConsumerFilter"
class="org.springframework.security.oauth.consumer.filter.OAuthConsumerProcessingFilter">
<b:property name="requireAuthenticated" value="false" />
<b:property name="protectedResourceDetailsService" ref="resourceDetails" />
<b:property name="objectDefinitionSource">
<b:bean
class="org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource">
<b:constructor-arg>
<u:map map-class="java.util.LinkedHashMap">
<b:entry>
<b:key>
<b:bean
class="org.springframework.security.web.util.AnyRequestMatcher" />
</b:key>
<b:bean class="org.springframework.security.access.SecurityConfig">
<b:constructor-arg value="oauthLoginProvider" />
</b:bean>
</b:entry>
</u:map>
</b:constructor-arg>
</b:bean>
</b:property>
<b:property name="messageSource" ref="messageSource" />
</b:bean>

<!-- MAGIC ALTERNATIVE FOR CREATION OF STANDARD OAUTH FILTERS
This short form will create everything that is stated above plus
it will instrument the security filter chain inserting these two
OAuth filters. Since we are inserting them manually in the unusual
place we create them manually).
<oauth:consumer resource-details-service-ref="resourceDetails"
oauth-failure-page="/oauth_error.jsp" requireAuthenticated="false">
<oauth:url pattern="/**" resources="oauthLoginProvider" />
</oauth:consumer>
-->


<oauth:resource-details-service id="resourceDetails">
<oauth:resource id="oauthLoginProvider" key="tonr-consumer-key"
secret="SHHHHH!!!!!!!!!!" request-token-url="http://localhost:8080/loginprovider1/oauth/request_token"
user-authorization-url="http://localhost:8080/loginprovider1/oauth/confirm_access"
access-token-url="http://localhost:8080/loginprovider1/oauth/access_token" />
</oauth:resource-details-service>

</b:beans>
Something went wrong with that request. Please try again.