-
Notifications
You must be signed in to change notification settings - Fork 118
/
OAuth2AuthorizationServerConfigurer.java
108 lines (93 loc) · 4.51 KB
/
OAuth2AuthorizationServerConfigurer.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
* Copyright 2019 Haulmont.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.jmix.securityoauth2.configurer;
import io.jmix.core.JmixOrder;
import io.jmix.securityoauth2.SecurityOAuth2Properties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.web.SecurityFilterChain;
import java.util.ArrayList;
import java.util.List;
public class OAuth2AuthorizationServerConfigurer implements AuthorizationServerConfigurer {
@Autowired
private SecurityOAuth2Properties properties;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenEnhancer tokenEnhancer;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private AuthorizationServerTokenServices tokenServices;
@Autowired
private TokenGranter tokenGranter;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(properties.getClientId())
.secret(properties.getClientSecret())
.authorizedGrantTypes(properties.getClientAuthorizedGrantTypes())
.accessTokenValiditySeconds(properties.getClientTokenExpirationTimeSec())
.refreshTokenValiditySeconds(properties.getClientRefreshTokenExpirationTimeSec())
.scopes("api");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.authenticationManager(authenticationManager)
.tokenEnhancer(tokenEnhancer)
.tokenServices(tokenServices)
.tokenGranter(tokenGranter);
}
@Bean("sec_OAuthAuthorizationServerSecurityFilterChain")
@Order(JmixOrder.HIGHEST_PRECEDENCE + 100)
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/oauth/revoke")
.and()
.csrf().disable()
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/oauth/revoke").authenticated()
.and()
.authenticationProvider(getAuthenticationProvider());
return http.build();
}
private AuthenticationProvider getAuthenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(new ClientDetailsUserDetailsService(clientDetailsService));
return authenticationProvider;
}
}