Permalink
Browse files

SECOAUTH-354: add basic auth entry point to sample

  • Loading branch information...
1 parent 4c75f70 commit cf3e51e7eb150fe23844e6cd6f38e644034c49e8 @dsyer dsyer committed Nov 21, 2012
@@ -12,10 +12,10 @@
<http pattern="/oauth/uncache_approvals" security="none" xmlns="http://www.springframework.org/schema/security" />
<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
- entry-point-ref="oauthAuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/security">
+ xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
- <http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
+ <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
@@ -32,8 +32,8 @@
<intercept-url pattern="/oauth/users/.*"
access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')"
method="GET" />
- <intercept-url pattern="/oauth/clients/.*" access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')"
- method="GET" />
+ <intercept-url pattern="/oauth/clients/.*"
+ access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')" method="GET" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<expression-handler ref="oauthWebExpressionHandler" />
@@ -51,7 +51,7 @@
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
-
+
<!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
<http pattern="/me/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
@@ -77,6 +77,10 @@
<property name="realmName" value="sparklr2" />
</bean>
+ <bean id="clientAuthenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
+ <property name="realmName" value="sparklr2/client" />
+ </bean>
+
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
@@ -115,7 +119,7 @@
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
- <property name="clientDetailsService" ref="clientDetails"/>
+ <property name="clientDetailsService" ref="clientDetails" />
</bean>
<bean id="userApprovalHandler" class="org.springframework.security.oauth.examples.sparklr.oauth.SparklrUserApprovalHandler">
@@ -140,7 +144,7 @@
<oauth:client-details-service id="clientDetails">
<oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,implicit"
- authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60"/>
+ authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" />
<oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,implicit"
secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
<oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
@@ -169,7 +173,7 @@
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
-
+
<!--Basic application beans. -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="mediaTypes">
@@ -185,15 +189,15 @@
</property>
<property name="defaultViews">
<bean class="org.springframework.web.servlet.view.json.MappingJacksonJsonView">
- <property name="extractValueFromSingleKeyModel" value="true"/>
+ <property name="extractValueFromSingleKeyModel" value="true" />
</bean>
</property>
</bean>
<bean id="photoController" class="org.springframework.security.oauth.examples.sparklr.mvc.PhotoController">
<property name="photoService" ref="photoServices" />
</bean>
-
+
<bean id="photoServiceUserController" class="org.springframework.security.oauth.examples.sparklr.mvc.PhotoServiceUserController">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
@@ -131,8 +131,7 @@ public void testTokenNotGrantedIfSecretNotProvided() throws Exception {
assertEquals(HttpStatus.UNAUTHORIZED, e.getStatusCode());
List<String> values = tokenEndpointResponse.getHeaders().get("WWW-Authenticate");
assertEquals(1, values.size());
- assertEquals("Bearer realm=\"sparklr2\", error=\"unauthorized\", error_description=\"Bad credentials\"",
- values.get(0));
+ assertEquals("Basic realm=\"sparklr2/client\"", values.get(0));
}
}

0 comments on commit cf3e51e

Please sign in to comment.