package com.saintdan.framework.config.custom; import com.saintdan.framework.constant.ResourcePath; import java.util.Collections; import java.util.List; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; /** * OAuth2 server configuration. * * @author <a href="http://github.com/saintdan">Liao Yifan</a> * @date 6/30/15 * @since JDK1.8 */ @Configuration public class CustomResourceServerConfiguration { /** * Resource of api * * @return {@link ResourceServerConfiguration} */ @Bean protected ResourceServerConfiguration adminResources() { ResourceServerConfiguration resource = new ResourceServerConfiguration() { // Switch off the Spring Boot @Autowired configurers public void setConfigurers(List<ResourceServerConfigurer> configurers) { super.setConfigurers(configurers); } }; resource.setConfigurers(Collections.singletonList(new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId(RESOURCE_ID); } @Override public void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers(OPEN_URL).permitAll() .antMatchers(MANAGEMENT_URL).hasAnyAuthority("root", "management") .antMatchers(APP_URL).hasAnyAuthority("root", "management", "app"); } })); resource.setOrder(1); return resource; } private static final String RESOURCE_ID = "api"; private static final String MANAGEMENT_URL = getURL(ResourcePath.MANAGEMENT); private static final String APP_URL = getURL(ResourcePath.APP); private static final String OPEN_URL = getURL(ResourcePath.OPEN); private static String getURL(CharSequence element) { return String.join("", ResourcePath.FIX, ResourcePath.API, ResourcePath.V1, element, ResourcePath.FIX); } }