Java Code Examples for org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer

The following examples show how to use org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: open-capacity-platform   Source File: OAuth2ServerConfig.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 对应于配置AuthorizationServer安全认证的相关信息,创建ClientCredentialsTokenEndpointFilter核心过滤器
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    // url:/oauth/token_key,exposes
    security.tokenKeyAccess("permitAll()")
            /// public key for token
            /// verification if using
            /// JWT tokens
            // url:/oauth/check_token
            .checkTokenAccess("isAuthenticated()")
            // allow check token
            .allowFormAuthenticationForClients();

    // security.allowFormAuthenticationForClients();
    //// security.tokenKeyAccess("permitAll()");
    // security.tokenKeyAccess("isAuthenticated()");
}
 
Example 2
@Bean
public AuthorizationServerConfigurer authorizationServerConfigurer() {
	return new AuthorizationServerConfigurerAdapter() {

		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
			clients.inMemory()
			       .withClient("webclient")
			       .secret(passwordEncoder.encode("webclient12345678"))
			       .scopes("account", "message", "email")
			       .resourceIds("resource")
			       .authorizedGrantTypes("client_credentials");
		}
		
		@Override
		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		   oauthServer.checkTokenAccess("isAuthenticated()");    
		}
	};
}
 
Example 3
@Bean
public AuthorizationServerConfigurer authorizationServerConfigurer() {
	return new AuthorizationServerConfigurerAdapter() {
		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
			clients.inMemory()
			       .withClient("browserclient")
			       .secret(passwordEncoder.encode("browserclient12345678"))
			       .scopes("account", "message", "email")
			       .resourceIds("resource")
			       .authorizedGrantTypes("implicit")
			       .redirectUris("http://localhost:8082/hello.html");
		}
		
		@Override
		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		    oauthServer.checkTokenAccess("isAuthenticated()");    
		}

		@Override
		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
			endpoints.authenticationManager(webSecurityConfigurerAdapter.authenticationManagerBean())
			         .userDetailsService(webSecurityConfigurerAdapter.userDetailsServiceBean());
		}			
	};
}
 
Example 4
@Bean
public AuthorizationServerConfigurer authorizationServerConfigurer(
		@Value("${client.web.name}") String clientName, 
   		@Value("${client.web.secret}") String clientSecret) {
	return new AuthorizationServerConfigurerAdapter() {

		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
			clients.inMemory()
			       .withClient(clientName)
			       .secret(passwordEncoder.encode(clientSecret))
			       .scopes("account", "message", "email")
			       .authorizedGrantTypes("client_credentials");
		}
		
		@Override
		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		    oauthServer.checkTokenAccess("isAuthenticated()");    
		}

		@Override
		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
			endpoints.accessTokenConverter(accessTokenConverter());
		}
	};
}
 
Example 5
/**
* 配置 checkTokenAccess 允许哪些请求
*/
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
      oauthServer.allowFormAuthenticationForClients()
              .passwordEncoder(new BCryptPasswordEncoder())
              .tokenKeyAccess("permitAll()") // 允许所有请求访问校验令牌的接口
              .checkTokenAccess("isAuthenticated()");
  }
 
Example 6
/**
 * Configure secret encryption in the same way as ApiBoot Security
 *
 * @param security AuthorizationServerSecurityConfigurer
 * @throws Exception 异常信息
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .passwordEncoder(passwordEncoder())
            // Configure open/oauth/token_key access address
            .tokenKeyAccess("permitAll()")
            // Configure Open /oauth/check_token Access Address
            // Access must be accessible after login privileges
            .checkTokenAccess("isAuthenticated()");
}
 
Example 7
Source Project: gemini   Source File: OAuth2AuthorizationServerConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
            .passwordEncoder(NoOpPasswordEncoder.getInstance()) // client id and secret dont need encryption
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients(); // enable client_id / secret on request body form url encoded
}
 
Example 8
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            // 允许客户端访问 /oauth/check_token 检查 token
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
}
 
Example 9
/**
 * 对应于配置AuthorizationServer安全认证的相关信息,创建ClientCredentialsTokenEndpointFilter核心过滤器
 * @param security
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
            .tokenKeyAccess("isAuthenticated()")
            .checkTokenAccess("permitAll()")
            //让/oauth/token支持client_id以及client_secret作登录认证
            .allowFormAuthenticationForClients();
}
 
Example 10
/**
 * 配置认证规则,哪些需要认证哪些不需要
 *
 * @param oauthServer oauthServer
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    oauthServer
            .passwordEncoder(new BCryptPasswordEncoder())
            // 开启/oauth/token_key验证端口无权限访问
            .tokenKeyAccess("permitAll()")
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
}
 
Example 11
/**
 * 用来配置令牌端点(Token Endpoint)的安全约束.
 *
 * @param oauthServer
 * @throws Exception
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

    oauthServer
            // 允许客户表单认证,不加的话/oauth/token无法访问
            .allowFormAuthenticationForClients()
            // 对于CheckEndpoint控制器[框架自带的校验]的/oauth/token端点允许所有客户端发送器请求而不会被Spring-security拦截
            // 开启/oauth/token_key验证端口无权限访问
            .tokenKeyAccess("permitAll()")
            // 要访问/oauth/check_token必须设置为permitAll(),但这样所有人都可以访问了,设为isAuthenticated()又导致访问不了,这个问题暂时没找到解决方案
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("permitAll()");
}
 
Example 12
/**
 * 资源服务器所需,后面会讲
 * 具体作用见本系列的第二篇文章授权服务器最后一部分
 * 具体原因见本系列的第三篇文章资源服务器
 *
 * @param security security
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
            // 能够验证和解析 token
            .checkTokenAccess("isAuthenticated()")
            // 能够访问我们的公钥
            .tokenKeyAccess("isAuthenticated()");
}
 
Example 13
Source Project: open-cloud   Source File: AuthorizationServerConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("isAuthenticated()")
            // 开启表单认证
            .allowFormAuthenticationForClients();
}
 
Example 14
@Override
public void configure(final AuthorizationServerSecurityConfigurer security) throws Exception {
	security
			.tokenKeyAccess("permitAll()")
			.checkTokenAccess("isAuthenticated()")
	;
}
 
Example 15
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    oauthServer
            // 开启/oauth/token_key验证端口无权限访问
            .tokenKeyAccess("permitAll()")
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("isAuthenticated()");
}
 
Example 16
Source Project: spring-boot-demo   Source File: Oauth2AuthorizationServerConfig.java    License: MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
        // 获取 token key 需要进行 basic 认证客户端信息
        .tokenKeyAccess("isAuthenticated()")
        // 获取 token 信息同样需要 basic 认证客户端信息
        .checkTokenAccess("isAuthenticated()");
}
 
Example 17
/**
* 配置 checkTokenAccess 允许哪些请求
*/
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
      oauthServer.allowFormAuthenticationForClients()
              .passwordEncoder(new BCryptPasswordEncoder())
              .tokenKeyAccess("permitAll()") // 允许所有请求访问校验令牌的接口
              .checkTokenAccess("isAuthenticated()");
  }
 
Example 18
Source Project: SpringCloud   Source File: AuthorizationServerConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    // 支持将client参数放在header或body中
    oauthServer.allowFormAuthenticationForClients();
    oauthServer.tokenKeyAccess("isAuthenticated()")
            .checkTokenAccess("permitAll()");
}
 
Example 19
Source Project: oauth-server   Source File: AuthorizationServerConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 用来配置令牌端点(Token Endpoint)的安全约束
 * allowFormAuthenticationForClients:为了注册 clientCredentialsTokenEndpointFilter
 * ( clientCredentialsTokenEndpointFilter:
 * 解析request中的client_id和client_secret;构造成UsernamePasswordAuthenticationToken,
 * 然后通过UserDetailsService查询作简单的认证,一般是针对password模式和client_credentials
 * )
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer)
        throws Exception {
    oauthServer
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("permitAll()")
            .allowFormAuthenticationForClients();
}
 
Example 20
Source Project: xxproject   Source File: OAuth2AuthorizationServerConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer
    	//.allowFormAuthenticationForClients()
    	.tokenKeyAccess("permitAll()")
    	.checkTokenAccess("isAuthenticated()");
}
 
Example 21
Source Project: fw-cloud-framework   Source File: FwAuthorizationConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
	security.allowFormAuthenticationForClients()
			// 获取JWt加密key: /oauth/token_key 采用RSA非对称加密时候使用。对称加密禁止访问
			// .tokenKeyAccess("isAuthenticated()")
			.checkTokenAccess("permitAll()");
}
 
Example 22
Source Project: spring-cloud-shop   Source File: OAuth2SecurityConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
}
 
Example 23
Source Project: lion   Source File: AuthorizationServerConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("permitAll()")
            .allowFormAuthenticationForClients();
}
 
Example 24
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

    oauthServer
            // we're allowing access to the token only for clients with 'ROLE_TRUSTED_CLIENT' authority
            .tokenKeyAccess("hasAuthority('ROLE_TRUSTED_CLIENT')")
            .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");

}
 
Example 25
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
	security.passwordEncoder(NoOpPasswordEncoder.getInstance());
	if (this.properties.getCheckTokenAccess() != null) {
		security.checkTokenAccess(this.properties.getCheckTokenAccess());
	}
	if (this.properties.getTokenKeyAccess() != null) {
		security.tokenKeyAccess(this.properties.getTokenKeyAccess());
	}
	if (this.properties.getRealm() != null) {
		security.realm(this.properties.getRealm());
	}
}
 
Example 26
Source Project: onetwo   Source File: AuthorizationServerConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
@Override
	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//		security.and().requestMatchers()
		AuthorizationServerProps authProps = oauth2Properties.getAuthorizationServer();
		if(authProps.isAllowFormAuthenticationForClients()){
			security.allowFormAuthenticationForClients();
			//FIX: AuthorizationServerSecurityConfigurer创建form验证filter的时,没有使用配置的oauth2AuthenticationEntryPoint
			security.addObjectPostProcessor(new ClientCredentialsTokenEndpointFilterPostProcessor());
		}
		
		if(authProps.isSslOnly()){
			security.sslOnly();
		}
		if(StringUtils.isNotBlank(authProps.getRealm())){
			security.realm(authProps.getRealm());
		}
		if(StringUtils.isNotBlank(authProps.getCheckTokenAccess())){
			security.checkTokenAccess(authProps.getCheckTokenAccess());
		}
		if(StringUtils.isNotBlank(authProps.getTokenKeyAccess())){
			security.tokenKeyAccess(authProps.getTokenKeyAccess());
		}
		
		if(oauth2AuthenticationEntryPoint!=null){
			security.authenticationEntryPoint(oauth2AuthenticationEntryPoint);
		}
		if(oauth2AccessDeniedHandler!=null){
			security.accessDeniedHandler(oauth2AccessDeniedHandler);
		}
		if(passwordEncoder!=null){
			security.passwordEncoder(passwordEncoder);
		}
	}
 
Example 27
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
	oauthServer
		.allowFormAuthenticationForClients()
		.checkTokenAccess("permitAll()");
}
 
Example 28
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
  // security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").passwordEncoder(passwordEncoder);
  security.passwordEncoder(passwordEncoder);
}
 
Example 29
@Override
public void configure(
        AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}
 
Example 30
Source Project: authmore-framework   Source File: AuthServerConfig.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) {
    oauthServer.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}