org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer Java Examples

The following examples show how to use org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthSvrApplication.java    From Spring5Tutorial with GNU Lesser General Public License v3.0 7 votes vote down vote up
@Bean
public AuthorizationServerConfigurer authorizationServerConfigurer(
		@Value("${client.web.name}") String clientName, 
   		@Value("${client.web.secret}") String clientSecret) {
	return new AuthorizationServerConfigurerAdapter() {

		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
			clients.inMemory()
			       .withClient(clientName)
			       .secret(passwordEncoder.encode(clientSecret))
			       .scopes("account", "message", "email")
			       .authorizedGrantTypes("client_credentials");
		}
		
		@Override
		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		    oauthServer.checkTokenAccess("isAuthenticated()");    
		}

		@Override
		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
			endpoints.accessTokenConverter(accessTokenConverter());
		}
	};
}
 
Example #2
Source File: AuthSvrApplication.java    From Spring5Tutorial with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Bean
public AuthorizationServerConfigurer authorizationServerConfigurer() {
	return new AuthorizationServerConfigurerAdapter() {

		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
			clients.inMemory()
			       .withClient("webclient")
			       .secret(passwordEncoder.encode("webclient12345678"))
			       .scopes("account", "message", "email")
			       .resourceIds("resource")
			       .authorizedGrantTypes("client_credentials");
		}
		
		@Override
		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		   oauthServer.checkTokenAccess("isAuthenticated()");    
		}
	};
}
 
Example #3
Source File: AuthSvrApplication.java    From Spring5Tutorial with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Bean
public AuthorizationServerConfigurer authorizationServerConfigurer() {
	return new AuthorizationServerConfigurerAdapter() {
		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
			clients.inMemory()
			       .withClient("browserclient")
			       .secret(passwordEncoder.encode("browserclient12345678"))
			       .scopes("account", "message", "email")
			       .resourceIds("resource")
			       .authorizedGrantTypes("implicit")
			       .redirectUris("http://localhost:8082/hello.html");
		}
		
		@Override
		public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		    oauthServer.checkTokenAccess("isAuthenticated()");    
		}

		@Override
		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
			endpoints.authenticationManager(webSecurityConfigurerAdapter.authenticationManagerBean())
			         .userDetailsService(webSecurityConfigurerAdapter.userDetailsServiceBean());
		}			
	};
}
 
Example #4
Source File: OAuth2ServerConfig.java    From open-capacity-platform with Apache License 2.0 6 votes vote down vote up
/**
 * 对应于配置AuthorizationServer安全认证的相关信息,创建ClientCredentialsTokenEndpointFilter核心过滤器
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    // url:/oauth/token_key,exposes
    security.tokenKeyAccess("permitAll()")
            /// public key for token
            /// verification if using
            /// JWT tokens
            // url:/oauth/check_token
            .checkTokenAccess("isAuthenticated()")
            // allow check token
            .allowFormAuthenticationForClients();

    // security.allowFormAuthenticationForClients();
    //// security.tokenKeyAccess("permitAll()");
    // security.tokenKeyAccess("isAuthenticated()");
}
 
Example #5
Source File: AuthorizationServerConfiguration.java    From spring-security with Apache License 2.0 5 votes vote down vote up
/**
 * 用来配置令牌端点(Token Endpoint)的安全约束.
 *
 * @param oauthServer
 * @throws Exception
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

    oauthServer
            // 允许客户表单认证,不加的话/oauth/token无法访问
            .allowFormAuthenticationForClients()
            // 对于CheckEndpoint控制器[框架自带的校验]的/oauth/token端点允许所有客户端发送器请求而不会被Spring-security拦截
            // 开启/oauth/token_key验证端口无权限访问
            .tokenKeyAccess("permitAll()")
            // 要访问/oauth/check_token必须设置为permitAll(),但这样所有人都可以访问了,设为isAuthenticated()又导致访问不了,这个问题暂时没找到解决方案
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("permitAll()");
}
 
Example #6
Source File: AuthorizationServerConfiguration.java    From onetwo with Apache License 2.0 5 votes vote down vote up
@Override
	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//		security.and().requestMatchers()
		AuthorizationServerProps authProps = oauth2Properties.getAuthorizationServer();
		if(authProps.isAllowFormAuthenticationForClients()){
			security.allowFormAuthenticationForClients();
			//FIX: AuthorizationServerSecurityConfigurer创建form验证filter的时,没有使用配置的oauth2AuthenticationEntryPoint
			security.addObjectPostProcessor(new ClientCredentialsTokenEndpointFilterPostProcessor());
		}
		
		if(authProps.isSslOnly()){
			security.sslOnly();
		}
		if(StringUtils.isNotBlank(authProps.getRealm())){
			security.realm(authProps.getRealm());
		}
		if(StringUtils.isNotBlank(authProps.getCheckTokenAccess())){
			security.checkTokenAccess(authProps.getCheckTokenAccess());
		}
		if(StringUtils.isNotBlank(authProps.getTokenKeyAccess())){
			security.tokenKeyAccess(authProps.getTokenKeyAccess());
		}
		
		if(oauth2AuthenticationEntryPoint!=null){
			security.authenticationEntryPoint(oauth2AuthenticationEntryPoint);
		}
		if(oauth2AccessDeniedHandler!=null){
			security.accessDeniedHandler(oauth2AccessDeniedHandler);
		}
		if(passwordEncoder!=null){
			security.passwordEncoder(passwordEncoder);
		}
	}
 
Example #7
Source File: ApiBootAuthorizationServerConfiguration.java    From beihu-boot with Apache License 2.0 5 votes vote down vote up
/**
 * Configure secret encryption in the same way as ApiBoot Security
 *
 * @param security AuthorizationServerSecurityConfigurer
 * @throws Exception 异常信息
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .passwordEncoder(passwordEncoder())
            // Configure open/oauth/token_key access address
            .tokenKeyAccess("permitAll()")
            // Configure Open /oauth/check_token Access Address
            // Access must be accessible after login privileges
            .checkTokenAccess("isAuthenticated()");
}
 
Example #8
Source File: OAuth2AuthorizationServerConfig.java    From gemini with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
            .passwordEncoder(NoOpPasswordEncoder.getInstance()) // client id and secret dont need encryption
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients(); // enable client_id / secret on request body form url encoded
}
 
Example #9
Source File: AuthorizationServerConfiguration.java    From MyShopPlus with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            // 允许客户端访问 /oauth/check_token 检查 token
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
}
 
Example #10
Source File: OAuth2AuthorizationServerConfig.java    From xxproject with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer
    	//.allowFormAuthenticationForClients()
    	.tokenKeyAccess("permitAll()")
    	.checkTokenAccess("isAuthenticated()");
}
 
Example #11
Source File: AuthorizationServerConfig.java    From SpringCloud with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    // 支持将client参数放在header或body中
    oauthServer.allowFormAuthenticationForClients();
    oauthServer.tokenKeyAccess("isAuthenticated()")
            .checkTokenAccess("permitAll()");
}
 
Example #12
Source File: OauthAuthorizationServerConfig.java    From codeway_service with GNU General Public License v3.0 5 votes vote down vote up
/**
* 配置 checkTokenAccess 允许哪些请求
*/
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
      oauthServer.allowFormAuthenticationForClients()
              .passwordEncoder(new BCryptPasswordEncoder())
              .tokenKeyAccess("permitAll()") // 允许所有请求访问校验令牌的接口
              .checkTokenAccess("isAuthenticated()");
  }
 
Example #13
Source File: OAuth2AuthorizationServerConfiguration.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
	security.passwordEncoder(NoOpPasswordEncoder.getInstance());
	if (this.properties.getCheckTokenAccess() != null) {
		security.checkTokenAccess(this.properties.getCheckTokenAccess());
	}
	if (this.properties.getTokenKeyAccess() != null) {
		security.tokenKeyAccess(this.properties.getTokenKeyAccess());
	}
	if (this.properties.getRealm() != null) {
		security.realm(this.properties.getRealm());
	}
}
 
Example #14
Source File: AuthorizationServerConfig.java    From microservices-platform with Apache License 2.0 5 votes vote down vote up
/**
 * 对应于配置AuthorizationServer安全认证的相关信息,创建ClientCredentialsTokenEndpointFilter核心过滤器
 * @param security
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
            .tokenKeyAccess("isAuthenticated()")
            .checkTokenAccess("permitAll()")
            //让/oauth/token支持client_id以及client_secret作登录认证
            .allowFormAuthenticationForClients();
}
 
Example #15
Source File: AuthorizationServerConfig.java    From oauth-server with Apache License 2.0 5 votes vote down vote up
/**
 * 用来配置令牌端点(Token Endpoint)的安全约束
 * allowFormAuthenticationForClients:为了注册 clientCredentialsTokenEndpointFilter
 * ( clientCredentialsTokenEndpointFilter:
 * 解析request中的client_id和client_secret;构造成UsernamePasswordAuthenticationToken,
 * 然后通过UserDetailsService查询作简单的认证,一般是针对password模式和client_credentials
 * )
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer)
        throws Exception {
    oauthServer
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("permitAll()")
            .allowFormAuthenticationForClients();
}
 
Example #16
Source File: OauthAuthorizationServerConfig.java    From codeway_service with GNU General Public License v3.0 5 votes vote down vote up
/**
* 配置 checkTokenAccess 允许哪些请求
*/
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
      oauthServer.allowFormAuthenticationForClients()
              .passwordEncoder(new BCryptPasswordEncoder())
              .tokenKeyAccess("permitAll()") // 允许所有请求访问校验令牌的接口
              .checkTokenAccess("isAuthenticated()");
  }
 
Example #17
Source File: CustomAuthorizationServerConfigurer.java    From spring-microservice-exam with MIT License 5 votes vote down vote up
/**
 * 配置认证规则,哪些需要认证哪些不需要
 *
 * @param oauthServer oauthServer
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    oauthServer
            .passwordEncoder(new BCryptPasswordEncoder())
            // 开启/oauth/token_key验证端口无权限访问
            .tokenKeyAccess("permitAll()")
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
}
 
Example #18
Source File: AuthorizationConfig.java    From Using-Spring-Oauth2-to-secure-REST with MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

    oauthServer
            // we're allowing access to the token only for clients with 'ROLE_TRUSTED_CLIENT' authority
            .tokenKeyAccess("hasAuthority('ROLE_TRUSTED_CLIENT')")
            .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");

}
 
Example #19
Source File: Oauth2AuthorizationServerConfig.java    From spring-boot-demo with MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
        // 获取 token key 需要进行 basic 认证客户端信息
        .tokenKeyAccess("isAuthenticated()")
        // 获取 token 信息同样需要 basic 认证客户端信息
        .checkTokenAccess("isAuthenticated()");
}
 
Example #20
Source File: Oauth2AuthorizationServerConfig.java    From spring-security-oauth2-demo with GNU General Public License v3.0 5 votes vote down vote up
/**
 * 资源服务器所需,后面会讲
 * 具体作用见本系列的第二篇文章授权服务器最后一部分
 * 具体原因见本系列的第三篇文章资源服务器
 *
 * @param security security
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    security
            // 能够验证和解析 token
            .checkTokenAccess("isAuthenticated()")
            // 能够访问我们的公钥
            .tokenKeyAccess("isAuthenticated()");
}
 
Example #21
Source File: FwAuthorizationConfiguration.java    From fw-cloud-framework with MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
	security.allowFormAuthenticationForClients()
			// 获取JWt加密key: /oauth/token_key 采用RSA非对称加密时候使用。对称加密禁止访问
			// .tokenKeyAccess("isAuthenticated()")
			.checkTokenAccess("permitAll()");
}
 
Example #22
Source File: AuthorizationServerConfiguration.java    From open-cloud with MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("isAuthenticated()")
            // 开启表单认证
            .allowFormAuthenticationForClients();
}
 
Example #23
Source File: AuthorizationServerConfiguration.java    From springdoc-openapi with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(final AuthorizationServerSecurityConfigurer security) throws Exception {
	security
			.tokenKeyAccess("permitAll()")
			.checkTokenAccess("isAuthenticated()")
	;
}
 
Example #24
Source File: AuthorizationServerConfig.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    oauthServer
            // 开启/oauth/token_key验证端口无权限访问
            .tokenKeyAccess("permitAll()")
            // 开启/oauth/check_token验证端口认证权限访问
            .checkTokenAccess("isAuthenticated()");
}
 
Example #25
Source File: AuthorizationServerConfig.java    From lion with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("permitAll()")
            .allowFormAuthenticationForClients();
}
 
Example #26
Source File: OAuth2SecurityConfiguration.java    From spring-cloud-shop with MIT License 5 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
}
 
Example #27
Source File: OAuth2Config.java    From spring-cloud-gray with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.tokenKeyAccess("permitAll()").checkTokenAccess(
            "isAuthenticated()");
}
 
Example #28
Source File: SsoAuthConfig.java    From wangsy-january with Apache License 2.0 4 votes vote down vote up
/**
 * 认证服务器安全配置
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
    // 访问服务器的tokenKey(下面的wangsy)时候需要身份认证
    security.tokenKeyAccess("isAuthenticated()");
}
 
Example #29
Source File: AuthorizationServerConfig.java    From Oauth2-Stateless-Authentication-with-Spring-and-JWT-Token with MIT License 4 votes vote down vote up
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer
            .tokenKeyAccess("isAnonymous() || hasAuthority('ROLE_TRUSTED_CLIENT')")
            .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");
}
 
Example #30
Source File: AuthorizationServerConfig.java    From black-shop with Apache License 2.0 4 votes vote down vote up
/**
 * 检查tokenURL开启 /oauth/check_token.
 *
 */
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
	oauthServer.allowFormAuthenticationForClients().checkTokenAccess("isAuthenticated()");
}