【发布时间】:2013-03-02 00:41:05
【问题描述】:
编辑
我已经删除了我在此处发布的不正确配置,因为我觉得那里已经有足够多的不正确/不完整的配置。经过几天的努力,它让一切都按照我想要的方式工作,所以我把它贴在这里作为答案。
【问题讨论】:
标签: java spring spring-security oauth-2.0
【发布时间】:2013-03-02 00:41:05
【问题描述】:
经过几天的努力,我最终得到了一个有效的配置。由于互联网上缺乏好的工作示例,我将在这里分享我的
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.1.xsd">
<!-- <sec:debug /> -->
<!-- Used by the token store -->
<bean id="mysqlDataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<!-- Server configuration -->
<oauth:authorization-server
client-details-service-ref="clientDetailsService" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
<bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<!-- Services for clients -->
<sec:authentication-manager id="clientAuthenticationManager">
<sec:authentication-provider
user-service-ref="clientDetailsUserService" />
</sec:authentication-manager>
<oauth:client-details-service id="clientDetailsService">
<oauth:client client-id="client1"
authorized-grant-types="client_credentials,password,implicit"
authorities="ROLE_WRITE" secret="secret" />
</oauth:client-details-service>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetailsService" />
</bean>
<!-- service for resolving our users. -->
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="userService" />
</authentication-manager>
<bean id="userService" class="our.UserServiceImpl" />
<!-- Managing Tokens -->
<bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="clientDetailsService" ref="clientDetailsService" />
<property name="accessTokenValiditySeconds" value="${security.token.validitySeconds:43200}" />
</bean>
<bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
<constructor-arg ref="mysqlDataSource" />
</bean>
<!-- Token Approval Handler -->
<bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
<property name="tokenServices" ref="tokenServices" />
</bean>
<!-- Resource server -->
<oauth:resource-server id="resourceServerFilter"
resource-id="myRealm" token-services-ref="tokenServices" />
<http pattern="/oauth/token/**" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token/**" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<custom-filter ref="clientCredentialsTokenEndpointFilter"
before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http pattern="/oauth/authorize/**" access-denied-page="/login.jsp?authorization_error=true"
disable-url-rewriting="true" xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/authorize/**" access="IS_AUTHENTICATED_FULLY" />
<form-login authentication-failure-url="/login.jsp?authentication_error=true"
default-target-url="http://www.ourwebsite.com/" login-page="/login.jsp"
login-processing-url="/login.do" />
<http-basic />
<anonymous />
</http>
<http pattern="/login**" access-denied-page="/login.jsp?authorization_error=true"
disable-url-rewriting="true" xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login authentication-failure-url="/login.jsp?authentication_error=true"
default-target-url="http://www.outwebsite.com" login-page="/login.jsp"
login-processing-url="/login.do" />
<http-basic />
</http>
<http pattern="/**" create-session="stateless"
entry-point-ref="clientAuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/security"
access-decision-manager-ref="accessDecisionManager">
<intercept-url pattern="/**" access="ROLE_WRITE" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="myRealm" />
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
我的web.xml 看起来像这样:
<web-app id="Recipe_REST_API" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Our REST API</display-name>
<!-- Servlets -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</context-param>
<!-- filters -->
<filter>
<filter-name>httpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>httpMethodFilter</filter-name>
<servlet-name>mvc-dispatcher</servlet-name>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- listeners -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
【讨论】:
-
您能否分享完整的网络应用程序。真的很有帮助。
-
抱歉,闭源应用程序做不到。你被哪些部分卡住了?
-
实际上我已经得到了一些工作 :) 感谢您的检查。我被这个异常卡住了“需要重定向才能获得用户的批准”,并意识到我不应该处理该异常并让它从我的代码中抛出,然后 Spring 会捡起它并负责将用户转发到适当的 OAuth 提供程序页面。 here 上的这个论坛帖子帮助了我。
-
你有相应的 oauth2 客户端简单设置吗?
-
哇。谢谢你。海量垃圾文档和垃圾文档中的最佳参考。