i have developed spring app (with rest services) , protected using spring oauth2 users credentials mysql database. it's work fine , can access protected resources using oauth access_token . problem how can make processus works transparently user , lets me explain , me following steps work :
i try access_token /oauth/token :
localhost:8080/rsoneapp/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=admin&password=adminpass
i request protected resource sending access_token generated above :
localhost:8080/rsoneapp/v1/books/getall?access_token=b88564a5-54a2-4afa-bf4f-85aefd58412
however see should access_token , copy/past argument protected resource . user should have view contain username & password ,
how it's supposed work, , should access_token , refresh token stored , , how use them transparently final user side ?
can 1 give me whole processus example use database. stacked here !
security-config.xml :
<?xml version="1.0" encoding="utf-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:context="http://www.springframework.org/schema/context" xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemalocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd "> <!--<bean name="configclass" class="com.rsone.config.persistenceconfig" /> --> <!-- default url token oauth --> <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientauthenticationmanager" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/oauth/token" access="is_authenticated_fully" /> <anonymous enabled="false" /> <http-basic entry-point-ref="clientauthenticationentrypoint" /> <!-- include if need authenticate clients via request parameters --> <custom-filter ref="clientcredentialstokenendpointfilter" after="basic_auth_filter" /> <access-denied-handler ref="oauthaccessdeniedhandler" /> </http> <!-- tells spring security url should protected , roles have access them --> <http pattern="/v1/**" create-session="never" entry-point-ref="oauthauthenticationentrypoint" access-decision-manager-ref="accessdecisionmanager" xmlns="http://www.springframework.org/schema/security"> <anonymous enabled="false" /> <intercept-url pattern="/v1/test" access="role_app" /> <custom-filter ref="resourceserverfilter" before="pre_auth_filter" /> <access-denied-handler ref="oauthaccessdeniedhandler" /> </http> <bean id="oauthauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <property name="realmname" value="test" /> </bean> <bean id="clientauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <property name="realmname" value="test/client" /> <property name="typename" value="basic" /> </bean> <bean id="oauthaccessdeniedhandler" class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler" /> <bean id="clientcredentialstokenendpointfilter" class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter"> <property name="authenticationmanager" ref="clientauthenticationmanager" /> </bean> <bean id="accessdecisionmanager" class="org.springframework.security.access.vote.unanimousbased" xmlns="http://www.springframework.org/schema/beans"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.scopevoter" /> <bean class="org.springframework.security.access.vote.rolevoter" /> <bean class="org.springframework.security.access.vote.authenticatedvoter" /> </list> </constructor-arg> </bean> <authentication-manager id="clientauthenticationmanager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider user-service-ref="clientdetailsuserservice" /> </authentication-manager> <!-- simple authentication manager, hardcoded user/password combination. can replace user defined service few users credentials db --> <authentication-manager alias="authenticationmanager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider> <jdbc-user-service data-source-ref="datasource" users-by-username-query=" select login,password,'true' users u u.login=?" authorities-by-username-query=" select u.login,ur.authority users u,user_roles ur u.id=ur.user_id , u.login=?" /> </authentication-provider> </authentication-manager> <bean id="clientdetailsuserservice" class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice"> <constructor-arg ref="clientdetails" /> </bean> <bean id="tokenstore" class="org.springframework.security.oauth2.provider.token.store.jdbctokenstore"> <constructor-arg ref="datasource" /> </bean> <!-- defined token based configurations, token validity , other things --> <bean id="tokenservices" class="org.springframework.security.oauth2.provider.token.defaulttokenservices"> <property name="tokenstore" ref="tokenstore" /> <property name="supportrefreshtoken" value="true" /> <property name="accesstokenvalidityseconds" value="120" /> <property name="clientdetailsservice" ref="clientdetails" /> </bean> <!-- old <bean id="userapprovalhandler" class="org.springframework.security.oauth2.provider.approval.tokenservicesuserapprovalhandler"> <property name="tokenservices" ref="tokenservices" /> </bean> --> <bean id="userapprovalhandler" class="org.springframework.security.oauth2.provider.approval.tokenstoreuserapprovalhandler"> <property name="tokenstore" ref="tokenstore"/> <property name="requestfactory" ref="oauth2requestfactory"/> </bean> <oauth:authorization-server client-details-service-ref="clientdetails" token-services-ref="tokenservices" user-approval-handler-ref="userapprovalhandler" token-endpoint-url="/oauth/token"> <oauth:authorization-code /> <oauth:implicit /> <oauth:refresh-token /> <oauth:client-credentials /> <oauth:password /> </oauth:authorization-server> <oauth:resource-server id="resourceserverfilter" resource-id="test" token-services-ref="tokenservices" /> <oauth:client-details-service id="clientdetails"> <!-- client --> <oauth:client client-id="restapp" authorized-grant-types="authorization_code,client_credentials" authorities="role_app" scope="read,write,trust" secret="secret" /> <oauth:client client-id="restapp" authorized-grant-types="password,authorization_code,refresh_token,implicit" secret="restapp" authorities="role_app" /> </oauth:client-details-service> <sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true"> <!--you wire in expression handler @ layer of http filters. see https://jira.springsource.org/browse/sec-1452 --> <sec:expression-handler ref="oauthexpressionhandler" /> </sec:global-method-security> <oauth:expression-handler id="oauthexpressionhandler" /> <oauth:web-expression-handler id="oauthwebexpressionhandler" /> <!-- added --> <bean id="oauth2requestfactory" class="org.springframework.security.oauth2.provider.request.defaultoauth2requestfactory"> <constructor-arg ref="clientdetails"/> </bean> </beans> in database have user table , user_roles table
user user_roles ---- ------------ id,.. id,user_id,role
have same problem you, hoped there person going give everithing. in case when try access / oauth / token using url: localhost: 8080 / oauth / token grant_type = password & client_id restapp = & username = admin & password = password?
it not work
that's xml configuration file :
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <global-method-security pre-post-annotations="enabled" jsr250-annotations="enabled" secured-annotations="enabled" proxy-target-class="true"> <expression-handler ref="oauthexpressionhandler" /> </global-method-security> <!-- definition of authentication service --> <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientauthenticationmanager"> <intercept-url pattern="/oauth/token" access="is_authenticated_fully"/> <anonymous enabled="false"/> <http-basic entry-point-ref="clientauthenticationentrypoint"/> <custom-filter ref="clientcredentialstokenendpointfilter" after="basic_auth_filter" /> <access-denied-handler ref="oauthaccessdeniedhandler"/> </http> <!-- protected resources --> <http pattern="/rest/**" create-session="never" entry-point-ref="oauthauthenticationentrypoint" access-decision-manager-ref="accessdecisionmanager"> <anonymous enabled="false"/> <intercept-url pattern="/rest/api" access="role_app"/> <custom-filter ref="resourceserverfilter" before="pre_auth_filter"/> <access-denied-handler ref="oauthaccessdeniedhandler"/> </http> <beans:bean id="oauthauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <beans:property name="realmname" value="test"/> </beans:bean> <beans:bean id="clientauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <beans:property name="realmname" value="test/client"/> <beans:property name="typename" value="basic"/> </beans:bean> <beans:bean id="oauthaccessdeniedhandler" class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler"/> <beans:bean id="clientcredentialstokenendpointfilter" class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter"> <beans:property name="authenticationmanager" ref="clientauthenticationmanager"/> </beans:bean> <beans:bean id="accessdecisionmanager" class="org.springframework.security.access.vote.unanimousbased" xmlns="http://www.springframework.org/schema/beans"> <beans:constructor-arg> <beans:list> <bean class="org.springframework.security.oauth2.provider.vote.scopevoter"/> <bean class="org.springframework.security.access.vote.rolevoter"/> <bean class="org.springframework.security.access.vote.authenticatedvoter"/> </beans:list> </beans:constructor-arg> </beans:bean> <!-- authentication in config file --> <authentication-manager id="clientauthenticationmanager"> <authentication-provider user-service-ref="clientdetailsuserservice"/> </authentication-manager> <authentication-manager alias="authenticationmanager"> <authentication-provider> <user-service id="userdetailsservice"> <user name="admin" password="password" authorities="role_app"/> </user-service> </authentication-provider> </authentication-manager> <beans:bean id="clientdetailsuserservice" class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice"> <beans:constructor-arg ref="clientdetails"/> </beans:bean> <!-- token store --> <beans:bean id="tokenstore" class="org.springframework.security.oauth2.provider.token.inmemorytokenstore"/> <beans:bean id="tokenservices" class="org.springframework.security.oauth2.provider.token.defaulttokenservices"> <beans:property name="tokenstore" ref="tokenstore"/> <beans:property name="supportrefreshtoken" value="true"/> <beans:property name="accesstokenvalidityseconds" value="120"/> <beans:property name="clientdetailsservice" ref="clientdetails"/> </beans:bean> <beans:bean id="userapprovalhandler" class="org.springframework.security.oauth2.provider.approval.tokenservicesuserapprovalhandler"> <beans:property name="tokenservices" ref="tokenservices"/> </beans:bean> <!-- added --> <beans:bean id="oauth2requestfactory" class="org.springframework.security.oauth2.provider.request.defaultoauth2requestfactory"> <constructor-arg ref="clientdetails"/> </beans:bean> <!-- token management --> <oauth:authorization-server client-details-service-ref="clientdetails" token-services-ref="tokenservices" user-approval-handler-ref="userapprovalhandler"> <oauth:authorization-code/> <oauth:implicit/> <oauth:refresh-token/> <oauth:client-credentials/> <oauth:password/> </oauth:authorization-server> <oauth:resource-server id="resourceserverfilter" resource-id="test" token-services-ref="tokenservices"/> <!-- client definition --> <oauth:client-details-service id="clientdetails"> <oauth:client client-id="restapp" authorized-grant-types="authorization_code,client_credentials" authorities="role_app" scope="read,write,trust" access-token-validity="30" refresh-token-validity="600"/> <oauth:client client-id="restapp" authorized-grant-types="password,authorization_code,refresh_token,implicit" secret="restapp" authorities="role_app" /> </oauth:client-details-service> <oauth:expression-handler id="oauthexpressionhandler" /> <oauth:web-expression-handler id="oauthwebexpressionhandler"/> </beans:beans> 
Comments
Post a Comment