i new oauth2. have tried hard understand oauth2 , partly succeeded. requirement have website outh2 implemented. have done configuration of server (minimal). resources protected , require authorization prior access. how client integrated on same application? best approach go with?
to specific need know once have authorization server protecting resources how communication should follow client jsp pages server. client send username , password , server need resolve , call internal authorization server , provide client access_token. best approach communicate access_token to/from client. in advance.
my config file
<!-- default url token oauth --> <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientauthenticationmanager" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/oauth/token" access="is_authenticated_fully" /> <anonymous enabled="false" /> <http-basic entry-point-ref="clientauthenticationentrypoint" /> <!-- include if need authenticate clients via request parameters --> <custom-filter ref="clientcredentialstokenendpointfilter" after="basic_auth_filter" /> <access-denied-handler ref="oauthaccessdeniedhandler" /> </http> <!-- tells spring security url should protected , roles have access them --> <http pattern="/abc/**" create-session="never" entry-point-ref="oauthauthenticationentrypoint" access-decision-manager-ref="accessdecisionmanager" xmlns="http://www.springframework.org/schema/security"> <anonymous enabled="false" /> <intercept-url pattern="/abc/**" access="role_app" /> <custom-filter ref="resourceserverfilter" before="pre_auth_filter" /> <access-denied-handler ref="oauthaccessdeniedhandler" /> </http> <bean id="oauthauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <property name="realmname" value="test" /> </bean> <bean id="clientauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <property name="realmname" value="test/client" /> <property name="typename" value="basic" /> </bean> <bean id="oauthaccessdeniedhandler" class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler" /> <bean id="clientcredentialstokenendpointfilter" class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter"> <property name="authenticationmanager" ref="clientauthenticationmanager" /> </bean> <bean id="accessdecisionmanager" class="org.springframework.security.access.vote.unanimousbased" xmlns="http://www.springframework.org/schema/beans"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.scopevoter" /> <bean class="org.springframework.security.access.vote.rolevoter" /> <bean class="org.springframework.security.access.vote.authenticatedvoter" /> </list> </constructor-arg> </bean> <authentication-manager id="clientauthenticationmanager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider user-service-ref="clientdetailsuserservice" /> </authentication-manager> <!-- simple authentication manager, hardcoded user/password combination. can replace user defined service few users credentials db --> <authentication-manager alias="authenticationmanager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider> <user-service> <user name="iconnect" password="iconnect" authorities="role_app" /> </user-service> </authentication-provider> </authentication-manager> <bean id="clientdetailsuserservice" class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice"> <constructor-arg ref="clientdetails" /> </bean> <!-- defined token store, have used inmemory tokenstore can changed user defined 1 --> <bean id="tokenstore" class="org.springframework.security.oauth2.provider.token.store.inmemorytokenstore" /> <!-- defined token based configurations, token validity , other things --> <bean id="tokenservices" class="org.springframework.security.oauth2.provider.token.defaulttokenservices"> <property name="tokenstore" ref="tokenstore" /> <property name="supportrefreshtoken" value="true" /> <property name="accesstokenvalidityseconds" value="120" /> <property name="clientdetailsservice" ref="clientdetails" /> </bean> <bean id="oauth2requestfactory" class="org.springframework.security.oauth2.provider.request.defaultoauth2requestfactory"> <constructor-arg ref="clientdetails" /> </bean> <bean id="userapprovalhandler" class="org.springframework.security.oauth2.provider.approval.tokenstoreuserapprovalhandler"> <property name="requestfactory" ref="oauth2requestfactory" /> <property name="tokenstore" ref="tokenstore" /> </bean> <oauth:authorization-server client-details-service-ref="clientdetails" token-services-ref="tokenservices" user-approval-handler-ref="userapprovalhandler"> <oauth:authorization-code /> <oauth:implicit /> <oauth:refresh-token /> <oauth:client-credentials /> <oauth:password /> </oauth:authorization-server> <oauth:resource-server id="resourceserverfilter" resource-id="test" token-services-ref="tokenservices" /> <oauth:client-details-service id="clientdetails"> <!-- client --> <oauth:client client-id="restapp" authorized-grant-types="authorization_code,client_credentials" authorities="role_app" secret="secret" /> <oauth:client client-id="restapp" authorized-grant-types="password,authorization_code,refresh_token,implicit" secret="restapp" authorities="role_app" /> </oauth:client-details-service> <sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true"> <!--you wire in expression handler @ layer of http filters. see https://jira.springsource.org/browse/sec-1452 --> <sec:expression-handler ref="oauthexpressionhandler" /> </sec:global-method-security> <oauth:expression-handler id="oauthexpressionhandler" /> <oauth:web-expression-handler id="oauthwebexpressionhandler" />
Comments
Post a Comment