Java tutorial
/* * * Springstrap * * @author Jan Philipp Knller <info@pksoftware.de> * * Homepage: http://ui5strap.com/springstrap * * Copyright (c) 2013-2014 Jan Philipp Knller <info@pksoftware.de> * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * Released under Apache2 license: http://www.apache.org/licenses/LICENSE-2.0.txt * */ package de.pksoftware.springstrap.core.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.oauth2.provider.token.DefaultTokenServices; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; @Configuration @EnableAuthorizationServer public abstract class AuthServerConfigBase extends AuthorizationServerConfigurerAdapter { @Value("${server.url:}") protected String serverUrl; /** * Inject Authentication Manager. Authentication Manager is defined in WebSecurityConfig. */ @Autowired @Qualifier("authenticationManagerBean") private AuthenticationManager authenticationManager; /** * Token Configuration */ @Autowired private ClientDetailsService clientDetailsService; /** * Array of resource IDs that should be protected by this Authorization Server. */ protected abstract String[] getResourceIds(); /** * Resource Owner flow. */ protected abstract String trustedClientId(); protected abstract String trustedClientSecret(); /** * Redirect Url for implicit flow. */ protected String[] getDefaultRedirectUris() { if (null != serverUrl && !serverUrl.isEmpty()) { return new String[] { serverUrl }; } throw new RuntimeException( "Either set a 'server.url' property inside your server.properties file, or overwrite getDefaultRedirectUris() in your AuthServerConfig."); } /** * * @return */ protected abstract String getJwtSigningKey(); /** * Configure the OAuth2 Authorization Server Endpoints. */ @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { //Configure endpoints endpoints.tokenServices(authorizationServerTokenServicesBean()) .authenticationManager(authenticationManager); } /** * Configure the OAuth2 Authorization Server Security. */ @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { //Only allow token access to authenticated accounts. oauthServer.checkTokenAccess("isAuthenticated()"); //Allow form authentication for clients. oauthServer.allowFormAuthenticationForClients(); } /** * Configure OAuth2 Authorization Server Client Details. */ @Override public abstract void configure(ClientDetailsServiceConfigurer clients) throws Exception; /** * Create the Token Store Bean. We use JwtTokenStore. * * @return */ @Bean public JwtTokenStore jwtTokenStoreBean() { JwtTokenStore store = new JwtTokenStore(jwtAccessTokenConverterBean()); return store; } /** * Create a JwtAccessTokenConverter Bean. * * @return */ @Bean protected JwtAccessTokenConverter jwtAccessTokenConverterBean() { final JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); jwtAccessTokenConverter.setSigningKey(getJwtSigningKey()); return jwtAccessTokenConverter; } /** * Create a AuthorizationServerTokenServices Bean. * * @return */ @Bean @Primary public AuthorizationServerTokenServices authorizationServerTokenServicesBean() { final DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(jwtTokenStoreBean()); defaultTokenServices.setClientDetailsService(clientDetailsService); defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverterBean()); defaultTokenServices.setSupportRefreshToken(true); return defaultTokenServices; } }