Java tutorial
/* * Copyright (c) 2015. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 */ package org.test.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory; import java.security.KeyPair; @Configuration @EnableAuthorizationServer public class OAuthConfig extends AuthorizationServerConfigurerAdapter { private AuthenticationManager authenticationManager; @Autowired public void init(AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } @Override public void configure(final AuthorizationServerSecurityConfigurer security) throws Exception { security.checkTokenAccess("permitAll()"); } @Override public void configure(final ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory().withClient("test").accessTokenValiditySeconds(3) //30 minutes .refreshTokenValiditySeconds(60 * 30).authorizedGrantTypes("password", "refresh_token") .scopes("read", "write"); } public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); KeyPair keyPair = new KeyStoreKeyFactory(new ClassPathResource("keystore.jks"), "foobar".toCharArray()) .getKeyPair("test"); converter.setKeyPair(keyPair); return converter; } @Override public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager).accessTokenConverter(jwtAccessTokenConverter()); } }