0
我正在實現一個Oauth2服務器到現有的REST api中,以增加它的某些部分的安全性。 問題是:如果我沒有在主類中聲明ResourceServer和AuthorizationServer的@configuration,那麼spring安全性不會加載配置,所以我無法訪問API。如何正確地將Oauth2服務器設置爲Spring現有的API?
我想把這個配置放在一個外部類中的不同包中,但我對Spring很新,而且我找不到適當的方法。
所以我的外部配置文件,如果他的內容是主類內,但如果沒有一個外部文件的作品:
SecurityConf.java
@RestController
@Configuration
public class Security {
@RequestMapping("/")
public String home() {
return "Hello World";
}
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/features/**").permitAll()
.antMatchers("/itineraries/**").permitAll()
.anyRequest().access("#oauth2.hasScope('read')"); //This makes all other petitions under authorization
}
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
resources.resourceId("sparklr");
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory().withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code",
"refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust").resourceIds("sparklr")
.accessTokenValiditySeconds(60).and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code").authorities("ROLE_CLIENT")
.scopes("read", "trust").resourceIds("sparklr")
.redirectUris("http://anywhere?key=value").and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT").scopes("read").resourceIds("sparklr")
.secret("secret");
// @formatter:on
}
}
}
和主類,
Application.java
@Configuration
@EnableConfigurationProperties
@ComponentScan(basePackageClasses = SimpleCORSFilter.class)
@EnableAutoConfiguration
@EntityScan(basePackages = "com.pace.things.model")
public class Application {
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
registrationBean.setFilter(characterEncodingFilter);
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
registrationBean.setOrder(Integer.MIN_VALUE);
registrationBean.addUrlPatterns("/*");
return registrationBean;
}
public static void main(String[] args) {
SpringApplication application = new SpringApplication(Application.class);
SpringApplication.run(Application.class, args);
}
}
那麼我忘記了什麼?提前
感謝
我自己解決了這個問題[other](http://stackoverflow.com/questions/42401181/how-to-add-spring-websecurityconfig-to-an-existing-project)線程。 – selan