w5BYyQfg

· 7 years ago · Jun 15, 2018, 02:44 AM
1@Value("${security.jwt.client_secret}")
2private String CLIENT_SECRET;
3@Value("${security.jwt.client_id}")
4private String CLIENT_ID;
5@Value("${security.jwt.grant_type_password}")
6private String GRANT_TYPE_PASSWORD;
7@Value("${security.jwt.grant_type_password}")
8private String AUTHORIZATION_CODE;
9@Value("${security.jwt.refresh_token}")
10private String REFRESH_TOKEN;
11@Value("${security.jwt.implicit}")
12private String IMPLICIT;
13@Value("${security.jwt.scope_read}")
14private String SCOPE_READ;
15@Value("${security.jwt.scope_write}")
16private String SCOPE_WRITE;
17@Value("${security.jwt.trust}")
18private String TRUST;
19@Value("${security.jwt.signin_key}")
20private String SIGNIN_KEY;
21@Value("${security.jwt.access_tokn_validity_seconds}")
22private int ACCESS_TOKEN_VALIDITY_SECONDS;
23@Value("${security.jwt.frefresh_tokn_validity_seconds}")
24private int FREFRESH_TOKEN_VALIDITY_SECONDS;
25
26@Autowired
27private AuthenticationManager authenticationManager;
28
29@Bean
30public JwtAccessTokenConverter accessTokenConverter() {
31    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
32    converter.setSigningKey(SIGNIN_KEY);
33    return converter;
34}
35
36@Bean
37public TokenStore tokenStore() {
38    return new JwtTokenStore(accessTokenConverter());
39}
40
41@Override
42public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
43
44    configurer
45            .inMemory()
46            .withClient(CLIENT_ID)
47            .secret(CLIENT_SECRET)
48            .authorizedGrantTypes(GRANT_TYPE_PASSWORD, AUTHORIZATION_CODE, REFRESH_TOKEN, IMPLICIT )
49            .scopes(SCOPE_READ, SCOPE_WRITE, TRUST)
50            .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
51            .authorities()
52            .refreshTokenValiditySeconds(FREFRESH_TOKEN_VALIDITY_SECONDS);
53}
54
55@Override
56public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
57    endpoints.tokenStore(tokenStore())
58            .authenticationManager(authenticationManager)
59            .accessTokenConverter(accessTokenConverter());
60}
61	
62@Value("${security.oauth2.resource.resource_id}")
63private String RESOURCE_ID;
64
65@Override
66public void configure(ResourceServerSecurityConfigurer resources) {
67    resources.resourceId(RESOURCE_ID).stateless(false);
68}
69
70@Override
71public void configure(HttpSecurity http) throws Exception {
72    /*
73    *  here configure the security zone:
74    *           the resource /oauth/token is public and not security
75    *           the resource /user is private only for admin role
76    *           any resources in the itaca are in secure zone and need use the token
77    */
78    http
79            .headers().frameOptions().disable()
80            .and().authorizeRequests()
81            .antMatchers("/oauth/token", "/oauth/authorize**", "/public").permitAll()
82            .antMatchers("/user").access("hasRole('ADMIN')")
83            .anyRequest().authenticated()
84            .and()
85            .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler())
86            .and()
87            .formLogin() // if exist form  login
88            .permitAll()
89            .and()
90            .logout()    // if exist form or process logout
91            .permitAll();
92}
93	
94@Value("${security.jwt.signin_key}")
95private String SIGNIN_KEY;
96
97@Resource(name = "userService")
98private UserDetailsService userDetailsService;
99
100@Override
101@Bean
102public AuthenticationManager authenticationManagerBean() throws Exception {
103    return super.authenticationManagerBean();
104}
105
106@Autowired
107public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
108    auth.userDetailsService(userDetailsService)
109            .passwordEncoder(encoder());
110}
111
112@Override
113protected void configure(HttpSecurity http) throws Exception {
114    http
115            .headers().frameOptions().disable()
116            .and().authorizeRequests()
117            .antMatchers("/oauth/token", "/oauth/authorize**", "/public").permitAll()
118            .antMatchers("/user").access("hasRole('ADMIN')")
119            .antMatchers("/api-docs/**").permitAll()
120            .anyRequest().authenticated()
121            .and()
122            .formLogin()
123            .permitAll()
124            .and()
125            .logout()
126            .permitAll();
127}
128
129@Bean
130public BCryptPasswordEncoder encoder(){
131    return new BCryptPasswordEncoder();
132}
133
134@Bean
135public JwtAccessTokenConverter accessTokenConverter() {
136    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
137    converter.setSigningKey(SIGNIN_KEY);
138    return converter;
139}
140
141@Bean
142public TokenStore tokenStore() {
143    return new JwtTokenStore(accessTokenConverter());
144}
145
146@Bean
147@Primary
148//Making this primary to avoid any accidental duplication with another token service instance of the same name
149public DefaultTokenServices tokenServices() {
150    DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
151    defaultTokenServices.setTokenStore(tokenStore());
152    defaultTokenServices.setSupportRefreshToken(true);
153    return defaultTokenServices;
154}