由于各种原因,我们无法使用Spring的命名空间配置。是否有不使用命名空间配置机制的OAuth 2.0配置示例?大多数情况下,我试图找出过滤器链中需要包含哪个过滤器。
答案 0 :(得分:3)
以下是我设置的基本OAuth 2.0流程的工作原理(与Tonr / Sparklr演示中的基本相同)。我们的安全设置很复杂,因此我只会重现下面的相关摘要。
首先,过滤链顺序:
BasicUserApprovalFilter, SecurityContextPersistenceFilter, LogoutFilter, UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, SessionManagementFilter, ExceptionTranslationFilter, OAuth2ExceptionHandlerFilter, VerificationCodeFilter, OAuth2AuthorizationFilter, OAuth2ProtectedResourceFilter, FilterSecurityInterceptor
请注意AnonymousAuthenticationFilter
绝对需要 ,即使您不在其他地方使用
现在支持bean:
<bean id="oauth2ExceptionTranslationFilter" class="org.springframework.security.oauth2.provider.OAuth2ExceptionHandlerFilter"/>
<bean id="oauth2VerificationCodeFilter" class="org.springframework.security.oauth2.provider.verification.VerificationCodeFilter">
<property name="clientDetailsService" ref="clientDetailsService"/>
<property name="verificationServices" ref="verificationCodeServices"/>
<property name="userApprovalHandler" ref="oauth2UserApprovalFilter"/>
<property name="unapprovedAuthenticationHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<!-- This is where you define your confirmation page -->
<property name="defaultFailureUrl" value="/oauth/confirm.action"/>
</bean>
</property>
</bean>
<bean id="oauth2AuthorizationFilter" class="org.springframework.security.oauth2.provider.OAuth2AuthorizationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.oauth2.provider.OAuth2AuthorizationSuccessHandler">
<property name="tokenServices" ref="tokenServices"/>
</bean>
</property>
</bean>
<bean id="oauth2ProtectedResourceFilter" class="org.springframework.security.oauth2.provider.OAuth2ProtectedResourceFilter">
<property name="tokenServices" ref="tokenServices"/>
</bean>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.InMemoryOAuth2ProviderTokenServices">
<property name="supportRefreshToken" value="true"/>
</bean>
<bean id="clientDetailsService" class="org.springframework.security.oauth2.provider.InMemoryClientDetailsService">
<property name="clientDetailsStore">
<map>
<entry key="tonr">
<bean class="org.springframework.security.oauth2.provider.BaseClientDetails">
<property name="clientId" value="tonr"/>
<property name="authorizedGrantTypes">
<list>
<value>authorization_code</value>
<value>refresh_token</value>
</list>
</property>
</bean>
</entry>
</map>
</property>
</bean>
<bean id="verificationCodeServices" class="org.springframework.security.oauth2.provider.verification.InMemoryVerificationCodeServices"/>
<bean id="oauth2VerificationAuthenticationProvider" class="org.springframework.security.oauth2.provider.verification.VerificationCodeAuthenticationProvider">
<property name="verificationServices" ref="verificationCodeServices"/>
</bean>
<bean id="oauth2AccessGrantAuthenticationProvider" class="org.springframework.security.oauth2.provider.AccessGrantAuthenticationProvider">
<property name="clientDetailsService" ref="clientDetailsService"/>
</bean>
<bean id="oauth2RefreshAuthenticationProvider" class="org.springframework.security.oauth2.provider.refresh.RefreshAuthenticationProvider"/>
请注意,服务(客户端,令牌,验证码)只是内存版本中提供的。您需要创建自己的版本才能持久化。
最后,您需要将提供程序绑定到身份验证管理器中:
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="oauth2AccessGrantAuthenticationProvider"/>
<ref local="oauth2VerificationAuthenticationProvider"/>
<ref local="oauth2RefreshAuthenticationProvider"/>
<bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="mykey"/>
</bean>
</list>
</property>
</bean>
答案 1 :(得分:0)
以下是基于命名空间的OAuth 2.0提供程序配置中为我启动的过滤器。您可以通过设置命名空间并打开spring security上的调试日志来获取它们。
firing Filter: 'BasicUserApprovalFilter'
firing Filter: 'SecurityContextPersistenceFilter'
firing Filter: 'LogoutFilter'
firing Filter: 'UsernamePasswordAuthenticationFilter'
firing Filter: 'BasicAuthenticationFilter'
firing Filter: 'RequestCacheAwareFilter'
firing Filter: 'SecurityContextHolderAwareRequestFilter'
firing Filter: 'AnonymousAuthenticationFilter'
firing Filter: 'SessionManagementFilter'
firing Filter: 'ExceptionTranslationFilter'
firing Filter: 'OAuth2ExceptionHandlerFilter'
firing Filter: 'VerificationCodeFilter'
firing Filter: 'OAuth2AuthorizationFilter'
firing Filter: 'OAuth2ProtectedResourceFilter'
firing Filter: 'FilterSecurityInterceptor'