0
我試圖用Spring Security和OAuth 2.0身份驗證和授權來構建一個基本的REST服務。在沒有XML配置的情況下實現Spring Security Oauth
我試圖限制所涉及的元素,所以我不是直接使用Spring Security Oauth類來複制依賴於Spring Bean,Spring MVC等的Spring安全宣誓XML配置。
我試圖從/ oauth /令牌獲取訪問令牌時遇到了阻礙。我可能錯過了一些基本的東西,但是Spring Security和Spring Security Oauth都很難將我的頭圍繞起來,我似乎無法找到一個不需要使用額外框架的示例或教程。
任何人都可以看到我要去哪裏錯了嗎?
RestService.java
@Path("/members")
public class RestService {
@Secured({"ROLE_USER"})
@GET
@Path("/{id}")
@Produces(MediaType.TEXT_PLAIN)
public Response readMember(@PathParam("id") String id) {
String output;
if(Integer.valueOf(id) < members.size())
{
output = members.get(Integer.valueOf(id)).toString();
}
else
{
output = "No such member.";
}
return Response.status(200).entity(output).build();
}
}
OAuthServices.java
public class OAuthServices {
static private DefaultTokenServices tokenServices = new DefaultTokenServices();
static private InMemoryClientDetailsService clientDetailsService = new InMemoryClientDetailsService();
static {
Map<String, ClientDetails> clientDetailsStore = new HashMap<String, ClientDetails>();
BaseClientDetails clientDetails = new BaseClientDetails("client", "resource", null, null, "read,write");
clientDetailsStore.put("client", clientDetails);
clientDetailsService.setClientDetailsStore(clientDetailsStore);
}
public static DefaultTokenServices getTokenServices() {
return tokenServices;
}
public static InMemoryClientDetailsService getClientDetailsService() {
return clientDetailsService;
}
}
SecurityConfig.java
@EnableAuthorizationServer
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer {
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
// TODO Auto-generated method stub
}
}
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>jersey-helloworld-servlet</servlet-name>
<servlet-class>
org.glassfish.jersey.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.excentus.springsecurity.rest.test</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-helloworld-servlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
這是很多代碼,希望人們審查。如果可能,我建議您更簡潔地陳述您的問題。 – 2014-09-23 20:57:54
我想如果有必要的話可以參考它,但大部分內容不應該是相關的。如果這是不合時宜的,我可以削減它。 – 2014-09-23 21:02:50