Examples of OAuth2WebSecurityExpressionHandler

org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

A security expression handler that can handle default web security expressions plus the set provided by {@link OAuth2SecurityExpressionMethods} using the variable oauth2 to access the methods. For example, the expression#oauth2.clientHasRole('ROLE_ADMIN') would invoke {@link OAuth2SecurityExpressionMethods#clientHasRole}.

By default the {@link OAuth2ExpressionParser} is used. If this is undesirable one can inject their own{@link ExpressionParser} using {@link #setExpressionParser(ExpressionParser)}.
@author Dave Syer @author Rob Winch @see OAuth2ExpressionParser

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

    @Override
    public void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        // Just for laughs, apply OAuth protection to only 2 resources
        .requestMatchers().antMatchers("/","/admin/beans")
      .and()
        .authorizeRequests()
          .anyRequest().access("#oauth2.hasScope('read')").expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

      // Add anyRequest() last as a fall back. Spring Security would replace an existing anyRequest() matcher
      // with this one, so to avoid that we only add it if the user hasn't configured anything.
      http.authorizeRequests().anyRequest().authenticated();
    }
    // And set the default expression handler in case one isn't explicit elsewhere
    http.authorizeRequests().expressionHandler(new OAuth2WebSecurityExpressionHandler());
    ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
    http.apply(resources);
    ResourceServerTokenServices services = resolveTokenServices();
    if (services != null) {
      resources.tokenServices(services);

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.