Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

Package org.springframework.security.oauth2.provider.expression

Examples of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory

A security expression handler that can handle default web security expressions plus the set provided by {@link OAuth2SecurityExpressionMethods} using the variable oauth2 to access the methods. For example, the expression#oauth2.clientHasRole('ROLE_ADMIN') would invoke {@link OAuth2SecurityExpressionMethods#clientHasRole}.

By default the {@link OAuth2ExpressionParser} is used. If this is undesirable one can inject their own{@link ExpressionParser} using {@link #setExpressionParser(ExpressionParser)}.
@author Dave Syer @author Rob Winch @see OAuth2ExpressionParser

    return newClient;
  }
  
  private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {
    
    OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
    OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
    
    if (config.getRegTokenLifeTime() != null) {
    
      try {
        // Re-issue the token if it has been issued before [currentTime - validity]

View Full Code Here

    @EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
    private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {<% if (authenticationType == 'token') { %>


        @Override
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            return new OAuth2MethodSecurityExpressionHandler();
        }<% } %>

View Full Code Here

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

    @Override
    public void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        // Just for laughs, apply OAuth protection to only 2 resources
        .requestMatchers().antMatchers("/","/admin/beans")
      .and()
        .authorizeRequests()
          .anyRequest().access("#oauth2.hasScope('read')").expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

    @Override
    protected void configure(HttpSecurity http) throws Exception {
      // @formatter:off  
      http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
        .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
        .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
      .and()
        .anonymous().disable()
        .csrf().disable()
        .exceptionHandling()
          .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())

View Full Code Here

      // Add anyRequest() last as a fall back. Spring Security would replace an existing anyRequest() matcher
      // with this one, so to avoid that we only add it if the user hasn't configured anything.
      http.authorizeRequests().anyRequest().authenticated();
    }
    // And set the default expression handler in case one isn't explicit elsewhere
    http.authorizeRequests().expressionHandler(new OAuth2WebSecurityExpressionHandler());
    ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
    http.apply(resources);
    ResourceServerTokenServices services = resolveTokenServices();
    if (services != null) {
      resources.tokenServices(services);

View Full Code Here

  private OAuth2RequestFactory defaultOAuth2RequestFactory;


  public void afterPropertiesSet() throws Exception {
    Assert.state(tokenGranter != null, "TokenGranter must be provided");
    Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
    defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(getClientDetailsService());
    if (oAuth2RequestFactory == null) {
      oAuth2RequestFactory = defaultOAuth2RequestFactory;
    }
  }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler

client.ClientServerInteractionTests

com.springsource.greenhouse.settings.SettingsControllerTest

demo.Application

demo.Application$OAuth2Config

demo.Application$ResourceServer

demo.Application$TokenEndpointSecurity

OAuth2AuthenticationReadConverter

org.codehaus.jackson.map.ObjectMapper

org.mitre.oauth2.introspectingfilter.IntrospectingTokenService

org.mitre.oauth2.repository.impl.JpaAuthorizationCodeRepository

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.