Created
July 10, 2019 14:26
-
-
Save yurikilian/1ef9bd02be9a8b5c43216d52e6264b7b to your computer and use it in GitHub Desktop.
Simple Oauth2 - Spboot2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.authentication.AuthenticationManager; | |
| import org.springframework.security.crypto.password.PasswordEncoder; | |
| import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; | |
| import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; | |
| import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; | |
| import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; | |
| import org.springframework.security.oauth2.provider.token.AccessTokenConverter; | |
| import org.springframework.security.oauth2.provider.token.TokenStore; | |
| import java.util.concurrent.TimeUnit; | |
| @Configuration | |
| @EnableAuthorizationServer | |
| public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { | |
| private static final String GRANT_TYPE_PASSWORD = "password"; | |
| private static final String REFRESH_TOKEN = "refresh_token"; | |
| private static final String SCOPE_READ = "read"; | |
| private static final String SCOPE_WRITE = "write"; | |
| private static final String TRUST = "trust"; | |
| private static final int ACCESS_TOKEN_VALIDITY_SECONDS = (int) TimeUnit.HOURS.toSeconds(1); | |
| private static final int REFRESH_TOKEN_VALIDITY_SECONDS = (int) TimeUnit.HOURS.toSeconds(6); | |
| private final PasswordEncoder passwordEncoder; | |
| private final TokenStore tokenStore; | |
| private final AuthenticationManager authenticationManager; | |
| private final AccessTokenConverter accessTokenConverter; | |
| @Value("${api-security.client.id}") | |
| private String clientId; | |
| @Value("${api-security.client.secret}") | |
| private String clientSecret; | |
| public AuthorizationServerConfiguration( | |
| AuthenticationManager authenticationManager, | |
| PasswordEncoder passwordEncoder, | |
| TokenStore tokenStore, | |
| AccessTokenConverter accessTokenConverter) { | |
| this.authenticationManager = authenticationManager; | |
| this.passwordEncoder = passwordEncoder; | |
| this.tokenStore = tokenStore; | |
| this.accessTokenConverter = accessTokenConverter; | |
| } | |
| @Override | |
| public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { | |
| endpoints | |
| .tokenStore(tokenStore) | |
| .authenticationManager(authenticationManager) | |
| .accessTokenConverter(accessTokenConverter) | |
| .pathMapping("/oauth/authorize", "/api/authorize") | |
| .pathMapping("/oauth/token", "/api/token"); | |
| } | |
| @Override | |
| public void configure(ClientDetailsServiceConfigurer configurer) throws Exception { | |
| configurer | |
| .inMemory() | |
| .withClient(clientId) | |
| .secret(passwordEncoder.encode(clientSecret)) | |
| .authorizedGrantTypes(GRANT_TYPE_PASSWORD, REFRESH_TOKEN) | |
| .scopes(SCOPE_READ, SCOPE_WRITE, TRUST) | |
| .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS) | |
| .refreshTokenValiditySeconds(REFRESH_TOKEN_VALIDITY_SECONDS); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; | |
| import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; | |
| @Configuration | |
| public class JwtTokenConfiguration { | |
| @Value("${api-security.jwt.signing-key}") | |
| private String signingKey; | |
| @Bean | |
| public JwtAccessTokenConverter accessTokenConverter() { | |
| final JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); | |
| converter.setSigningKey(signingKey); | |
| return converter; | |
| } | |
| @Bean | |
| public JwtTokenStore tokenStore(final JwtAccessTokenConverter converter) { | |
| return new JwtTokenStore(converter); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; | |
| import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; | |
| import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; | |
| import org.springframework.security.oauth2.provider.token.TokenStore; | |
| @Configuration | |
| @EnableResourceServer | |
| public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { | |
| private final TokenStore tokenStore; | |
| public ResourceServerConfiguration(TokenStore tokenStore) { | |
| this.tokenStore = tokenStore; | |
| } | |
| @Override | |
| public void configure(ResourceServerSecurityConfigurer resources) throws Exception { | |
| resources.resourceId("radhar-api").tokenStore(tokenStore).stateless(true); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment