Comments (3)
NABEEL-AHMED-JAMIL
commented on August 15, 2024
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
// @Value("${security.signing-key}")
// private String signingKey;
// @Value("${security.encoding-strength}")
// private Integer encodingStrength;
@Autowired
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new StandardPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
// controller which access open like image and other think
@Override
public void configure(WebSecurity web) throws Exception {
web.
ignoring().
antMatchers("/api"+AUTH+"/**");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
}
<h3>Resource Server Configuration</h3>
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(ResourceServerConfiguration.class);
private static final String LOGOUT = "/aouth/logout";
private static final String AUTHORIZE = "/oauth/authorize";
@Value("${security.jwt.resource-ids}")
private String resourceIds;
@Value("${security.security-realm}")
private String securityRealm;
@Autowired
private ResourceServerTokenServices tokenServices;
@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
@Autowired
private CustomLogoutSuccessHandler customLogoutSuccessHandler;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(resourceIds).tokenServices(tokenServices);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.httpBasic().realmName(securityRealm).and().
csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher(AUTHORIZE)).disable().
exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint).
and().
logout().logoutUrl(LOGOUT).logoutSuccessHandler(customLogoutSuccessHandler).
and().
// access after the login user
authorizeRequests().antMatchers("/secure/**").authenticated().
and().
headers().frameOptions().disable();
}
}
<h3>Authorization Server Configuration Class</h3>
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(AuthorizationServerConfiguration.class);
@Value("${security.jwt.client-id}")
private String clientId;
@Value("${security.jwt.client-secret}")
private String clientSecret;
@Value("${security.jwt.grant-type-password}")
private String grantTypePassword;
@Value("${security.jwt.grant-type-refresh_token}")
private String grantTypeRefreshToken;
@Value("${security.jwt.grant-type-client-credentials}")
private String grantTypeClientCredentials;
@Value("${security.jwt.scope-read}")
private String scopeRead;
@Value("${security.jwt.scope-write}")
private String scopeWrite = "write";
@Value("${security.jwt.resource-ids}")
private String resourceIds;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() { return new JdbcTokenStore(dataSource); }
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource).
withClient(clientId).resourceIds(resourceIds).
scopes(scopeRead,scopeWrite).
authorities(Authorities.ROLE_ADMIN.name(), Authorities.ROLE_USER.name(),
Authorities.ROLE_ANONYMOUS.name()).
authorizedGrantTypes(grantTypePassword, grantTypeClientCredentials,
grantTypeRefreshToken).
secret(clientSecret).
accessTokenValiditySeconds(180).
refreshTokenValiditySeconds(180*2);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.tokenStore(tokenStore()).
authenticationManager(authenticationManager).
tokenEnhancer(new CustomTokenEnhancer());
}
public class CustomTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken,
OAuth2Authentication oAuth2Authentication) {
try {
User loginUser = (User) oAuth2Authentication.getPrincipal();
final Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("authorities", loginUser.getAuthorities());
additionalInfo.put("username", loginUser.getUsername());
additionalInfo.put("isEnabled", loginUser.isEnabled());
((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(additionalInfo);
return oAuth2AccessToken;
}catch (Exception e) {
e.printStackTrace();
return null;
}
}
}
}
from spring-security-oauth.
lor6
commented on August 15, 2024
Hey @NABEEL-AHMED-JAMIL I don't really understand what the issue is. Can you be more specific?
from spring-security-oauth.
NABEEL-AHMED-JAMIL
commented on August 15, 2024
Sorry #lor6 for late replay to your message. Thanks for replay me and Now issue solve
from spring-security-oauth.
Related Issues (20)
- oauth-client-server | got ERR_TOO_MANY_REDIRECTS after login HOT 3
- Unresolved plugin: org.codehaus.cargo HOT 2
- Client Credentials example HOT 1
- Code for session management in your mockup HOT 2
- Could be updated to keycloak version 19 or 20? HOT 2
- How to maintain keycloak changes? HOT 1
- I can't connect to sql server db HOT 1
- Full course refund
- oauth-client-server | got ERR_TOO_MANY_REDIRECTS after login HOT 1
- client-server | got ERR_TOO_MANY_REDIRECTS after login HOT 11
- Keycloak 21.0.1 HOT 2
- Do you have a technique to persist the configuration someone may do so the updated config is reloaded on next startup? HOT 3
- With embedded keycloak how do you recomend calling the API? Via Rest even though it's on same server? HOT 1
- Keycloak and Spring boot version update HOT 2
- Don't use ENV parameters in spring-security-oauth/oauth-rest/oauth-authorization-server for keycloak-server.json HOT 6
- oauth-rest oauth-authorization-server Won't start HOT 4
- keycloak-custom-providers | Issue with oauth-authorization-server dependency HOT 3
- How to use Security6 and Oauth2 implement SSO? HOT 1
- "Failed to generate certificate for key provider 'rsa-generated' in realm 'master'. Details: id_RSASSA_PSS_SHAKE128" error HOT 1
- Error while connecting via postgressql HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security-oauth.