堆栈内存溢出
  简体   繁体   English

如何将Spring bean Oauth集成从XML转换为基于Java注释的Config

[英]How to convert spring bean Oauth integration From XML to Java annotation based Config

 原文  2018-05-21 08:48:59       java/ xml/ spring/ javabeans/ spring-java-config

问题描述

I want to implement security for my Rest api and here what my question is, I have this xml based configuration. 我想为我的Rest api实现安全性,这里的问题是,我有这个基于xml的配置。 But in my project I want to use java annotation based configuration. 但是在我的项目中,我想使用基于Java注释的配置。 How to convert xml based configuration to java based configuration? 如何将基于XML的配置转换为基于Java的配置? Below code is my xml based configuration, For all help thanks in advance. 下面的代码是我基于xml的配置,对于所有帮助,谢谢。 

 <?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
   xmlns:sec="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

<!-- This is default url to get a token from OAuth -->
<sec:http pattern="/oauth/token" create-session="stateless"
      authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false" />
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <!-- include this only if you need to authenticate clients via request parameters -->
    <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>

<!-- This is where we tells spring security what URL should be protected and what roles have access to them -->
<sec:http pattern="/api/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
      access-decision-manager-ref="accessDecisionManager">
    <sec:anonymous enabled="false" />
    <sec:intercept-url pattern="/api/**" access="ROLE_USER" />
    <sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>

<bean id="oauthAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="test" />
</bean>

<bean id="clientAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="test/client" />
    <property name="typeName" value="Basic" />
</bean>

<bean id="oauthAccessDeniedHandler"
      class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<bean id="clientCredentialsTokenEndpointFilter"
      class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
      xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

<sec:authentication-manager id="clientAuthenticationManager">
    <sec:authentication-provider user-service-ref="clientDetailsUserService" />
</sec:authentication-manager>


<!-- This is simple authentication manager -->
<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider>
        <sec:user-service>
            <sec:user name="arip" password="passw0rd" authorities="ROLE_USER" />
        </sec:user-service>
    </sec:authentication-provider>
</sec:authentication-manager>

<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
</bean>


<!-- use in memory token store, this can be changed to a user defined one -->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />

<!-- token based configurations-->
<bean id="tokenServices"
      class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="true" />
    <property name="accessTokenValiditySeconds" value="1000" />
    <property name="clientDetailsService" ref="clientDetails" />
</bean>

<bean id="userApprovalHandler"
      class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
    <property name="tokenServices" ref="tokenServices" />
</bean>

<oauth:authorization-server
        client-details-service-ref="clientDetails" token-services-ref="tokenServices"
        user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code />
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <oauth:password />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenServices" />

<!--client configuration-->
<oauth:client-details-service id="clientDetails">
    <oauth:client client-id="app"
                  authorized-grant-types="authorization_code,client_credentials,password,refresh_token,implicit"
                  scope="read, write, trust"
                  secret="123456"/>
</oauth:client-details-service>

<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
    <sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>

<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />

1 个解决方案

解决方案1
 0  2018-05-21 08:59:11

You can keep your xml configuration and import it in a java base configuration, like this : 您可以保留xml配置并将其导入Java基本配置中,如下所示: 

@Configuration
@ImportResource(value="path/to/xml")
public class SecurityConfiguration{
  //additionnal configurations here
}

I think it's the best approach. 我认为这是最好的方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将spring bean集成从XML转换为基于Java注释的Config - How to convert spring bean integration From XML to Java annotation based Config 如何将xml配置bean转换为java注释bean(spring boot) - How to convert an xml config bean to java annotation bean ( spring boot ) 如何将以下基于 xml 的 spring bean 转换为基于 Java 注释的 bean? - How do i convert the following xml based spring bean to java annotation based beans? Spring xml to Java config:如何转换嵌套的XML bean定义 - Spring xml to java config: how to convert nested xml bean definition 如何将基于Java的Bean配置转换为基于xml的配置 - How to convert java based bean configuration to xml based config 将 Spring Integration Cafe 演示从 xml 配置转换为 Java 8 DSL - Convert Spring Integration Cafe demo from xml config to Java 8 DSL 如何将xml bean转换为spring java bean - How to convert xml bean to spring java bean 如何将xml表示法转换为基于注释的表示法:Spring-Java - how to convert xml notation to annotation based notation : Spring - Java 如何将Java转换为Spring XML bean - How to convert java to Spring XML bean 如何将基于xml的spring-integration-email配置转换为基于Java的配置? - How to covert xml based spring-integration-email configuration to java based config?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM