stackoom
  简体   繁体   中英

Spring-security with Oauth2 and LDAP

 原文  2016-01-10 21:57:21       spring/ oauth-2.0/ spring-boot/ spring-security-oauth2

Question

Nowadays my web application works with spring boot and Spring security without problems, but I need to export a rest service authenticate using Oauth2.

When the user access my web system he is authenticate by a form login with spring security and Active Directory.

When the other system try to consume our Rest Service I would like to use Oauth2 with the same Active Directory.

How can I to do this ? My config with Form Login and Active directory works fine , but we don have idea how to authenticate with Oauth2

My WebSecurityConfig is : 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private LogoutHandler logoutHandler;

    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
            .antMatchers("/rest/public/**").permitAll()
            .and().csrf().ignoringAntMatchers("/rest/public/**").and()
        .authorizeRequests()
            .antMatchers("/public/**").permitAll()
            .antMatchers("/error/**").permitAll()
            .and()
        .authorizeRequests()
            .antMatchers("/adm/**").hasAnyRole(Role.ROOT,Role.ADM)
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .successHandler(authenticationSuccessHandler)
            .failureHandler(authenticationFailureHandler)
            .defaultSuccessUrl("/home",true)
            .permitAll()
            .and()
        .logout()
            .logoutSuccessUrl("/login")
            .permitAll()
            .addLogoutHandler(logoutHandler)
            .and()
         .exceptionHandling()
            .accessDeniedHandler(accessDeniedHandler);

    }
}

How I can insert Oauth2 authentication only for my Rest Services (this service will be provite by path ../rest/serviceName

1 answers

solution1
 1 ACCPTED  2018-10-09 08:32:27

You need to configure another filter chain to intercept in your resource server to protect your endpoints via OAuth only.

See my answer to a similar question here

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring-Security OAuth2 StackOverflowError using Java config Spring-Security OAuth2 setup - unable to locate oauth2 namespace handler How do you use spring-security OAuth2 behind a proxy, but only use ForwardedHeaderTransformer for the OAuth components Spring Boot 2 Spring-Security 5 OAuth2 support for client_credentials grant_type Spring Security OAuth2 and Ldap authentication to the same resourse How to use ActiveDirectory with Spring-Security LDAP Spring-security context setup for 2-legged (client credentials) OAuth2 server Unwanted Stacktrace in bad credentials (400) error response by spring-security oauth2 REST server Securing REST API using Spring-security @PreAuthorize annotation and OAuth2 Spring-Security with OAuth2Login & CustomAuthenticationProvider
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM