@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources
.resourceId(SENS_RESOURCE_ID)
.stateless(
false); // .authenticationEntryPoint(new RestAuthenticationEntryPoint());
// //.stateless(false);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setClientId("clientauthcode");
tokenService.setClientSecret("123456");
tokenService.setCheckTokenEndpointUrl("http://localhost:10000/oauth/check_token");
resources.resourceId(RESOURCE_ID).tokenServices(tokenService);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources
.tokenExtractor(
new TokenExtractor() {
@Override
public Authentication extract(HttpServletRequest request) {
return new PreAuthenticatedAuthenticationToken("FOO", "N/A");
}
})
.tokenStore(tokenStore());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
ResourceServerTokenServices services = resolveTokenServices();
if (services != null) {
resources.tokenServices(services);
} else {
if (tokenStore != null) {
resources.tokenStore(tokenStore);
} else if (endpoints != null) {
resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
}
}
if (eventPublisher != null) {
resources.eventPublisher(eventPublisher);
}
for (ResourceServerConfigurer configurer : configurers) {
configurer.configure(resources);
}
// @formatter:off
http
// N.B. exceptionHandling is duplicated in resources.configure() so that
// it works
.exceptionHandling()
.accessDeniedHandler(resources.getAccessDeniedHandler())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
// @formatter:on
http.apply(resources);
RequestMatcherConfigurer requests = http.requestMatchers();
if (endpoints != null) {
// Assume we are in an Authorization Server
requests.requestMatchers(
new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
}
for (ResourceServerConfigurer configurer : configurers) {
// Delegates can add authorizeRequests() here
configurer.configure(http);
}
if (configurers.isEmpty()) {
// Add anyRequest() last as a fall back. Spring Security would
// replace an existing anyRequest() matcher
// with this one, so to avoid that we only add it if the user hasn't
// configured anything.
http.authorizeRequests().anyRequest().authenticated();
}
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
if (this.config.getId() != null) {
resources.resourceId(this.config.getId());
}
}
@Override
public void configure(final ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("my_resource_id");
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.expressionHandler(new DefaultWebSecurityExpressionHandler());
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.authenticationEntryPoint(authenticationEntryPoint());
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("TierraRestAPI");
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("settings-services").tokenServices(resourceTokenServices());
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).stateless(true);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore());
}
