@Override public void configure(ResourceServerSecurityConfigurer resources) { resources .resourceId(SENS_RESOURCE_ID) .stateless( false); // .authenticationEntryPoint(new RestAuthenticationEntryPoint()); // //.stateless(false); }
@Override public void configure(ResourceServerSecurityConfigurer resources) { RemoteTokenServices tokenService = new RemoteTokenServices(); tokenService.setClientId("clientauthcode"); tokenService.setClientSecret("123456"); tokenService.setCheckTokenEndpointUrl("http://localhost:10000/oauth/check_token"); resources.resourceId(RESOURCE_ID).tokenServices(tokenService); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources .tokenExtractor( new TokenExtractor() { @Override public Authentication extract(HttpServletRequest request) { return new PreAuthenticatedAuthenticationToken("FOO", "N/A"); } }) .tokenStore(tokenStore()); }
@Override protected void configure(HttpSecurity http) throws Exception { ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer(); ResourceServerTokenServices services = resolveTokenServices(); if (services != null) { resources.tokenServices(services); } else { if (tokenStore != null) { resources.tokenStore(tokenStore); } else if (endpoints != null) { resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore()); } } if (eventPublisher != null) { resources.eventPublisher(eventPublisher); } for (ResourceServerConfigurer configurer : configurers) { configurer.configure(resources); } // @formatter:off http // N.B. exceptionHandling is duplicated in resources.configure() so that // it works .exceptionHandling() .accessDeniedHandler(resources.getAccessDeniedHandler()) .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .csrf() .disable(); // @formatter:on http.apply(resources); RequestMatcherConfigurer requests = http.requestMatchers(); if (endpoints != null) { // Assume we are in an Authorization Server requests.requestMatchers( new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping())); } for (ResourceServerConfigurer configurer : configurers) { // Delegates can add authorizeRequests() here configurer.configure(http); } if (configurers.isEmpty()) { // Add anyRequest() last as a fall back. Spring Security would // replace an existing anyRequest() matcher // with this one, so to avoid that we only add it if the user hasn't // configured anything. http.authorizeRequests().anyRequest().authenticated(); } }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { if (this.config.getId() != null) { resources.resourceId(this.config.getId()); } }
@Override public void configure(final ResourceServerSecurityConfigurer config) { config.tokenServices(tokenServices()); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId("my_resource_id"); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.expressionHandler(new DefaultWebSecurityExpressionHandler()); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.authenticationEntryPoint(authenticationEntryPoint()); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId(RESOURCE_ID); }
@Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId("TierraRestAPI"); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId("settings-services").tokenServices(resourceTokenServices()); }
@Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId(RESOURCE_ID).stateless(true); }
@Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.tokenStore(tokenStore()); }