Giriş
Şu satırı dahil ederiz
İskeleti şöyledir.
İmzası şöyle
Önce erişime izin vermek için şöyle yaparız.
Örnek - authenticationEntryPoint
Şu satırı dahil ederiz
import org.springframework.security.oauth2.config.annotation.web.configuration
.ResourceServerConfigurerAdapter;
OAuth ile roller şöyleThere are four different roles within OAuth2 we need to consider:Açıklaması şöyle
- Resource Owner — an entity that is able to grant access to its protected resources
- Authorization Server — grants access tokens to Clients after successfully authenticating Resource Owners and obtaining their authorization
- Resource Server — a component that requires an access token to allow, or at least consider, access to its resources
- Client — an entity that is capable of obtaining access tokens from authorization servers
You need a WebSecurityConfigurerAdapter to secure the /authorize endpoint and to provide a way for users to authenticate. A Spring Boot application would do that for you (by adding its own WebSecurityConfigurerAdapter with HTTP basic auth). It creates a filter chain with order=0 by default, and protects all resources unless you provide a request matcher. The @EnableResourceServer does something similar, but the filter chain it adds is at order=3 by default, so it is a catch-all fallback for your own WebSecurityConfigurerAdapter at order=0.Örnek
İskeleti şöyledir.
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
...
}
configure metodu - HttpSecurityİmzası şöyle
@Override
public void configure(HttpSecurity http) throws Exception
ÖrnekÖnce erişime izin vermek için şöyle yaparız.
@Configuration
public class WebSecurityGlobalConfig extends WebSecurityConfigurerAdapter {
...
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// api security is handled elsewhere (See OAuth2ServerConfiguration)
.antMatchers("/api/**", "/oauth/**", "/management/**")
.permitAll()
// end api security
.anyRequest().hasRole(UserRole.ADMIN.name())
.and()
.formLogin().loginPage("/login")
.permitAll()
.and()
.logout().permitAll();
}
}
Daha sonra ResourceServerConfigurerAdapter sınıfında şöyle yaparız.http
.requestMatchers()
.antMatchers("/api/**")
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/api/**")
.permitAll()
.and()
.requestMatchers()
.antMatchers("/api/**")
.and()
.authorizeRequests()
.and()
.requestMatchers()
.antMatchers("/management/**")
.and()
.authorizeRequests()
.antMatchers("/management/health", "/management/info").permitAll()
.antMatchers("/management/**").hasRole(UserRole.ADMIN.name())
.anyRequest()
.authenticated()
configure Örnek - authenticationEntryPoint
Şöyle yaparız
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
OAuth2AuthenticationEntryPoint authenticationEntryPoint = ...;
authenticationEntryPoint.setExceptionTranslator(...);
OAuth2AccessDeniedHandler accessDeniedHandler = new OAuth2AccessDeniedHandler();
accessDeniedHandler.setExceptionTranslator(...);
resources.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler)
.resourceId(applicationResourceID)
.tokenStore(tokenStore());
}
Örnek - TokenStore Atama
Şöyle yaparız. TokenStore nesnesi InMemoryTokenStore,JwtTokenStore olabilir. TokenStore nesnesi TokenStoreUserApprovalHandler tarafından kullanılır.
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(this.tokenStore);
}
}
Hiç yorum yok:
Yorum Gönder