Project

General

Profile

Revision 638f3be5

ID638f3be5b8b2e1f2807d558e27c4e9e94f2c9e42
Parent 9872d2b2
Child df435453

Added by Andreas Kohlbecker about 5 years ago

ref #6118 OAuth2 ready for production
- removing development setup
- UserController to return details on the authenticated principal

View differences:

cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/MultiWebSecurityConfiguration.java
78 78
     * @date Oct 6, 2016
79 79
     *
80 80
     */
81
    //@Configuration
81
    @Configuration
82 82
    public static class DefaultWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
83 83
        @Override
84 84
        protected void configure(HttpSecurity http) throws Exception {
cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java
14 14
import org.springframework.context.annotation.Lazy;
15 15
import org.springframework.context.annotation.Scope;
16 16
import org.springframework.context.annotation.ScopedProxyMode;
17
import org.springframework.http.HttpMethod;
18 17
import org.springframework.security.authentication.AuthenticationManager;
19 18
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
20 19
import org.springframework.security.config.http.SessionCreationPolicy;
......
60 59
                .requestMatchers()
61 60
                    .antMatchers(
62 61
                        "/manage/**",
63
                        "/oauth/users/**",
64
                        "/oauth/clients/**")
65
                     .regexMatchers("/classification/.*|/classification\\..*")
62
                        "/user/**"
63
                        // "/oauth/users/**",
64
                        // "/oauth/clients/**")
65
                        )
66
                     //.regexMatchers("/classification/.*|/classification\\..*")
66 67
            .and()
67 68
                .authorizeRequests()
68 69
                    // see
69
                    // - http://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html
70
                    // - http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#el-access
71
                    //      or
72
                    //   org.springframework.security.access.expression.SecurityExpressionRoot
70 73
                    // - org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods
71 74
                    .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
72
                    .regexMatchers("/classification/.*|/classification\\..*")
75
                    .antMatchers("/user/me").access("isAuthenticated()")
76
                    .regexMatchers("/user/.*|/user\\..*").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER_MANAGER')")
77

  
78
                    // ------ DELVELOPER SNIPPETS ------
79
                    // experiments with classification controller
80
                    //.regexMatchers("/classification/.*|/classification\\..*")
73 81
                            //.access("#oauth2.hasScope('trust')")
74
                            .access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
82
                            //.access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
75 83
                            //.access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasAnyRole('ROLE_ADMIN', 'ROLE_USER'))")
76
                    .regexMatchers(HttpMethod.DELETE, "/oauth/users/([^/].*?)/tokens/.*")
77
                        .access("#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('write')")
78
                    .regexMatchers(HttpMethod.GET, "/oauth/clients/([^/].*?)/users/.*")
79
                        .access("#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')")
80
                    .regexMatchers(HttpMethod.GET, "/oauth/clients/.*")
81
                        .access("#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')");
84
                    //
85
                    // .regexMatchers(HttpMethod.DELETE, "/oauth/users/([^/].*?)/tokens/.*")
86
                    //     .access("#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('write')")
87
                    // .regexMatchers(HttpMethod.GET, "/oauth/clients/([^/].*?)/users/.*")
88
                    //     .access("#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')")
89
                    // .regexMatchers(HttpMethod.GET, "/oauth/clients/.*")
90
                    //     .access("#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')");
91
                    // ---------------------------
92
            ;
82 93
            // @formatter:on
83 94
        }
84 95

  
cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/controller/UserController.java
1
// $Id$
2
/**
3
* Copyright (C) 2016 EDIT
4
* European Distributed Institute of Taxonomy
5
* http://www.e-taxonomy.eu
6
*
7
* The contents of this file are subject to the Mozilla Public License Version 1.1
8
* See LICENSE.TXT at the top of this package for the full license terms.
9
*/
10
package eu.etaxonomy.cdm.remote.controller;
11

  
12
import io.swagger.annotations.Api;
13

  
14
import java.security.Principal;
15

  
16
import org.springframework.beans.factory.annotation.Autowired;
17
import org.springframework.stereotype.Controller;
18
import org.springframework.web.bind.annotation.RequestMapping;
19
import org.springframework.web.bind.annotation.RequestMethod;
20

  
21
import eu.etaxonomy.cdm.api.service.IUserService;
22
import eu.etaxonomy.cdm.model.common.User;
23

  
24
/**
25
 * @author a.kohlbecker
26
 * @date Oct 11, 2016
27
 *
28
 */
29
@Controller
30
@Api("user")
31
@RequestMapping(value = {"/user"})
32
public class UserController extends AbstractController<User, IUserService> {
33

  
34
    /**
35
     * {@inheritDoc}
36
     */
37
    @Override
38
    @Autowired
39
    public void setService(IUserService service) {
40
        this.service = service;
41
    }
42

  
43
    @RequestMapping(value="me", method=RequestMethod.GET)
44
    public Principal doGetCurrentUser(Principal principal) {
45
        return principal;
46
    }
47

  
48

  
49

  
50
}

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)