public
anonymous / gist:5094420
Created

  • Download Gist
gistfile1.xml
XML
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">
 
<context:property-placeholder location="classpath:resource-provider-local.properties"/>
<sec:authentication-manager alias="authenticationManager"/>
<!-- See docs for EL-based access control http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html -->
<sec:http entry-point-ref="oauthAuthenticationEntryPoint"
create-session="ifRequired"
use-expressions="true">
<sec:intercept-url pattern="/api/**"
access="hasRole('ROLE_CLIENT') and #oauth2.hasScope('read')"
requires-channel="any"/>
<sec:custom-filter ref="resourceServerFilter_SimpleAPI_All" position="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:expression-handler ref="oauthWebExpressionHandler" />
</sec:http>
<!-- security error handling concerns specific to OAuth2 resources -->
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<!--
Client authentication with HTTP Basic scheme. This is the recommended way by specification.
-->
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />
<!--//// OAuth 2.0 configuration ////-->
<!-- Loads an instance of OAuth2AuthenticationProcessingFilter. The following attributes can be applied to the resource-server element:
- token-services-ref: The reference to the bean that defines the token services.
- resource-id: The id for the resource (optional, but required by our implementation of authorization server. it will be validated by the auth server!)
-->
<oauth:resource-server id="resourceServerFilter_SimpleAPI_All" token-services-ref="tokenServices" resource-id="${resource.id}"/>
<bean id="tokenServices" class="cz.cvut.oauth.provider.RemoteTokenServiceImpl"
p:tokensDAO-ref="remoteTokensOauth2RestTemplateDAO"/>
<bean id="remoteTokensOauth2RestTemplateDAO" class="cz.cvut.oauth.provider.dao.RemoteTokensOauth2RestTemplateDAO"
p:restTemplate-ref="oauthRestTemplateCheckTokenEndpoint"
p:checkTokentEndpoint="${check.token.endpoint}"/>
<import resource="oauth2-client.xml"/>
 
</beans>

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.