没有任何注释,表怪我(¬_¬)

更新:

2016.05.29: 将AuthorizationServer和ResourceServer分开配置

2016.05.29: Token获取采用Http Basic认证以符合RFC6749标准

2016.05.29: grant_type支持authorization_code, password, refresh_token

2016.05.27: 增加用于REST服务的安全配置

2016.05.27: 可选采用RSA JWT(Json Web Token, RSA加密)的OAUTH2.0或者HTTP BASIC

2016.05.27: REST安全验证和WEB安全验证均可通过配置文件关闭

 <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd"> <global-method-security pre-post-annotations="enabled" order="0"
proxy-target-class="true">
</global-method-security> <beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" /> <http security="none" pattern="/resources/**" />
<http security="none" pattern="/favicon.ico" /> <beans:beans profile="oauth-authorization-server">
<beans:bean id="oauth2AuthorizationServerJwtAccessTokenConverter" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter" >
<beans:property name="signingKey" ref="jwtSigningKey"/>
<beans:property name="verifierKey" ref="jwtVerifierKey"/>
</beans:bean> <beans:bean id="oauth2AuthorizationServerTokenStore" class="org.springframework.security.oauth2.provider.token.store.JwtTokenStore" >
<beans:constructor-arg ref="oauth2AuthorizationServerJwtAccessTokenConverter"/>
</beans:bean> <beans:bean id="oauth2AuthorizationServerTokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="oauth2AuthorizationServerTokenStore" />
<beans:property name="clientDetailsService" ref="clientDetailsService" />
<beans:property name="tokenEnhancer" ref="oauth2AuthorizationServerJwtAccessTokenConverter" />
<beans:property name="supportRefreshToken" value="true" />
</beans:bean> <beans:bean id="oauth2AuthorizationServerClientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetailsService"/>
<beans:property name="passwordEncoder" ref="passwordEncoder"/>
</beans:bean> <beans:bean id="oauth2AuthorizationServerAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" /> <authentication-manager id="oauth2AuthorizationServerAuthenticationManager">
<authentication-provider user-service-ref="oauth2AuthorizationServerClientDetailsUserService">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager> <beans:bean id="oauth2AuthorizationServerUserApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler" >
<beans:property name="tokenStore" ref="oauth2AuthorizationServerTokenStore" />
<beans:property name="clientDetailsService" ref="clientDetailsService" />
<beans:property name="requestFactory">
<beans:bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<beans:constructor-arg ref="clientDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean> <beans:bean id="oauth2AuthorizationServerAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> <oauth2:authorization-server
token-services-ref="oauth2AuthorizationServerTokenServices"
client-details-service-ref="clientDetailsService"
user-approval-handler-ref="oauth2AuthorizationServerUserApprovalHandler"
user-approval-page="oauth/authorize"
error-page="oauth/error" >
<oauth2:authorization-code />
<!--<oauth2:implicit />-->
<oauth2:refresh-token />
<!--<oauth2:client-credentials />-->
<oauth2:password />
</oauth2:authorization-server> <http pattern="/oauth/token" use-expressions="true" create-session="stateless"
authentication-manager-ref="oauth2AuthorizationServerAuthenticationManager"
entry-point-ref="oauth2AuthorizationServerAuthenticationEntryPoint">
<intercept-url pattern="/oauth/token" access="isFullyAuthenticated()"/>
<http-basic />
<access-denied-handler ref="oauth2AuthorizationServerAccessDeniedHandler"/>
<csrf disabled="true"/>
</http>
</beans:beans> <beans:beans profile="rest-security-oauth,oauth-resource-server">
<beans:bean id="oauth2ResourceServerJwtAccessTokenConverter" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter" >
<beans:property name="verifierKey" ref="jwtVerifierKey"/>
</beans:bean> <beans:bean id="oauth2ResourceServerTokenStore" class="org.springframework.security.oauth2.provider.token.store.JwtTokenStore" >
<beans:constructor-arg ref="oauth2ResourceServerJwtAccessTokenConverter"/>
</beans:bean> <beans:bean id="oauth2ResourceServerTokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="oauth2ResourceServerTokenStore" />
<beans:property name="clientDetailsService" ref="clientDetailsService" />
<beans:property name="tokenEnhancer" ref="oauth2ResourceServerJwtAccessTokenConverter" />
<beans:property name="supportRefreshToken" value="true" />
</beans:bean> <beans:bean id="oauth2ResourceServerAccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</beans:list>
</beans:constructor-arg>
</beans:bean> <beans:bean id="oauth2ResourceServerAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" /> <beans:bean id="oauth2ResourceServerAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> <oauth2:resource-server id="oauth2ResourceServerFilter" resource-id="${oauth.resourceId}" token-services-ref="oauth2ResourceServerTokenServices" /> <http pattern="${rest.rooturl}/**" use-expressions="false" create-session="stateless"
entry-point-ref="oauth2ResourceServerAuthenticationEntryPoint"
access-decision-manager-ref="oauth2ResourceServerAccessDecisionManager"> <intercept-url pattern="${rest.rooturl}/security/**" access="SCOPE_SECURITY"/>
<intercept-url pattern="${rest.rooturl}/demo/**" access="IS_AUTHENTICATED_FULLY"/>
<intercept-url pattern="${rest.rooturl}/**" access="DENY_OAUTH"/> <custom-filter ref="oauth2ResourceServerFilter" before="PRE_AUTH_FILTER"/>
<access-denied-handler ref="oauth2ResourceServerAccessDeniedHandler"/>
<csrf disabled="true"/>
</http>
</beans:beans> <beans:beans profile="rest-security-basic">
<http pattern="${rest.rooturl}/**" use-expressions="true" create-session="stateless">
<intercept-url pattern="${rest.rooturl}/**" access="isFullyAuthenticated()"/>
<http-basic />
<csrf disabled="true"/>
</http>
</beans:beans> <beans:beans profile="rest-security-none">
<http security="none" pattern="${rest.rooturl}/**" />
</beans:beans> <beans:beans profile="web-security-none">
<http security="none" pattern="/**" />
</beans:beans> <beans:beans profile="web-security-local,web-security-ldap">
<http use-expressions="true"> <intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/login/**" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/oauth/**" access="isFullyAuthenticated()" />
<intercept-url pattern="/**" access="isFullyAuthenticated()" />
<form-login login-page="/login" login-processing-url="/login"
authentication-failure-url="/login?error"
default-target-url="/" username-parameter="username"
password-parameter="password" />
<logout logout-url="/logout" logout-success-url="/login?loggedOut"
invalidate-session="true" delete-cookies="JSESSIONID" /> <session-management invalid-session-url="/login"
session-fixation-protection="migrateSession">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false"
session-registry-ref="sessionRegistry" />
</session-management> <csrf disabled="true" /> </http>
</beans:beans> <beans:beans profile="web-security-local">
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
</beans:beans> <beans:beans profile="web-security-ldap">
<authentication-manager>
<authentication-provider ref="ldapAuthenticationProvider" />
</authentication-manager> <beans:bean id="ldapAuthenticationProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg index="0"
ref="ldapAuthenticator" />
<beans:constructor-arg index="1"
ref="ldapAuthoritiesPopulator" />
</beans:bean> <beans:bean id="ldapAuthenticator"
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="ldapContextSource" />
<beans:property name="userSearch" ref="ldapUserSearch" />
</beans:bean> <beans:bean id="ldapUserSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0"
value="${ldap.searchBase}" />
<beans:constructor-arg index="1"
value="${ldap.searchFilter}" />
<beans:constructor-arg index="2"
ref="ldapContextSource" />
</beans:bean> <beans:bean id="ldapContextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="${ldap.url}" />
<beans:property name="userDn" value="${ldap.userDN}" />
<beans:property name="password" value="${ldap.password}" />
</beans:bean> <beans:bean id="ldapAuthoritiesPopulator"
class="org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator">
<beans:constructor-arg ref="userDetailsService" />
</beans:bean>
</beans:beans> <beans:beans profile="web-security-cas">
<http use-expressions="true" auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true">
<intercept-url pattern="${cas.localSystemLoginUrl}" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/**" access="isFullyAuthenticated()" />
<custom-filter position="CAS_FILTER" ref="casFilter"/>
<custom-filter before="CAS_FILTER" ref="singleLogoutFilter" />
<custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter" />
<logout logout-url="/logout" logout-success-url="/login?loggedOut"
invalidate-session="true" delete-cookies="JSESSIONID" /> <session-management invalid-session-url="/login"
session-fixation-protection="migrateSession">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management> <csrf disabled="true" /> </http> <authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager> <beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service"
value="${cas.localSystemUrl}${cas.localSystemLoginUrl}" />
<beans:property name="sendRenew" value="false" />
</beans:bean> <beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="${cas.loginUrl}" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean> <beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0"
value="${cas.url}" />
</beans:bean>
</beans:property>
<beans:property name="key"
value="an_id_for_this_auth_provider_only" />
</beans:bean> <beans:bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="filterProcessesUrl" value="${cas.localSystemLoginUrl}" />
</beans:bean> <beans:bean id="singleLogoutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter" /> <beans:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="${cas.logoutUrl}" />
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>
</beans:beans> </beans:beans>

随附配置文件内容

 #WEB_CONFIG
##Set WEB authenticate type: none || local || ldap || cas
web.authenticationType=local #REST_CONFIG
##Set REST request root url, please DO NOT end with '/' or '*', just like '/webservice/rest' for 'http://example.com/webservice/rest/*'
rest.rooturl=/rs
##Set REST authenticate type: none || oauth || basic
rest.authenticationType=oauth #OAUTH_CONFIG
oauth.resourceId=DEMO
oauth.jwtVerifierKeyFile=jwtPubKey.pem
oauth.jwtSigningKeyFile=jwtPrivKey.pem #CAS_CONFIG
cas.localSystemUrl=http://www.example.com
cas.localSystemLoginUrl=/j_spring_security_cas_check
cas.url=http://cas.server.com/cas
cas.loginUrl=http://cas.server.com/cas/login
cas.logoutUrl=http://cas.server.com/cas/logout?service=http://www.example.com/loggedOutPage #LDAP_CONFIG
ldap.url=ldap://ldap.server.com:389/
ldap.userDN=CN=XXX,OU=XXX,DC=server,DC=com
ldap.password=XXX
ldap.searchBase=OU=XXX,,DC=server,DC=com
ldap.searchFilter=(sAMAccountName={0})

[更新]一份包含: 采用RSA JWT(Json Web Token, RSA加密)的OAUTH2.0,HTTP BASIC,本地数据库验证,Windows域验证,单点登录的Spring Security配置文件的更多相关文章

  1. Java JWT: JSON Web Token

    Java JWT: JSON Web Token for Java and Android JJWT aims to be the easiest to use and understand libr ...

  2. 深入浅出JWT(JSON Web Token )

    1. JWT 介绍 JSON Web Token(JWT)是一个开放式标准(RFC 7519),它定义了一种紧凑且自包含的方式,用于在各方之间以JSON对象安全传输信息. 这些信息可以通过数字签名进行 ...

  3. 如何在SpringBoot中集成JWT(JSON Web Token)鉴权

    这篇博客主要是简单介绍了一下什么是JWT,以及如何在Spring Boot项目中使用JWT(JSON Web Token). 1.关于JWT 1.1 什么是JWT 老生常谈的开头,我们要用这样一种工具 ...

  4. ( 转 ) 什么是 JWT -- JSON WEB TOKEN

    什么是JWT Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519).该token被设计为紧凑且安全的,特别适用于分布式站点 ...

  5. 什么是JWT(Json Web Token)

    什么是 JWT (Json Web Token) 用户认证是计算机安全领域一个永恒的热点话题. JWT 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519). 该to ...

  6. JWT(JSON Web Token) 【转载】

    JWT(JSON Web Token) 什么叫JWTJSON Web Token(JWT)是目前最流行的跨域身份验证解决方案. 一般来说,互联网用户认证是这样子的. 1.用户向服务器发送用户名和密码. ...

  7. 5分钟搞懂:JWT(Json Web Token)

    https://www.qikegu.com/easy-understanding/892 JWT 基于token的用户认证原理:让用户输入账号和密码,认证通过后获得一个token(令牌),在toke ...

  8. 关于JWT(Json Web Token)的思考及使用心得

    什么是JWT? JWT(Json Web Token)是一个开放的数据交换验证标准rfc7519(php 后端实现JWT认证方法一般用来做轻量级的API鉴权.由于许多API接口设计是遵循无状态的(比如 ...

  9. API安全验证之JWT(JSON WEB TOKEN) OLCMS

    假如www.olcms.com/getUserInfo获取用户信息,你怎么知道当前用户是谁?有人说登陆时候我把他UID写入session了,如果是API接口,没有session怎么办,那么就需要把UI ...

随机推荐

  1. CodeSmith7 系列 破解教程

    CodeSmith[点此下载] 学过三层的人应该认识CodeSmith Generator吧,今天我就跟大家一起探讨下CodeSmith Generator 7.0.2的激活,这最新版本破解的难度也是 ...

  2. 与你相遇好幸运,mocha接口测试

    var rest = require('restler');var assert = require("assert");var systemID;var userID; cons ...

  3. linux命令:crontab命令(转)

    一.crond简介 二.crond服务 三.crontab命令详解 四.使用注意事项 linux系统是由 cron (crond) 这个系统服务来控制的.Linux 系统上面原本就有非常多的计划性工作 ...

  4. python 集合 -----直接用逗号连接的是元组,不是list

    t = 12345, 54321, 'hello!' >>> t[0] 12345 >>> t (12345, 54321, 'hello!') 元组:元组由逗号分 ...

  5. Java高级之虚拟机加载机制

    本文来自http://blog.csdn.net/liuxian13183/ ,引用必须注明出处! 1.0版本:2016-05-21 SubClass!! 执行结果说明一个问题:子类调用父类变量的时候 ...

  6. Notepad++使用图解

    Notepad++使用图解.. Notepad++的安装部分 -------------- -------------- --------------- -------------- -------- ...

  7. JavaScript:今天是今年第几周?

    用js实现,今天是今年第几周? 基本思路: 1.当前时间 - 今年1月1日0时,拿到时间差(毫秒数) 2.时间差/7天毫秒数,向上取整 var d = new Date('2018-01-01 00: ...

  8. python模块之HTMLParser解析出URL链接

    # -*- coding: utf-8 -*- #python 27 #xiaodeng #python模块之HTMLParser解析出URL链接 #http://www.cnblogs.com/mf ...

  9. Ubuntu首次安装后root权限解锁

    在ubuntu系统下,为了安全起见,在安装过程中,系统屏蔽了用户设置root用户.导致很多用户在使用过程中不知道root密码到底是什么. 可以使用如下方法解决: 先解除root锁定,为root用户设置 ...

  10. JS 判断是否是微信浏览器 webview

    原理很简单,就是判断 ua 中是否有字段 “micromessenger" 代码如下: function isWechat () { var ua = window.navigator.us ...