diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/MethodSecurityConfig.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/MethodSecurityConfig.java
new file mode 100644
index 0000000000..c0a7f86207
--- /dev/null
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/MethodSecurityConfig.java
@@ -0,0 +1,16 @@
+package org.baeldung.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
+ @Override
+ protected MethodSecurityExpressionHandler createExpressionHandler() {
+ return new OAuth2MethodSecurityExpressionHandler();
+ }
+}
\ No newline at end of file
diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
index 52bfeb4233..c2db6748f1 100644
--- a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/config/OAuth2ResourceServerConfig.java
@@ -9,7 +9,6 @@ import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@@ -20,7 +19,6 @@ import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
@Configuration
@PropertySource({ "classpath:persistence.properties" })
@EnableResourceServer
-@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private Environment env;
diff --git a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java
index a716635f6d..1f42f9dafd 100644
--- a/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java
+++ b/spring-security-oauth/spring-security-oauth-resource/src/main/java/org/baeldung/web/controller/BarController.java
@@ -21,7 +21,7 @@ public class BarController {
}
// API - read
- // @PreAuthorize("#oauth2.hasScope('read')")
+ // @PreAuthorize("#oauth2.hasScope('read') and hasRole('ROLE_ADMIN')")
@RequestMapping(method = RequestMethod.GET, value = "/bars/{id}")
@ResponseBody
public Bar findById(@PathVariable final long id) {
@@ -29,7 +29,7 @@ public class BarController {
}
// API - write
- // @PreAuthorize("#oauth2.hasScope('write')")
+ // @PreAuthorize("#oauth2.hasScope('write') and hasRole('ROLE_ADMIN')")
@RequestMapping(method = RequestMethod.POST, value = "/bars")
@ResponseStatus(HttpStatus.CREATED)
@ResponseBody
diff --git a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
index a0f8baa4bc..caae7760d3 100644
--- a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
+++ b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
@@ -55,7 +55,7 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
.withClient("clientIdPassword")
.secret("secret")
.authorizedGrantTypes("password","authorization_code", "refresh_token")
- .scopes("read");
+ .scopes("read","write");
// @formatter:on
}
diff --git a/spring-security-oauth/spring-security-oauth-ui-password/pom.xml b/spring-security-oauth/spring-security-oauth-ui-password/pom.xml
index a2bf3d07bb..4a42081f78 100644
--- a/spring-security-oauth/spring-security-oauth-ui-password/pom.xml
+++ b/spring-security-oauth/spring-security-oauth-ui-password/pom.xml
@@ -22,8 +22,48 @@
org.springframework.boot
spring-boot-starter-thymeleaf
+
+
+
+
+
+ org.springframework
+ spring-test
+ test
+
+
+
+ junit
+ junit
+ test
+
+
+
+ org.hamcrest
+ hamcrest-core
+ test
+
+
+ org.hamcrest
+ hamcrest-library
+ test
+
+
+
+ com.jayway.restassured
+ rest-assured
+ ${rest-assured.version}
+ test
+
+
+ commons-logging
+ commons-logging
+
+
+
+
spring-security-oauth-ui-password
diff --git a/spring-security-oauth/spring-security-oauth-ui-password/src/test/java/org/baeldung/live/AuthorizationLiveTest.java b/spring-security-oauth/spring-security-oauth-ui-password/src/test/java/org/baeldung/live/AuthorizationLiveTest.java
new file mode 100644
index 0000000000..456245daff
--- /dev/null
+++ b/spring-security-oauth/spring-security-oauth-ui-password/src/test/java/org/baeldung/live/AuthorizationLiveTest.java
@@ -0,0 +1,57 @@
+package org.baeldung.live;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+
+import com.jayway.restassured.RestAssured;
+import com.jayway.restassured.response.Response;
+
+public class AuthorizationLiveTest {
+
+ private String obtainAccessToken(String username, String password) {
+ final Map params = new HashMap();
+ params.put("grant_type", "password");
+ params.put("client_id", "clientIdPassword");
+ params.put("username", username);
+ params.put("password", password);
+ final Response response = RestAssured.given().auth().preemptive().basic("clientIdPassword", "secret").and().with().params(params).when().post("http://localhost:8081/spring-security-oauth-server/oauth/token");
+ return response.jsonPath().getString("access_token");
+ }
+
+ @Test
+ public void givenUser_whenAccessFoosResource_thenOk() {
+ final String accessToken = obtainAccessToken("john", "123");
+ final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
+ assertEquals(200, response.getStatusCode());
+ assertNotNull(response.jsonPath().get("name"));
+ }
+
+ @Test
+ public void givenUser_whenAccessBarssResource_thenUnauthorized() {
+ final String accessToken = obtainAccessToken("john", "123");
+ final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
+ assertEquals(403, response.getStatusCode());
+ }
+
+ @Test
+ public void givenAdmin_whenAccessFoosResource_thenOk() {
+ final String accessToken = obtainAccessToken("tom", "111");
+ final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/foos/1");
+ assertEquals(200, response.getStatusCode());
+ assertNotNull(response.jsonPath().get("name"));
+ }
+
+ @Test
+ public void givenAdmin_whenAccessBarssResource_thenOk() {
+ final String accessToken = obtainAccessToken("tom", "111");
+ final Response response = RestAssured.given().header("Authorization", "Bearer " + accessToken).get("http://localhost:8081/spring-security-oauth-resource/bars/1");
+ assertEquals(200, response.getStatusCode());
+ assertNotNull(response.jsonPath().get("name"));
+ }
+
+}