security config modified

2019-07-16 11:52:30 +09:00
parent f3700246c0
commit 698ebcfb0d
4 changed files with 103 additions and 8 deletions
--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/ResourceServerConfig.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/ResourceServerConfig.java
@@ -9,8 +9,9 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.E
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

 //@Order(SecurityProperties.BASIC_AUTH_ORDER)
-@Configuration
-@EnableResourceServer
+//@Configuration
+//@EnableResourceServer
+// not use
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/WebMvcConfig2.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/WebMvcConfig2.java
@@ -1,11 +1,13 @@
 package io.bluemoon.authorizationserver2.config;

 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

-@EnableWebMvc
+@EnableWebSecurity
@Configuration
 public class WebMvcConfig2 implements WebMvcConfigurer {

@@ -14,4 +16,10 @@ public class WebMvcConfig2 implements WebMvcConfigurer {
        registry.addViewController("/signIn").setViewName("signIn");
        registry.addViewController("/signUp").setViewName("signUp");
    }
+
+    @Override
+    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("/**")
+                .addResourceLocations("/resources -> next depth");
+    }
 }
--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/WebSecurity2Config.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/WebSecurity2Config.java
@@ -16,7 +16,8 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

@Configuration
-@EnableWebSecurity
+//@EnableWebSecurity
+@Order(-1)
 public class WebSecurity2Config extends WebSecurityConfigurerAdapter {
    private CustomUserDetailsServiceImpl customUserDetailsService;

@@ -40,13 +41,17 @@ public class WebSecurity2Config extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
-                .authorizeRequests()
-                .antMatchers("/oauth/token").permitAll()
-                .anyRequest().authenticated()
+                .csrf().disable().cors().disable()
+                .requestMatchers()
+                .antMatchers("/css/**", "/script/**", "image/**", "/fonts/**", "lib/**")
+
                .and()
                .headers().frameOptions().disable()
                .and()
-                .exceptionHandling();
+                .authorizeRequests()
+                .antMatchers("/css/**", "/script/**", "image/**", "/fonts/**", "lib/**").permitAll()
+                .anyRequest()
+                .authenticated();
    }

    @Bean
--- a/authorization-server2/src/main/resources/schema.sql
+++ b/authorization-server2/src/main/resources/schema.sql
@@ -0,0 +1,81 @@
+use oauth2;
+-- used in tests that use HSQL
+create table oauth_client_details (
+  client_id VARCHAR(255) primary key,
+  resource_ids VARCHAR(255),
+  client_secret VARCHAR(255),
+  scope VARCHAR(255),
+  authorized_grant_types VARCHAR(255),
+  web_server_redirect_uri VARCHAR(255),
+  authorities VARCHAR(255),
+  access_token_validity INTEGER,
+  refresh_token_validity INTEGER,
+  additional_information VARCHAR(4096),
+  autoapprove VARCHAR(255)
+) DEFAULT CHARSET=utf8;
+
+create table oauth_client_token (
+  token_id VARCHAR(255),
+  token BLOB,
+  authentication_id VARCHAR(255) PRIMARY KEY,
+  user_name VARCHAR(255),
+  client_id VARCHAR(255)
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+create table oauth_access_token (
+  token_id VARCHAR(255),
+  token BLOB,
+  authentication_id VARCHAR(255) PRIMARY KEY,
+  user_name VARCHAR(255),
+  client_id VARCHAR(255),
+  authentication BLOB,
+  refresh_token VARCHAR(255)
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;;
+
+create table oauth_refresh_token (
+  token_id VARCHAR(255),
+  token BLOB,
+  authentication BLOB
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+create table oauth_code (
+  code VARCHAR(255), authentication BLOB
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+create table oauth_approvals (
+	userId VARCHAR(255),
+	clientId VARCHAR(255),
+	scope VARCHAR(255),
+	status VARCHAR(10),
+	expiresAt TIMESTAMP,
+	lastModifiedAt TIMESTAMP
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+
+-- customized oauth_client_details table
+create table ClientDetails (
+  appId VARCHAR(255) PRIMARY KEY,
+  resourceIds VARCHAR(255),
+  appSecret VARCHAR(255),
+  scope VARCHAR(255),
+  grantTypes VARCHAR(255),
+  redirectUrl VARCHAR(255),
+  authorities VARCHAR(255),
+  access_token_validity INTEGER,
+  refresh_token_validity INTEGER,
+  additionalInformation VARCHAR(4096),
+  autoApproveScopes VARCHAR(255)
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `user` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_name` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
+  `password` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
+  `user_type` char(1) COLLATE utf8_unicode_ci NOT NULL,
+  `reg_date` datetime NOT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `user_name` (`user_name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+