Wiki

Clone wiki

oauth-gae / Home

Welcome

This library contains implementations of OAuth-related services:

  • GaeClientDetailsService
  • GaeTokenStore

Maven Dependency

        <dependency>
            <groupId>com.wadpam.oauth</groupId>
            <artifactId>oauth-gae</artifactId>
            <version>1.0-SNAPSHOT</version>
        </dependency>

GaeClientDetailsService

        <bean id="clientDetails" class="com.wadpam.oauth.service.GaeClientDetailsService">
            <property name="oAuthClientDao" ref="oAuthClientDao" />
        </bean>

You get the oAuthClientDao bean instantiated by importing the spring-dao.xml file, in the jar:

    <import resource="classpath*:spring-dao.xml" />

Using the classpath* pattern imports all context files named spring-dao.xml you may have on the classpath.

Datastore Entities

The entities persisted in the datastore are of the kind OAuthClient, where the client-id serves as primary key.

GaeTokenStore

        <bean id="tokenStore" class="com.wadpam.oauth.service.GaeTokenStore">
            <property name="accessTokenEntityDao" ref="accessTokenEntityDao" />
        </bean>

And same here, you get the accessTokenEntityDao bean from the spring-dao.xml.

Datastore Entities

The entities persisted in the datastore are of the kind AccessTokenEntity, where the tokenValue serves as primary key.

The Spring OAuth Sample tonr-sparkl complete context

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:sec="http://www.springframework.org/schema/security"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
                    
        <import resource="classpath*:spring-dao.xml" />

	<http pattern="/oauth/token" create-session="never" authentication-manager-ref="clientAuthenticationManager"
		xmlns="http://www.springframework.org/schema/security">
		<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
		<anonymous enabled="false" />
		<http-basic />
		<!-- include this only if you need to authenticate clients via request parameters -->
		<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
		<access-denied-handler ref="oauthAccessDeniedHandler"/>
	</http>

	<!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling 
		separately.  This isn't mandatory, but it makes it easier to control the behaviour. -->
	<http pattern="/photos/**" entry-point-ref="oauthAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager"
		xmlns="http://www.springframework.org/schema/security">
		<intercept-url pattern="/photos" access="ROLE_USER,SCOPE_READ" />
		<intercept-url pattern="/photos/trusted/**" access="ROLE_CLIENT,SCOPE_TRUST" />
		<intercept-url pattern="/photos/user/**" access="ROLE_USER,SCOPE_TRUST" />
		<intercept-url pattern="/photos/**" access="ROLE_USER,SCOPE_READ" />
		<custom-filter ref="resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER" />
		<access-denied-handler ref="oauthAccessDeniedHandler"/>
	</http>

	<http xmlns="http://www.springframework.org/schema/security"
            access-denied-page="/login.jsp" 
            entry-point-ref="googleAccountsAuthenticationEntryPoint"
            create-session="stateless"
            >
		<!-- This needs to be anonymous so that the auth endpoint can handle oauth errors itself -->
		<intercept-url pattern="/oauth/authorize" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/oauth/**" access="ROLE_USER" />
		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
                <custom-filter position="PRE_AUTH_FILTER" ref="googleAccountsAuthenticationFilter" />
	</http>
        
        <bean id="googleAccountsAuthenticationEntryPoint" class="com.wadpam.broker.security.GoogleAccountsAuthenticationEntryPoint" />
        
        <bean id="googleAccountsAuthenticationFilter" class="com.wadpam.broker.security.GoogleAccountsAuthenticationFilter">
            <property name="authenticationManager" ref="authenticationManager" />
        </bean>
        
        <bean id="googleAccountsAuthenticationProvider" class="com.wadpam.broker.security.GoogleAccountsAuthenticationProvider">
            <property name="personDao" ref="personDao" />
        </bean>

	<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.MediaTypeAwareAuthenticationEntryPoint">
		<property name="realmName" value="Broker Service" />
	</bean>

	<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.MediaTypeAwareAccessDeniedHandler" />

	<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.filter.ClientCredentialsTokenEndpointFilter">
		<property name="authenticationManager" ref="clientAuthenticationManager" />
	</bean>

	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
		<constructor-arg>
			<list>
				<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
				<bean class="org.springframework.security.access.vote.RoleVoter" />
				<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
			</list>
		</constructor-arg>
	</bean>

	<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
		<authentication-provider user-service-ref="clientDetailsUserService" />
	</authentication-manager>

	<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
                <sec:authentication-provider ref="googleAccountsAuthenticationProvider" />
	</authentication-manager>

	<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
		<constructor-arg ref="clientDetails" />
	</bean>

	<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.RandomValueTokenServices">
            <property name="tokenStore" ref="tokenStore" />
	</bean>
        
        <bean id="tokenStore" class="com.wadpam.oauth.service.GaeTokenStore">
            <property name="accessTokenEntityDao" ref="accessTokenEntityDao" />
        </bean>

	<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
		<oauth:authorization-code />
		<oauth:implicit />
		<oauth:refresh-token />
		<oauth:client-credentials />
		<oauth:password />
	</oauth:authorization-server>

	<oauth:resource-server id="resourceServerFilter" resource-id="sparklr" token-services-ref="tokenServices" />

        <bean id="clientDetails" class="com.wadpam.oauth.service.GaeClientDetailsService" init-method="init">
            <property name="oAuthClientDao" ref="oAuthClientDao" />
            <property name="clients">
                <list>
                    <bean class="com.wadpam.oauth.domain.OAuthClient">
                        <property name="id" value="tonr" />
                        <property name="resourceIds" value="sparklr" />
                        <property name="authorizedGrantTypes" value="authorization_code,implicit" />
                        <property name="authorities" value="ROLE_CLIENT" />
                        <property name="scope" value="read,write,trust" />
                        <property name="secret" value="secret" />
                    </bean>
                </list>
            </property>
        </bean>

	<mvc:annotation-driven />

	<mvc:default-servlet-handler />

	<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
		<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
		<sec:expression-handler ref="oauthExpressionHandler" />
	</sec:global-method-security>

	<oauth:expression-handler id="oauthExpressionHandler" />

	<!--Basic application beans. -->
	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix" value="/WEB-INF/jsp/" />
		<property name="suffix" value=".jsp" />
	</bean>

	<bean id="photoController" class="org.springframework.security.oauth.examples.sparklr.mvc.PhotoController">
		<property name="photoService" ref="photoServices" />
	</bean>

	<bean id="accessConfirmationController" class="org.springframework.security.oauth.examples.sparklr.mvc.AccessConfirmationController">
		<property name="clientDetailsService" ref="clientDetails" />
	</bean>

	<bean id="photoServices" class="org.springframework.security.oauth.examples.sparklr.impl.PhotoServiceImpl">
		<property name="photos">
			<list>
				<bean class="org.springframework.security.oauth.examples.sparklr.PhotoInfo">
					<property name="id" value="1" />
					<property name="name" value="photo1.jpg" />
					<property name="userId" value="marissa" />
					<property name="resourceURL" value="/org/springframework/security/oauth/examples/sparklr/impl/resources/photo1.jpg" />
				</bean>
				<bean class="org.springframework.security.oauth.examples.sparklr.PhotoInfo">
					<property name="id" value="2" />
					<property name="name" value="photo2.jpg" />
					<property name="userId" value="paul" />
					<property name="resourceURL" value="/org/springframework/security/oauth/examples/sparklr/impl/resources/photo2.jpg" />
				</bean>
				<bean class="org.springframework.security.oauth.examples.sparklr.PhotoInfo">
					<property name="id" value="3" />
					<property name="name" value="photo3.jpg" />
					<property name="userId" value="marissa" />
					<property name="resourceURL" value="/org/springframework/security/oauth/examples/sparklr/impl/resources/photo3.jpg" />
				</bean>
				<bean class="org.springframework.security.oauth.examples.sparklr.PhotoInfo">
					<property name="id" value="4" />
					<property name="name" value="photo4.jpg" />
					<property name="userId" value="paul" />
					<property name="resourceURL" value="/org/springframework/security/oauth/examples/sparklr/impl/resources/photo4.jpg" />
				</bean>
				<bean class="org.springframework.security.oauth.examples.sparklr.PhotoInfo">
					<property name="id" value="5" />
					<property name="name" value="photo5.jpg" />
					<property name="userId" value="marissa" />
					<property name="resourceURL" value="/org/springframework/security/oauth/examples/sparklr/impl/resources/photo5.jpg" />
				</bean>
				<bean class="org.springframework.security.oauth.examples.sparklr.PhotoInfo">
					<property name="id" value="6" />
					<property name="name" value="photo6.jpg" />
					<property name="userId" value="paul" />
					<property name="resourceURL" value="/org/springframework/security/oauth/examples/sparklr/impl/resources/photo6.jpg" />
				</bean>
			</list>
		</property>
	</bean>

</beans>

Updated