<sec:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<sec:http-basic />
<sec:csrf disabled="true" />
+
+ <!-- Handle token auth -->
+ <sec:custom-filter ref="oauthResourceServerFilter" before="PRE_AUTH_FILTER" />
</sec:http>
<sec:authentication-manager id="userAuthenticationManager">
</constructor-arg>
</bean>
+ <oauth:resource-server id="oauthResourceServerFilter" resource-id="cspace-services" token-services-ref="tokenServices" />
+
<sec:authentication-manager id="clientAuthenticationManager">
<sec:authentication-provider user-service-ref="clientDetailsUserDetailsService"/>
</sec:authentication-manager>
<constructor-arg ref="tokenEnhancer" />
</bean>
- <bean id="tokenEnhancer" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter" />
+ <bean id="tokenEnhancer" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter">
+ <!--
+ Can specify a signing key here. By default a random one is generated on bean instantiation,
+ which means that when CSpace is restarted, all granted tokens will become invalid. A
+ public/private key pair may also be supplied, using keyPair.
+ -->
+ <!-- <property name="signingKey" value="" /> -->
+ <property name="accessTokenConverter">
+ <bean class="org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter">
+ <property name="userTokenConverter">
+ <bean class="org.collectionspace.authentication.spring.CSpaceUserAuthenticationConverter">
+ <constructor-arg ref="userDetailsService" />
+ </bean>
+ </property>
+ </bean>
+ </property>
+ </bean>
</beans>
--- /dev/null
+package org.collectionspace.authentication.spring;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
+
+/**
+ * Converter for CSpace user authentication information to and from Maps.
+ * This is used to serialize/deserialize user information to/from JWTs.
+ * When extracting the user authentication from a map, only the username
+ * is required. The full user information is retrieved from a UserDetailsService.
+ */
+public class CSpaceUserAuthenticationConverter implements UserAuthenticationConverter {
+
+ private UserDetailsService userDetailsService;
+
+ /**
+ * Creates a converter that uses the given UserDetailsService when extracting
+ * the authentication information.
+ *
+ * @param userDetailsService the UserDetailsService to use
+ */
+ public CSpaceUserAuthenticationConverter(UserDetailsService userDetailsService) {
+ this.userDetailsService = userDetailsService;
+ }
+
+ @Override
+ public Map<String, ?> convertUserAuthentication(Authentication userAuthentication) {
+ // In extractAuthentication we use a UserDetailsService to look up
+ // the user's roles and tenants, so there's no need to serialize
+ // those. We just need the username.
+
+ Map<String, Object> response = new LinkedHashMap<String, Object>();
+
+ response.put(USERNAME, userAuthentication.getName());
+
+ return response;
+ }
+
+ @Override
+ public Authentication extractAuthentication(Map<String, ?> map) {
+ if (!map.containsKey(USERNAME) || userDetailsService == null) {
+ return null;
+ }
+
+ String username = (String) map.get(USERNAME);
+
+ try {
+ UserDetails user = userDetailsService.loadUserByUsername(username);
+
+ return new UsernamePasswordAuthenticationToken(user, "N/A", user.getAuthorities());
+ }
+ catch(UsernameNotFoundException e) {
+ return null;
+ }
+ }
+}
<fileset dir="${jee.server.cspace}/lib" includes="aopalliance-*.jar"/>
<fileset dir="${jee.server.cspace}/lib" includes="commons-lang3-*.jar"/>
<fileset dir="${jee.server.cspace}/lib" includes="ehcache-*.jar"/>
+ <fileset dir="${jee.server.cspace}/lib" includes="jackson-*.jar"/>
<fileset dir="${jee.server.cspace}/lib" includes="org.springframework.*.jar"/>
<fileset dir="${jee.server.cspace}/lib" includes="spring-*.jar"/>
+ <fileset dir="${jee.server.cspace}/lib" includes="stax2-api-*.jar"/>
</delete>
</target>
projects / tmp / jakarta-migration.git / commitdiff