0

我正在尝试为密码授予 oauth 流(Spring-Outh)设置 UsernameNotFoundException 和 BadCredentialsException 的处理程序。处理程序的目的是,每当抛出这些异常中的任何一个时,都会在数据库中增加一个计数器。

我不确定这个处理程序需要在什么时候设置。

 <http pattern="/oauth/token" create-session="stateless"   authentication-manager-ref="authenticationManager" xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="ROLE_USER"  />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint"  />

    <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />

    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>


<!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling 
    separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
<http pattern="/public/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
    access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/public/registration" access="ROLE_USER,SCOPE_READ"  />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<http use-expressions="true" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint">
    <intercept-url pattern="/public/registration/activation/**" access="permitAll" />
</http>

<authentication-manager alias="authenticationManager"  xmlns="http://www.springframework.org/schema/security">
    <sec:authentication-provider user-service-ref="clientDetailsUserService" />
    <sec:authentication-provider ref="daoProvider">
    </sec:authentication-provider>
</authentication-manager>


<beans:bean id="customUserDetailService" class="com.cointraders.api.services.UserDetailsServiceImpl" />


<beans:bean id="daoProvider" class="com.cointraders.api.daoauthproviders.CustomDaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="customUserDetailService"/>
    <beans:property name="passwordEncoder" ref="passwordEncoder" />
</beans:bean>

<beans:bean id="clientDetails" class="org.springframework.security.oauth2.provider.JdbcClientDetailsService">
    <beans:constructor-arg ref="dataSource" />
</beans:bean>

<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
    <beans:constructor-arg>
        <beans:list>
            <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <beans:bean class="org.springframework.security.access.vote.RoleVoter" />
            <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </beans:list>
    </beans:constructor-arg>
</beans:bean>   

<oauth:authorization-server  client-details-service-ref="clientDetails" token-services-ref="tokenServices">
    <oauth:refresh-token />
    <oauth:client-credentials/>
    <oauth:custom-grant token-granter-ref="randomTokenGrant" />
</oauth:authorization-server>
4

1 回答 1

0

AuthenticationManager是一个非常简单的界面。我认为没有人需要帮助来实现这一点。并且授权服务器配置 DSL 有明确的插入点AuthenticationManager(例如,AuthorizationServerEndpointsConfigurer在 Java 中,像这里:https ://github.com/spring-projects/spring-security-oauth/blob/master/tests/annotation/jdbc/ src/main/java/demo/Application.java)。

于 2014-07-15T06:00:47.623 回答