-
Notifications
You must be signed in to change notification settings - Fork 0
/
SpringSecurityOauth2ProviderGrailsPlugin.groovy
160 lines (140 loc) · 8.1 KB
/
SpringSecurityOauth2ProviderGrailsPlugin.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
/* Copyright 2006-2010 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http:https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.codehaus.groovy.grails.plugins.springsecurity.SecurityFilterPosition
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
import org.springframework.security.oauth.common.signature.CoreOAuthSignatureMethodFactory
import org.springframework.security.oauth2.common.DefaultOAuth2SerializationService
import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer
import org.springframework.security.oauth2.provider.AccessGrantAuthenticationProvider
import org.springframework.security.oauth2.provider.BaseClientDetails
import org.springframework.security.oauth2.provider.InMemoryClientDetailsService
import org.springframework.security.oauth2.provider.OAuth2AuthorizationFilter
import org.springframework.security.oauth2.provider.OAuth2AuthorizationSuccessHandler
import org.springframework.security.oauth2.provider.OAuth2ExceptionHandlerFilter
import org.springframework.security.oauth2.provider.OAuth2ProtectedResourceFilter
import org.springframework.security.oauth2.provider.password.ClientPasswordAuthenticationProvider
import org.springframework.security.oauth2.provider.client.ClientCredentialsAuthenticationProvider
import org.springframework.security.oauth2.provider.refresh.RefreshAuthenticationProvider
import org.springframework.security.oauth2.provider.token.InMemoryOAuth2ProviderTokenServices
import org.springframework.security.oauth2.provider.verification.BasicUserApprovalFilter
import org.springframework.security.oauth2.provider.verification.DefaultClientAuthenticationCache
import org.springframework.security.oauth2.provider.verification.InMemoryVerificationCodeServices
import org.springframework.security.oauth2.provider.verification.VerificationCodeAuthenticationProvider
import org.springframework.security.oauth2.provider.verification.VerificationCodeFilter
class SpringSecurityOauth2ProviderGrailsPlugin {
def version = "0.3-SNAPSHOT"
String grailsVersion = '1.2.2 > *'
List pluginExcludes = [
'docs/**',
'src/docs/**',
'test/**',
]
//Map dependsOn = [springSecurityCore: '1.0 > *']
def loadAfter = ["core", "springSecurityCore"]
def license = "APACHE"
def organization = [ name:"Adaptive Computing", url:"http:https://adaptivecomputing.com" ]
def issueManagement = [ system:"GitHub", url:"http:https://github.com/adaptivecomputing/grails-spring-security-oauth2-provider/issues" ]
def scm = [ url:"http:https://github.com/adaptivecomputing/grails-spring-security-oauth2-provider" ]
String author = 'Brian Saville'
String authorEmail = '[email protected]'
String title = 'OAuth2 Provider support for the Spring Security plugin.'
String description = '''\
OAuth2 Provider support for the Spring Security plugin. Based on Burt Beckwith\'s OAuth 1 Provider plugin
'''
String documentation = 'http:https://grails.org/plugin/spring-security-oauth2-provider'
def doWithSpring = {
def conf = SpringSecurityUtils.securityConfig
if (!conf || !conf.active) {
return
}
println 'Configuring Spring Security OAuth2 Provider ...'
SpringSecurityUtils.loadSecondaryConfig 'DefaultOAuth2ProviderSecurityConfig'
// have to get again after overlaying DefaultOAuthProviderSecurityConfig
conf = SpringSecurityUtils.securityConfig
if (!conf.oauthProvider.active)
return
SpringSecurityUtils.registerProvider 'oauthVerificationAuthenticationProvider'
SpringSecurityUtils.registerProvider 'oauthAccessGrantAuthenticationProvider'
SpringSecurityUtils.registerProvider 'oauthRefreshAuthenticationProvider'
SpringSecurityUtils.registerProvider 'oauthClientPasswordAuthenticationProvider'
SpringSecurityUtils.registerProvider 'oauthClientCredentialsAuthenticationProvider'
SpringSecurityUtils.registerFilter 'oauthExceptionHandlerFilter',
SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order + 1
SpringSecurityUtils.registerFilter 'verificationCodeFilter',
SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order + 2
SpringSecurityUtils.registerFilter 'oauthAuthorizationFilter',
SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order + 3
SpringSecurityUtils.registerFilter 'oauthProtectedResourceFilter',
SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order + 4
SpringSecurityUtils.registerFilter 'oauthUserApprovalFilter', 1
// Providers
oauthAccessGrantAuthenticationProvider(AccessGrantAuthenticationProvider) {
clientDetailsService = ref('clientDetailsService')
}
oauthVerificationAuthenticationProvider(VerificationCodeAuthenticationProvider) {
verificationServices = ref('oauthVerificationCodeServices')
}
oauthRefreshAuthenticationProvider(RefreshAuthenticationProvider)
oauthClientPasswordAuthenticationProvider(ClientPasswordAuthenticationProvider)
oauthClientCredentialsAuthenticationProvider(ClientCredentialsAuthenticationProvider)
// Filters
oauthUserApprovalFilter(BasicUserApprovalFilter) {
approvalParameter = conf.oauthProvider.user.approvalParameter // user_oauth_approval
approvalParameterValue = conf.oauthProvider.user.approvalParameterValue // true
}
verificationCodeFilter(VerificationCodeFilter) {
allowSessionCreation = conf.apf.allowSessionCreation // true
authenticationCache = ref(conf.oauthProvider.verificationCode.clientAuthenticationCache) // oauthClientAuthenticationCache
clientDetailsService = ref('clientDetailsService')
continueChainBeforeSuccessfulAuthentication = conf.apf.continueChainBeforeSuccessfulAuthentication // false
filterProcessesUrl = conf.oauthProvider.user.authUrl // /oauth/user/authorize'
userApprovalHandler = ref('oauthUserApprovalFilter')
verificationServices = ref('oauthVerificationCodeServices')
unapprovedAuthenticationHandler = ref('oauthUnapprovedAuthenticationHandler')
}
oauthAuthorizationFilter(OAuth2AuthorizationFilter) {
allowSessionCreation = conf.apf.allowSessionCreation // true
authenticationManager = ref('authenticationManager')
authenticationSuccessHandler = ref('oauthSuccessfulAuthenticationHandler')
continueChainBeforeSuccessfulAuthentication = conf.apf.continueChainBeforeSuccessfulAuthentication // false
filterProcessesUrl = conf.oauthProvider.client.authUrl // /oauth/client/authorize'
}
oauthExceptionHandlerFilter(OAuth2ExceptionHandlerFilter)
oauthProtectedResourceFilter(OAuth2ProtectedResourceFilter) {
tokenServices = ref('oauthTokenServices')
}
// Handlers
oauthSuccessfulAuthenticationHandler(OAuth2AuthorizationSuccessHandler) {
tokenServices = ref('oauthTokenServices')
}
oauthUnapprovedAuthenticationHandler(SimpleUrlAuthenticationFailureHandler) {
defaultFailureUrl = conf.oauthProvider.user.confirmUrl // /login/confirm
}
// Services
clientDetailsService(InMemoryClientDetailsService)
oauthClientAuthenticationCache(DefaultClientAuthenticationCache)
oauthTokenServices(InMemoryOAuth2ProviderTokenServices) {
reuseRefreshToken = conf.oauthProvider.tokenServices.reuseRefreshToken // true
supportRefreshToken = conf.oauthProvider.tokenServices.supportRefreshToken // true
tokenSecretLengthBytes = conf.oauthProvider.tokenServices.tokenSecretLengthBytes // 80
refreshTokenValiditySeconds = conf.oauthProvider.tokenServices.refreshTokenValiditySeconds // 10 minutes
accessTokenValiditySeconds = conf.oauthProvider.tokenServices.accessTokenValiditySeconds // 12 hours
}
oauthVerificationCodeServices(InMemoryVerificationCodeServices)
// TODO Implement oauth2ProtectedResourceDetails bean to give permissions to resources based on annotations?
//oauth2ProtectedResourceDetails()
}
}