dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19402: minor, adds current oauth2 configuration in security.xml (but commented out), still wip

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Mon, 15 Jun 2015 04:04:29 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 19402
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2015-06-15 11:03:19 +0700
message:
  minor, adds current oauth2 configuration in security.xml (but commented out), still wip
modified:
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
  dhis-2/pom.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	2015-06-10 10:50:31 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	2015-06-15 04:03:19 +0000
@@ -36,6 +36,9 @@
 import org.springframework.security.oauth2.provider.ClientRegistrationException;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 
+import java.util.HashSet;
+import java.util.Set;
+
 /**
  * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
  */
@@ -64,9 +67,21 @@
             return null;
         }
 
+        Set<String> grantTypes = new HashSet<>();
+        grantTypes.add( "password" );
+        grantTypes.add( "authorization_code" );
+        grantTypes.add( "refresh_token" );
+        grantTypes.add( "client_credentials" );
+        grantTypes.add( "implicit" );
+
+        Set<String> scopes = new HashSet<>();
+        scopes.add( "ALL" );
+
         BaseClientDetails clientDetails = new BaseClientDetails();
         clientDetails.setClientId( client.getCid() );
         clientDetails.setClientSecret( client.getSecret() );
+        clientDetails.setAuthorizedGrantTypes( grantTypes );
+        clientDetails.setScope( scopes );
 
         return clientDetails;
     }

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2015-06-10 12:17:45 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2015-06-15 04:03:19 +0000
@@ -1,11 +1,69 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:sec="http://www.springframework.org/schema/security";
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+  xmlns:sec="http://www.springframework.org/schema/security"; xmlns:oauth="http://www.springframework.org/schema/security/oauth2";
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
-    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd";>
+    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+    http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd";>
+
+  <bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener" />
+
+  <!-- /oauth/authorize
+  <sec:http pattern="/oauth/authorize/**" access-denied-page="/login.jsp?authorization_error=true" disable-url-rewriting="true">
+      <sec:intercept-url pattern="/oauth/authorize/**" access="IS_AUTHENTICATED_FULLY" />
+      <sec:form-login authentication-failure-url="/login.jsp?authentication_error=true"
+          default-target-url="http://www.ourwebsite.com/"; login-page="/login.jsp"
+          login-processing-url="/login.do" />
+      <sec:http-basic />
+      <sec:anonymous />
+  </sec:http>
+  -->
+
+  <!-- OAuth2
+  <sec:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager">
+    <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
+    <sec:anonymous enabled="false" />
+    <sec:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
+    <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
+    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
+  </sec:http>
+
+  <oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices">
+    <oauth:authorization-code />
+    <oauth:implicit />
+    <oauth:refresh-token />
+    <oauth:client-credentials />
+    <oauth:password />
+  </oauth:authorization-server>
+
+  <sec:authentication-manager id="clientAuthenticationManager">
+    <sec:authentication-provider user-service-ref="clientDetailsUserService" />
+  </sec:authentication-manager>
 
   <bean id="clientDetailsService" class="org.hisp.dhis.security.oauth2.DefaultClientDetailsService" />
 
+  <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
+    <constructor-arg ref="clientDetailsService" />
+  </bean>
+
+  <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
+
+  <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
+    <property name="tokenStore" ref="tokenStore" />
+    <property name="supportRefreshToken" value="true" />
+  </bean>
+
+  <bean id="oauthAuthenticationEntryPoint"
+    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
+    <property name="realmName" value="dhis2/oauth2" />
+  </bean>
+
+  <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
+
+  <bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
+    <property name="authenticationManager" ref="clientAuthenticationManager" />
+  </bean>
+  -->
+
   <bean id="mappedRedirectStrategy" class="org.hisp.dhis.security.MappedRedirectStrategy">
     <property name="redirectMap">
       <map>

=== modified file 'dhis-2/pom.xml'
--- dhis-2/pom.xml	2015-06-11 18:44:52 +0000
+++ dhis-2/pom.xml	2015-06-15 04:03:19 +0000
@@ -509,7 +509,7 @@
       <dependency>
         <groupId>org.springframework.security.oauth</groupId>
         <artifactId>spring-security-oauth2</artifactId>
-        <version>2.0.7.RELEASE</version>
+        <version>${spring.security.oauth2.version}</version>
       </dependency>
 
       <!-- Spring Mobile -->
@@ -1031,6 +1031,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <spring.version>4.1.6.RELEASE</spring.version>
     <spring.security.version>3.2.7.RELEASE</spring.security.version>
+    <spring.security.oauth2.version>2.0.7.RELEASE</spring.security.oauth2.version>
     <struts.version>2.3.16.3</struts.version>
     <hibernate.version>4.2.19.Final</hibernate.version>
     <hibernate-validator.version>4.3.1.Final</hibernate-validator.version>