Fix SSO so it can push config into resource server

This commit is contained in:
Dave Syer
2014-09-01 16:51:58 +01:00
parent db9bfb0b56
commit 5752134e6d
3 changed files with 37 additions and 9 deletions

View File

@@ -19,6 +19,9 @@ import lombok.Data;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.util.StringUtils;
import org.springframework.validation.Errors;
import org.springframework.validation.Validator;
/**
* @author Dave Syer
@@ -26,27 +29,52 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
*/
@ConfigurationProperties("oauth2.resource")
@Data
public class ResourceServerProperties {
public class ResourceServerProperties implements Validator {
private String serviceId = "resource";
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.id:}")
private String id;
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientId:}")
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientId:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.clientId:}}")
private String clientId;
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientSecret:}")
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientSecret:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.clientSecret:}}")
private String clientSecret;
@Value("${vcap.services.${oauth2.resource.serviceId:sso}.credentials.userInfoUri:}")
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.userInfoUri:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.userInfoUri:}}")
private String userInfoUri;
@Value("${vcap.services.${oauth2.resource.serviceId:sso}.credentials.tokenInfoUri:}")
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.tokenInfoUri:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.tokenInfoUri:}}")
private String tokenInfoUri;
private boolean preferTokenInfo = true;
public String getResourceId() {
return id==null ? clientId : id;
return !StringUtils.hasText(id) ? clientId : id;
}
@Override
public boolean supports(Class<?> clazz) {
return ResourceServerProperties.class.isAssignableFrom(clazz);
}
@Override
public void validate(Object target, Errors errors) {
ResourceServerProperties resource = (ResourceServerProperties) target;
if (StringUtils.hasText(resource.getClientId())) {
if (!StringUtils.hasText(resource.getClientSecret())) {
if (!StringUtils.hasText(resource.getUserInfoUri())) {
errors.rejectValue("userInfoUri", "missing.userInfoUri",
"Missing userInfoUri (no client secret available)");
}
} else {
if (!StringUtils.hasText(resource.getTokenInfoUri())) {
errors.rejectValue("tokenInfoUri", "missing.tokenInfoUri",
"Missing tokenInfoUri");
}
}
}
}
}

View File

@@ -206,7 +206,7 @@ public class OAuth2SsoConfiguration {
http.logout()
.logoutRequestMatcher(new AntPathRequestMatcher(sso.getLogoutPath()))
.addLogoutHandler(logoutHandler());
.addLogoutHandler(logoutHandler()).permitAll();
http.exceptionHandling().authenticationEntryPoint(
new LoginUrlAuthenticationEntryPoint(sso.getLoginPath()));
@@ -232,7 +232,7 @@ public class OAuth2SsoConfiguration {
response.sendRedirect(sso.getLogoutUri(redirect));
}
catch (IOException e) {
throw new IllegalStateException("Cannot logout", e);
throw new IllegalStateException("Cannot logout remote server", e);
}
}
};

View File

@@ -64,7 +64,7 @@ public class OAuth2SsoProperties implements Validator {
}
public String getLogoutUri(String redirectUrl) {
return logoutUri != null ? logoutUri : tokenUri.replace("/oauth/token",
return StringUtils.hasText(logoutUri) ? logoutUri : tokenUri.replace("/oauth/token",
"/logout.do?redirect=" + redirectUrl);
}