Fix SSO so it can push config into resource server
This commit is contained in:
@@ -19,6 +19,9 @@ import lombok.Data;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.validation.Errors;
|
||||
import org.springframework.validation.Validator;
|
||||
|
||||
/**
|
||||
* @author Dave Syer
|
||||
@@ -26,27 +29,52 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
*/
|
||||
@ConfigurationProperties("oauth2.resource")
|
||||
@Data
|
||||
public class ResourceServerProperties {
|
||||
public class ResourceServerProperties implements Validator {
|
||||
|
||||
private String serviceId = "resource";
|
||||
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.id:}")
|
||||
private String id;
|
||||
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientId:}")
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientId:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.clientId:}}")
|
||||
private String clientId;
|
||||
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientSecret:}")
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.clientSecret:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.clientSecret:}}")
|
||||
private String clientSecret;
|
||||
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:sso}.credentials.userInfoUri:}")
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.userInfoUri:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.userInfoUri:}}")
|
||||
private String userInfoUri;
|
||||
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:sso}.credentials.tokenInfoUri:}")
|
||||
@Value("${vcap.services.${oauth2.resource.serviceId:resource}.credentials.tokenInfoUri:${vcap.services.${oauth2.sso.serviceId:sso}.credentials.tokenInfoUri:}}")
|
||||
private String tokenInfoUri;
|
||||
|
||||
private boolean preferTokenInfo = true;
|
||||
|
||||
public String getResourceId() {
|
||||
return id==null ? clientId : id;
|
||||
return !StringUtils.hasText(id) ? clientId : id;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> clazz) {
|
||||
return ResourceServerProperties.class.isAssignableFrom(clazz);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void validate(Object target, Errors errors) {
|
||||
ResourceServerProperties resource = (ResourceServerProperties) target;
|
||||
if (StringUtils.hasText(resource.getClientId())) {
|
||||
if (!StringUtils.hasText(resource.getClientSecret())) {
|
||||
if (!StringUtils.hasText(resource.getUserInfoUri())) {
|
||||
errors.rejectValue("userInfoUri", "missing.userInfoUri",
|
||||
"Missing userInfoUri (no client secret available)");
|
||||
}
|
||||
} else {
|
||||
if (!StringUtils.hasText(resource.getTokenInfoUri())) {
|
||||
errors.rejectValue("tokenInfoUri", "missing.tokenInfoUri",
|
||||
"Missing tokenInfoUri");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -206,7 +206,7 @@ public class OAuth2SsoConfiguration {
|
||||
|
||||
http.logout()
|
||||
.logoutRequestMatcher(new AntPathRequestMatcher(sso.getLogoutPath()))
|
||||
.addLogoutHandler(logoutHandler());
|
||||
.addLogoutHandler(logoutHandler()).permitAll();
|
||||
http.exceptionHandling().authenticationEntryPoint(
|
||||
new LoginUrlAuthenticationEntryPoint(sso.getLoginPath()));
|
||||
|
||||
@@ -232,7 +232,7 @@ public class OAuth2SsoConfiguration {
|
||||
response.sendRedirect(sso.getLogoutUri(redirect));
|
||||
}
|
||||
catch (IOException e) {
|
||||
throw new IllegalStateException("Cannot logout", e);
|
||||
throw new IllegalStateException("Cannot logout remote server", e);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
@@ -64,7 +64,7 @@ public class OAuth2SsoProperties implements Validator {
|
||||
}
|
||||
|
||||
public String getLogoutUri(String redirectUrl) {
|
||||
return logoutUri != null ? logoutUri : tokenUri.replace("/oauth/token",
|
||||
return StringUtils.hasText(logoutUri) ? logoutUri : tokenUri.replace("/oauth/token",
|
||||
"/logout.do?redirect=" + redirectUrl);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user