1 /* 2 * Copyright 2013-2014 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with 5 * the License. You may obtain a copy of the License at 6 * 7 * https://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on 10 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the 11 * specific language governing permissions and limitations under the License. 12 */ 13 14 package org.springframework.security.oauth2.config.annotation.web.configuration; 15 16 import java.lang.annotation.Documented; 17 import java.lang.annotation.ElementType; 18 import java.lang.annotation.Retention; 19 import java.lang.annotation.RetentionPolicy; 20 import java.lang.annotation.Target; 21 22 import org.springframework.context.annotation.Import; 23 import org.springframework.security.oauth2.client.OAuth2RestTemplate; 24 import org.springframework.security.oauth2.client.token.AccessTokenRequest; 25 import org.springframework.web.filter.DelegatingFilterProxy; 26 27 /** 28 * Enable configuration for an OAuth2 client in a web application that uses Spring Security and wants to use the 29 * Authorization Code Grant from one or more OAuth2 Authorization servers. To take advantage of this feature you need a 30 * global servlet filter in your application of the {@link DelegatingFilterProxy} that delegates to a bean named 31 * "oauth2ClientContextFilter". Once that filter is in place your client app can use another bean provided by this 32 * annotation (an {@link AccessTokenRequest}) to create an {@link OAuth2RestTemplate}, e.g. 33 * 34 * <pre> 35 * @Configuration 36 * @EnableOAuth2Client 37 * public class RemoteResourceConfiguration { 38 * 39 * @Bean 40 * public OAuth2RestOperations restTemplate(OAuth2ClientContext oauth2ClientContext) { 41 * return new OAuth2RestTemplate(remote(), oauth2ClientContext); 42 * } 43 * 44 * } 45 * </pre> 46 * 47 * Client apps that use client credentials grants do not need the AccessTokenRequest or the scoped RestOperations (the 48 * state is global for the app), but they should still use the filter to trigger the OAuth2RestOperations to obtain a 49 * token when necessary. Apps that use password grants need to set the authentication properties in the 50 * OAuth2ProtectedResourceDetails before using the RestOperations, and this means the resource details themselves also 51 * have to be per session (assuming there are multiple users in the system). 52 * 53 * @author Dave Syer 54 * 55 */ 56 @Target(ElementType.TYPE) 57 @Retention(RetentionPolicy.RUNTIME) 58 @Documented 59 @Import(OAuth2ClientConfiguration.class) 60 public @interface EnableOAuth2Client { 61 62 }