1 /* 2 * Copyright 2013-2014 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with 5 * the License. You may obtain a copy of the License at 6 * 7 * https://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on 10 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the 11 * specific language governing permissions and limitations under the License. 12 */ 13 14 package org.springframework.security.oauth2.config.annotation.web.configuration; 15 16 import org.springframework.security.authentication.AuthenticationManager; 17 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 18 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 19 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; 20 import org.springframework.security.oauth2.provider.ClientDetailsService; 21 22 /** 23 * Convenient strategy for configuring an OAUth2 Authorization Server. Beans of this type are applied to the Spring 24 * context automatically if you {@link EnableAuthorizationServer @EnableAuthorizationServer}. 25 * 26 * @author Dave Syer 27 * 28 */ 29 public interface AuthorizationServerConfigurer { 30 31 /** 32 * Configure the security of the Authorization Server, which means in practical terms the /oauth/token endpoint. The 33 * /oauth/authorize endpoint also needs to be secure, but that is a normal user-facing endpoint and should be 34 * secured the same way as the rest of your UI, so is not covered here. The default settings cover the most common 35 * requirements, following recommendations from the OAuth2 spec, so you don't need to do anything here to get a 36 * basic server up and running. 37 * 38 * @param security a fluent configurer for security features 39 */ 40 void configure(AuthorizationServerSecurityConfigurer security) throws Exception; 41 42 /** 43 * Configure the {@link ClientDetailsService}, e.g. declaring individual clients and their properties. Note that 44 * password grant is not enabled (even if some clients are allowed it) unless an {@link AuthenticationManager} is 45 * supplied to the {@link #configure(AuthorizationServerEndpointsConfigurer)}. At least one client, or a fully 46 * formed custom {@link ClientDetailsService} must be declared or the server will not start. 47 * 48 * @param clients the client details configurer 49 */ 50 void configure(ClientDetailsServiceConfigurer clients) throws Exception; 51 52 /** 53 * Configure the non-security features of the Authorization Server endpoints, like token store, token 54 * customizations, user approvals and grant types. You shouldn't need to do anything by default, unless you need 55 * password grants, in which case you need to provide an {@link AuthenticationManager}. 56 * 57 * @param endpoints the endpoints configurer 58 */ 59 void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception; 60 61 }