1 /* 2 * Copyright 2013-2014 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with 5 * the License. You may obtain a copy of the License at 6 * 7 * https://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on 10 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the 11 * specific language governing permissions and limitations under the License. 12 */ 13 14 package org.springframework.security.oauth2.config.annotation.web.configuration; 15 16 import java.lang.annotation.Documented; 17 import java.lang.annotation.ElementType; 18 import java.lang.annotation.Retention; 19 import java.lang.annotation.RetentionPolicy; 20 import java.lang.annotation.Target; 21 22 import org.springframework.context.annotation.Import; 23 import org.springframework.core.annotation.Order; 24 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 25 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 26 27 /** 28 * Convenient annotation for OAuth2 Resource Servers, enabling a Spring Security filter that authenticates requests via 29 * an incoming OAuth2 token. Users should add this annotation and provide a <code>@Bean</code> of type 30 * {@link ResourceServerConfigurer} (e.g. via {@link ResourceServerConfigurerAdapter}) that specifies the details of the 31 * resource (URL paths and resource id). In order to use this filter you must {@link EnableWebSecurity 32 * @EnableWebSecurity} somewhere in your application, either in the same place as you use this annotation, or 33 * somewhere else. 34 * 35 * <p> 36 * The annotation creates a {@link WebSecurityConfigurerAdapter} with a hard-coded {@link Order} (of 3). It's not 37 * possible to change the order right now owing to technical limitations in Spring, so you must avoid using order=3 in 38 * other WebSecurityConfigurerAdapters in your application (Spring Security will let you know if you forget). 39 * 40 * @author Dave Syer 41 * 42 */ 43 @Target(ElementType.TYPE) 44 @Retention(RetentionPolicy.RUNTIME) 45 @Documented 46 @Import(ResourceServerConfiguration.class) 47 public @interface EnableResourceServer { 48 49 }