View Javadoc
1   /*
2    * Copyright 2013-2014 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    *
7    * https://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  
14  package org.springframework.security.oauth2.config.annotation.web.configuration;
15  
16  import org.springframework.core.annotation.Order;
17  import org.springframework.security.config.annotation.web.builders.HttpSecurity;
18  import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
19  import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
20  
21  /**
22   * Configurer interface for <code>@EnableResourceServer</code> classes. Implement this interface to adjust the access
23   * rules and paths that are protected by OAuth2 security. Applications may provide multiple instances of this interface,
24   * and in general (like with other Security configurers), if more than one configures the same property, then the last
25   * one wins. The configurers are sorted by {@link Order} before being applied.
26   * 
27   * @author Dave Syer
28   * 
29   */
30  public interface ResourceServerConfigurer {
31  
32  	/**
33  	 * Add resource-server specific properties (like a resource id). The defaults should work for many applications, but
34  	 * you might want to change at least the resource id.
35  	 * 
36  	 * @param resources configurer for the resource server
37  	 * @throws Exception if there is a problem
38  	 */
39  	void configure(ResourceServerSecurityConfigurer resources) throws Exception;
40  
41  	/**
42  	 * Use this to configure the access rules for secure resources. By default all resources <i>not</i> in "/oauth/**"
43  	 * are protected (but no specific rules about scopes are given, for instance). You also get an
44  	 * {@link OAuth2WebSecurityExpressionHandler} by default.
45  	 * 
46  	 * @param http the current http filter configuration
47  	 * @throws Exception if there is a problem
48  	 */
49  	void configure(HttpSecurity http) throws Exception;
50  
51  }