Commit c555613c authored by Matija Obreza's avatar Matija Obreza
Browse files

Supporting OAuth "password" grant type

parent 4a92b1b5
......@@ -27,9 +27,9 @@ import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.ImportResource;
@Configuration
@ImportResource({ "classpath:/spring/spring-security.xml" })
@Import({ SpringProperties.class, SpringCommonConfig.class, SpringAclConfig.class, SpringSchedulerConfig.class, SpringDataBaseConfig.class,
SpringMailConfig.class, SpringSecurityOauthConfig.class, SpringCacheConfig.class, ElasticsearchConfig.class, FileRepositoryConfig.class })
@ImportResource({ "classpath:/spring/spring-security.xml" })
public class ApplicationConfig {
public static final Log LOG = LogFactory.getLog(ApplicationConfig.class);
......
......@@ -51,6 +51,7 @@
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
<oauth:authorization-code authorization-code-services-ref="verificationCodeService" />
<oauth:refresh-token />
<oauth:password disabled="false" authentication-manager-ref="authenticationManager" />
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter" resource-id="crophub_oauth_server" token-services-ref="tokenServices" />
......@@ -65,6 +66,7 @@
<!-- include this only if you need to authenticate clients via request parameters -->
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:csrf disabled="true" />
</sec:http>
<!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment