我为Spring Boot(1.3.0)上托管的AngularJS应用程序提供了以下Web安全配置类:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/index.html", "/", "/js/**", "/css/**", "/img/**", "/bower_components/**", "/templates/login/**",
"/fonts/**", "/user")
.permitAll().anyRequest().authenticated().and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().csrfTokenRepository(csrfTokenRepository()).and().logout().logoutSuccessUrl("/");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("myuser").password("password").roles("USER");
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
如何使用仅具有“refresh_token”和“password”授权类型的Oauth2服务器来替换configureGlobal方法进行身份验证?