-
Notifications
You must be signed in to change notification settings - Fork 7
Creating Custom OAuth2 Protected Controllers
Nikita Shchienko edited this page Apr 1, 2019
·
2 revisions
If you need to create a custom REST controller protected with the OAuth2 authentication then you have to do the following:
- Suppose you have the following REST controller:
package com.company.test.portal.myapi;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.company.test.services.SomeService;
@RestController
@RequestMapping("/myapi")
public class MyController {
@Inject
protected SomeService someService;
@GetMapping("/dosmth")
public String doSmth() {
return someService.getResult();
}
}- Create a new Spring configuration file with name
rest-dispatcher-spring.xmlunder the root package (com.company.test) of web or portal module. The content of the file must be as follows:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<!-- Define a base package for your controllers-->
<context:component-scan base-package="com.company.test.portal.myapi"/>
<security:http pattern="/rest/myapi/**"
create-session="stateless"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<!-- Specify one or more protected URL patterns-->
<intercept-url pattern="/rest/myapi/**" access="isAuthenticated()"/>
<anonymous enabled="false"/>
<csrf disabled="true"/>
<cors configuration-source-ref="cuba_RestCorsSource"/>
<custom-filter ref="resourceFilter" before="PRE_AUTH_FILTER"/>
<custom-filter ref="cuba_AnonymousAuthenticationFilter" after="PRE_AUTH_FILTER"/>
</security:http>
</beans>- Define an additive application property
cuba.restSpringContextConfigin the properties file of the module,.e.g.portal-app.properties:
cuba.restSpringContextConfig = +com/company/test/rest-dispatcher-spring.xml
- The new controller runs in the context of the
CubaRestApiServlet. So the URL for controller methods will start with the/rest, i.e. the doSmth() method will be accesed by the URL:http://localhost:8080/app-portal/rest/myapi/dosmth.
URL of the custom controller MUST NOT start with the /rest/v2.
- Home
- Predefined JPQL Queries Configuration
- Services Configuration
- Data Model Versioning
- CORS Settings
- Anonymous Access
- Other REST API Settings
- Creating Custom OAuth2 Protected Controllers
- Security Constraints for Collection Attributes
- Persistent Token Store
- Project-specific Swagger Documentation
- Application Properties
-
Using REST API
- Getting an OAuth Token
- REST API Authentication with LDAP
- Custom Authentication
- Getting an Entity Instances List
- New Entity Instance Creation
- Existing Entity Instance Update
- Executing a JPQL Query (GET)
- Executing a JPQL Query (POST)
- Service Method Invocation (GET)
- Service Method Invocation (POST)
- Files Downloading
- Files Uploading
- JavaScript Usage Example
- Getting Localized Messages
- Data Model Versioning Example
- Using Entities Search Filter