0
最近OAuth1からOAuth2に更新するためにこのタスクが与えられました。 これはSpring Securityで保護されたSpring MVCアプリケーションです。どちらのバージョンも3.1.1.RELEASEです。 OAuth2のバージョンは1.0.5.RELEASEです。Spring Security 3.1.1およびOAuth2でRest APIを使用する - org.hibernate.HibernateException:現在のスレッドでセッションが見つかりません
私は、1人のユーザーだけでデモプロジェクトを作成しましたが、すべてが期待どおりに動作しています。私はChromeのPostmanを使ってリクエストを作成しました。私は奇妙な何かが起こっている、この新しいsecurityContext.xmlにアプリをマージするとき
:
私は(ユーザー名とパスワードを使用して)最初の要求を行う、アプリはDBに接続し、見つけましたユーザに通知し、リフレッシュトークンを返す。
access_tokenを取得する2回目のリクエスト(今はリフレッシュトークンを送信します)。
org.hibernate.HibernateException: No Session found for current thread .
時に問題が発生します:(2回目)
this.getSessionFactory().getCurrentSession();
サードリクエスト
最初のリクエストで、アプリがDBでユーザーを検索すると、そのような例外は発生しません。 2番目の呼び出しだけが失敗します(3番目の要求)。私が新しいセッションthis.getSessionFactory().openSession()を開くと、すべてうまくいくはずです。しかし、私はしたくないハッキングをする必要があります。
UserDetailsServiceImplクラスには、次のようになります。
@Transactional
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService
{
@Transactional(readOnly = true)
@Override
public UserDetails loadUserByUsername(String userName) throws...
{ }
}
をSecurityContextがですでに宣言トランザクションマネージャがあります。
<tx:annotation-driven transaction-manager="txManager" />
各サービスインターフェイスには、@Transactionalという注釈が付けられています。 OAuth2に移行するまでは問題ありませんでした。
アイデア? 私は本当にそれを感謝します。 誰かが尋ねれば、私は他のXMLファイルを提供することができます。
securityContext.xmlファイル:
<!--
Requests examples :
1 - http://localhost:8080/SillyService/oauth/token?grant_type=password&client_id=my-trusted-client&username=admin&password=admin
2 - http://localhost:8080/SillyService/oauth/token?client_id=my-trusted-client&grant_type=refresh_token&refresh_token=
3.1 - example : http://localhost:8080/SillyService/employee/1?access_token=
3.2 - example : http://localhost:8080/SillyService/leagues?access_token=
-->
<!--
Requests examples :
1 - http://localhost:8080/vra-service/oauth/token?grant_type=password&client_id=my-trusted-client&username=admin&password=admin
2 - http://localhost:8080/vra-service/oauth/token?client_id=my-trusted-client&grant_type=refresh_token&refresh_token=
3.1 - example : http://localhost:8080/vra-service/employee/1?access_token=
3.2 - example : http://localhost:8080/vra-service/leagues?access_token=
-->
<!-- Definition of the Authentication Service -->
<http pattern="/oauth/token"
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<!-- ************************************************************************************************************************************************************************ -->
<!-- DEMO PURPOSE ONLY -->
<!-- ************************************************************************************************************************************************************************ -->
<http pattern="/employee/**"
create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
auto-config="true"
use-expressions="true"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<!--
***********************
* Protected resources *
***********************
-->
<intercept-url pattern="/employee/**" access="hasRole('ROLE_ADMINISTRATOR')" />
</http>
<!-- ************************************************************************************************************************************************************************ -->
<!-- ************************************************************************************************************************************************************************ -->
<http pattern="/**"
create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
auto-config="true"
use-expressions="true"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<!--
***********************
* Protected resources *
***********************
-->
<intercept-url pattern="/properties/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/health/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/listThreads/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/cfListProperties/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/quartzList/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/quartzListTriggers/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/listFailedRaces/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/listFailedMatches/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sportsfeedlistsubscribers/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/mcGetMatchCards/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sfEnableSubscriber/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sfDisableSubscriber/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sfUpdateSubscriber/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sfAddSubscriber/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sfListSubscriber/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/titles/**" method="GET" access="isAuthenticated()" />
<intercept-url pattern="/titles/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/titles/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/sportsfeedconfigs/**" method="GET" access="isAuthenticated()"/>
<intercept-url pattern="/sportsfeedconfigs/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/sportsfeedconfigs/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/schedules/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')" />
<intercept-url pattern="/schedules/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/schedules/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/races/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/raceconfigs/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/raceconfigs/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/raceconfigs/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/courses/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/competitors/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/competitors/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/competitors/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/competitors/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/teams/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/sportsfeedfailures/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/userentities/name/**" method="GET" access="permitAll" />
<intercept-url pattern="/userentities/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/userentities/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/userentities/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/userentities/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/userroles/**" method="GET" access="isAuthenticated()"/>
<intercept-url pattern="/alerts/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/alerts/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/alerts/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/alerts/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/meetingtimes/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/meetingtimes/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/meetingtimes/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/meetingtimes/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matches/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/matchcompetitors/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/matchcompetitors/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matchcompetitors/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matchcompetitors/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matchteams/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/matchteams/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matchteams/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matchteams/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/leagues/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/leagues/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/leagues/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/leagues/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/grounds/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/grounds/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/grounds/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/grounds/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/configpropcomponents/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/configpropcomponents/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/configpropcomponents/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/configpropcomponents/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/configprops/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/configprops/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/configprops/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/configprops/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/courses/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/courses/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/courses/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/courses/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/matchInterval/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/matchfeedfailures/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/groupschedules/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/groupschedules/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/groupschedules/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/groupschedules/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopdetails/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/shopdetails/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopdetails/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopdetails/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopgroup/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR', 'ROLE_READER')"/>
<intercept-url pattern="/shopgroup/**" method="PUT" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopgroup/**" method="POST" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopgroup/**" method="DELETE" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
<intercept-url pattern="/shopgroupconfig/**" method="GET" access="hasAnyRole('ROLE_SUPERVISOR', 'ROLE_ADMINISTRATOR')" />
</http>
<!--
If you aren't using form login, OpenID or basic authentication through the namespace, you may want to define an authentication
filter and entry point using a traditional bean syntax and link them into the namespace, as we've just seen. The corresponding
AuthenticationEntryPoint can be set using the entry-point-ref attribute on the <http> element.
-->
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="dstest" />
</bean>
<!--
By default, the BasicAuthenticationEntryPoint provisioned by Spring Security returns a full page for a 401 Unauthorized
response back to the client. This HTML representation of the error renders well in a browser, but it's not well suited
for other scenarios, such as a REST API where a json representation may be preferred. The namespace is flexible enough
for this new requirement as well – to address this – the entry point can be overridden:
-->
<bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="dstest/client" />
<property name="typeName" value="Basic" />
</bean>
<!--
If authorization fails and the caller has asked for a specific content type response, this entry point can send one, along
with a standard 403 status. Add to the Spring Security configuration as an {@link AccessDeniedHandler} in the usual way.
-->
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<!--
A filter and authentication endpoint for the OAuth2 Token Endpoint. Allows clients to authenticate using request parameters
if included as a security filter, as permitted by the specification (but not recommended). It is recommended by the
specification that you permit HTTP basic authentication for clients, and not use this filter at all.
-->
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<!--
Makes a final access control (authorization) decision.
-->
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter" />
</list>
</constructor-arg>
</bean>
<!-- ************************************************************************************************************************************************************************ -->
<!-- ************************************************************************************************************************************************************************ -->
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<!-- ************************************************************************************************************************************************************************ -->
<!-- ************************************************************************************************************************************************************************ -->
<!--
For hashing user passwords
-->
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="1" />
</bean>
<!--
For salting user passwords
-->
<bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource" p:userPropertyToUse="username" />
<!--
OAuth specific - loads user-specific data.
-->
<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<!--
Token Store - Implementation of token services that stores tokens in memory.
-->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
<!--
Base implementation for token services using random UUID values for the access token and refresh token values. The
main extension point for customizations is the {@link TokenEnhancer} which will be called after the access and refresh
tokens have been generated but before they are stored. Persistence is delegated to a {@code TokenStore} implementation
and customization of the access token to a {@link TokenEnhancer}.
-->
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="clientDetailsService" ref="clientDetails" />
<!-- VIV -->
<property name="accessTokenValiditySeconds" value="10" />
</bean>
<!--
A user approval handler that remembers approval decisions by consulting existing tokens.
-->
<bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
<property name="tokenServices" ref="tokenServices" />
</bean>
<!--
Token management
-->
<oauth:authorization-server client-details-service-ref="clientDetails"
token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
<!--
The resource server is the OAuth 2.0 term for your API server. The resource server handles authenticated requests after the
application has obtained an access token.
-->
<oauth:resource-server id="resourceServerFilter" resource-id="dstest" token-services-ref="tokenServices" />
<!--
OAuth Client Definition - A service that provides the details about an OAuth2 client.
-->
<oauth:client-details-service id="clientDetails">
<oauth:client client-id="my-trusted-client"
authorized-grant-types="password,authorization_code,refresh_token,implicit,redirect"
authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT"
redirect-uri="/web"
scope="read,write,trust"
access-token-validity="30"
refresh-token-validity="600" />
</oauth:client-details-service>
<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
<sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
</beans>
は、あなたがより多くの春の設定を持っていますか? 'txManager'はどのように定義されていますか? '@Transactional(transactionManager =" txManager ")'を使ってみることができます。 – qtips