2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2019 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.so.adapters.etsi.sol003.adapter.oauth.configuration;
23 import javax.servlet.http.HttpServletRequest;
24 import org.onap.so.adapters.etsi.sol003.adapter.common.CommonConstants;
25 import org.springframework.context.annotation.Configuration;
26 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
27 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
28 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
29 import org.springframework.security.web.util.matcher.RequestMatcher;
34 * Enforces oauth token based authentication when a token is provided in the request.
36 public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter {
39 public void configure(final HttpSecurity http) throws Exception {
40 http.requestMatcher(new OAuth2ResourceServerRequestMatcher()).authorizeRequests()
41 .antMatchers(CommonConstants.BASE_URL + "/grants/**", CommonConstants.BASE_URL + "/lcn/**")
45 private static class OAuth2ResourceServerRequestMatcher implements RequestMatcher {
47 public boolean matches(HttpServletRequest request) {
48 String auth = request.getHeader("Authorization");
49 String uri = request.getRequestURI();
50 return (auth != null && auth.startsWith("Bearer") && (uri.contains("/grants") || uri.contains("/lcn/")));