Add Resource Server XML Support

Fixes spring-projectsgh-5185

Author: jzheaux

config/src/main/java/org/springframework/security/config/Elements.java

@@ -70,6 +70,10 @@ public abstract class Elements {
 	public static final String CORS = "cors";
 	public static final String CSRF = "csrf";
 
+	public static final String OAUTH2_RESOURCE_SERVER = "oauth2-resource-server";
+	public static final String JWT = "jwt";
+	public static final String OPAQUE_TOKEN = "opaque-token";
+
 	public static final String WEBSOCKET_MESSAGE_BROKER = "websocket-message-broker";
 	public static final String INTERCEPT_MESSAGE = "intercept-message";
 

config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java

@@ -68,6 +68,7 @@
 
 import static org.springframework.security.config.http.SecurityFilters.ANONYMOUS_FILTER;
 import static org.springframework.security.config.http.SecurityFilters.BASIC_AUTH_FILTER;
+import static org.springframework.security.config.http.SecurityFilters.BEARER_TOKEN_AUTH_FILTER;
 import static org.springframework.security.config.http.SecurityFilters.EXCEPTION_TRANSLATION_FILTER;
 import static org.springframework.security.config.http.SecurityFilters.FORM_LOGIN_FILTER;
 import static org.springframework.security.config.http.SecurityFilters.LOGIN_PAGE_FILTER;
@@ -139,6 +140,8 @@ final class AuthenticationConfigBuilder {
 	private BeanMetadataElement mainEntryPoint;
 	private BeanMetadataElement accessDeniedHandler;
 
+	private BeanDefinition bearerTokenAuthenticationFilter;
+
 	private BeanDefinition logoutFilter;
 	@SuppressWarnings("rawtypes")
 	private ManagedList logoutHandlers;
@@ -191,6 +194,7 @@ final class AuthenticationConfigBuilder {
 		createAnonymousFilter();
 		createRememberMeFilter(authenticationManager);
 		createBasicFilter(authenticationManager);
+		createBearerTokenAuthenticationFilter(authenticationManager);
 		createFormLoginFilter(sessionStrategy, authenticationManager);
 		createOAuth2LoginFilter(sessionStrategy, authenticationManager);
 		createOAuth2ClientFilter(requestCache, authenticationManager);
@@ -504,6 +508,21 @@ void createBasicFilter(BeanReference authManager) {
 		basicFilter = filterBuilder.getBeanDefinition();
 	}
 
+	void createBearerTokenAuthenticationFilter(BeanReference authManager) {
+		Element resourceServerElt = DomUtils.getChildElementByTagName(httpElt,
+				Elements.OAUTH2_RESOURCE_SERVER);
+
+		if (resourceServerElt == null) {
+			// No resource server, do nothing
+			return;
+		}
+
+		OAuth2ResourceServerBeanDefinitionParser resourceServerBuilder =
+				new OAuth2ResourceServerBeanDefinitionParser(authManager, authenticationProviders,
+						defaultEntryPointMappings, defaultDeniedHandlerMappings, csrfIgnoreRequestMatchers);
+		bearerTokenAuthenticationFilter = resourceServerBuilder.parse(resourceServerElt, pc);
+	}
+
 	void createX509Filter(BeanReference authManager) {
 		Element x509Elt = DomUtils.getChildElementByTagName(httpElt, Elements.X509);
 		RootBeanDefinition filter = null;
@@ -969,8 +988,12 @@ List<OrderDecorator> getFilters() {
 			filters.add(new OrderDecorator(basicFilter, BASIC_AUTH_FILTER));
 		}
 
+		if (bearerTokenAuthenticationFilter != null) {
+			filters.add(new OrderDecorator(bearerTokenAuthenticationFilter, BEARER_TOKEN_AUTH_FILTER));
+		}
+
 		if (authorizationCodeGrantFilter != null) {
-			filters.add(new OrderDecorator(authorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder()+1));
+			filters.add(new OrderDecorator(authorizationRequestRedirectFilter, OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
 			filters.add(new OrderDecorator(authorizationCodeGrantFilter, OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
 		}