Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns="http://www.springframework.org/schema/security/oauth2" xmlns:xs="http://www.w3.org/2001/XMLSchema"
	xmlns:beans="http://www.springframework.org/schema/beans" targetNamespace="http://www.springframework.org/schema/security/oauth2"
	elementFormDefault="qualified" attributeFormDefault="unqualified">

	<xs:import namespace="http://www.springframework.org/schema/beans" schemaLocation="http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" />

	<xs:element name="rest-template">
		<xs:annotation>
			<xs:documentation>
				Creates an OAuth2RestTemplate with all the pieces needed to connect to a remote resource from
				a web
				application. Injects request and session-scoped beans into the template, so can only be
				used in the context of a web
				request.
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType">
					<xs:sequence>
						<xs:element ref="beans:description" minOccurs="0" />
						<xs:choice minOccurs="0" maxOccurs="unbounded">
							<xs:element ref="beans:property" />
						</xs:choice>
					</xs:sequence>
					<xs:attribute name="resource">
						<xs:annotation>
							<xs:documentation>
								The OAuth2ProtectedResourceDetails governing the configuration of this client. Mandatory.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="access-token-provider" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The reference to the bean that manages access token acquisition. Optional (defaults to a chain
								including common grant types from the spec).
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="authorization-server">
		<xs:annotation>
			<xs:documentation>
				Specifies that the oauth 2 authorization and token
				endpoints should be created in the application
				context. These are
				implemented as regular Spring @Controller beans, so as long as the
				default Spring MVC set up in
				present in the application
				the endpoints should work (at /oauth/authorization and /oauth/token by
				default).
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>

			<xs:sequence>
				<xs:element name="authorization-code" minOccurs="0" maxOccurs="1">
					<xs:annotation>
						<xs:documentation>
							The configuration of the authorization code
							mechanism. This
							mechanism enables a way for clients to
							obtain an
							access token by obtaining an authorization code.
						</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name="disabled" type="xs:boolean">
							<xs:annotation>
								<xs:documentation>
									Whether to disable the authorization code
									mechanism.
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name="authorization-code-services-ref" type="xs:string">
							<xs:annotation>
								<xs:documentation>
									The reference to the bean that defines the
									authorization code
									services. Default value is an
									instance of
									"org.springframework.security.oauth2.provider.authorization_code.InMemoryAuthorizationCodeServices".
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
				<xs:element name="implicit" minOccurs="0" maxOccurs="1">
					<xs:annotation>
						<xs:documentation>
							The configuration of the client credentials
							grant type.
						</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name="disabled" type="xs:boolean">
							<xs:annotation>
								<xs:documentation>
									Whether to disable the implicit grant type
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
				<xs:element name="refresh-token" minOccurs="0" maxOccurs="1">
					<xs:annotation>
						<xs:documentation>
							The configuration of the refresh token grant
							type.
						</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name="disabled" type="xs:boolean">
							<xs:annotation>
								<xs:documentation>
									Whether to disable the refresh token grant
									type
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
				<xs:element name="client-credentials" minOccurs="0" maxOccurs="1">
					<xs:annotation>
						<xs:documentation>
							The configuration of the client credentials
							grant type.
						</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name="disabled" type="xs:boolean">
							<xs:annotation>
								<xs:documentation>
									Whether to disable the refresh token grant
									type
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
				<xs:element name="password" minOccurs="0" maxOccurs="1">
					<xs:annotation>
						<xs:documentation>
							The configuration of the resource owner password
							grant type.
						</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name="disabled" type="xs:boolean">
							<xs:annotation>
								<xs:documentation>
									Whether to disable the refresh token grant
									type
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name="authentication-manager-ref" type="xs:string">
							<xs:annotation>
								<xs:documentation>
									A reference to an authentication manager that
									can be used to
									authenticate the resource owner
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
				<xs:element name="custom-grant" minOccurs="0" maxOccurs="unbounded">
					<xs:annotation>
						<xs:documentation>
							The configuration of your custom grant type.
						</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name="disabled" type="xs:boolean">
							<xs:annotation>
								<xs:documentation>
									Whether to disable this grant
									type
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name="token-granter-ref" type="xs:string" use="required">
							<xs:annotation>
								<xs:documentation>
									A reference to your token granter
								</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
			</xs:sequence>
			<xs:attribute name="client-details-service-ref" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The reference to the bean that defines the client
						details service.
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>
			<xs:attribute name="token-endpoint-url" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The URL at which a request for an access token
						will be serviced.
						Default value: "/oauth/token"
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>
			<xs:attribute name="authorization-endpoint-url" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The URL at which a user is redirected for
						authorization. Default
						value: "/oauth/authorize"
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<!--the following attributes are less used -->
			<xs:attribute name="token-granter-ref" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The reference to the bean that defines the
						granter of different oauth
						token types.
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="token-services-ref" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The reference to the bean that defines the token
						services. Default
						value is an instance of
						"org.springframework.security.oauth2.provider.token.DefaultTokenServices".
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="authorization-request-manager-ref" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The reference to the bean that defines the manager for
						authorization requests from the input
						parameters (e.g. request parameters).
						Default
						value is an
						instance of
						"org.springframework.security.oauth2.provider.token.DefaultAuthorizationRequestManager".
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="user-approval-handler-ref" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						Reference to a bean that handles user approval decisions. Using this strategy servers can
						selectively skip the approval process depending on decisions in the past or on the type of client.
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="user-approval-page" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The URL of the page that handles the user
						approval form (if needed, depending on the grant type).
						The default is "forward:/oauth/confirm_access" which is not handled
						by the authorization endpoint, so normally you
						will have to supply a handler
						for this path.
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="error-page" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The URL of the page that handles errors (default forward:/oauth/error).
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="approval-parameter-name" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The name of the form parameter that is used to
						indicate user
						approval of the client
						authentication
						request.
						Default value: "user_oauth_approval".
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

			<xs:attribute name="redirect-resolver-ref" type="xs:string">
				<xs:annotation>
					<xs:documentation>
						The reference to the bean that defines the
						redirect resolver, used
						during the user
						authorization.
						Default
						value is an instance of
						"org.springframework.security.oauth2.provider.authorization_code.DefaultRedirectResolver".
					</xs:documentation>
				</xs:annotation>
			</xs:attribute>

		</xs:complexType>
	</xs:element>

	<xs:element name="resource-server">
		<xs:annotation>
			<xs:documentation>
				Specifies that there are oauth 2 protected resources in
				the application context. This element
				has an
				id which is the bean id of the filter created. The filter
				should be added to the Spring Security filter chain at
				position before="PRE_AUTH_FILTER"
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType">

					<xs:attribute name="resource-id" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The resource id that is protected by this filter
								if any. If empty or
								absent then all resource ids
								are allowed,
								otherwise
								only tokens which are granted to a client that contains
								this reosurce
								id will be legal.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>

					<xs:attribute name="token-services-ref" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The reference to the bean that defines the token
								services. Default
								value is an instance of
								"org.springframework.security.oauth2.provider.token.DefaultTokenServices".
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>

					<xs:attribute name="entry-point-ref" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The reference to the bean that defines the entry point for failed authentications. Defaults to
								a vanilla
								org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>

					<xs:attribute name="auth-details-source-ref" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The reference to the bean that defines the AuthenticationDetailsSource.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="client-details-service">
		<xs:annotation>
			<xs:documentation>
				Default element that contains the definition of the
				OAuth clients that are
				allowed to access this
				service.
			</xs:documentation>
		</xs:annotation>

		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType">
					<xs:choice minOccurs="0" maxOccurs="unbounded">
						<xs:element name="client">
							<xs:annotation>
								<xs:documentation>
									Definition of a client that can act on behalf
									of a user.
								</xs:documentation>
							</xs:annotation>

							<xs:complexType>
								<xs:attribute name="client-id" type="xs:string" use="required">
									<xs:annotation>
										<xs:documentation>
											The client id.
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="secret" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											The client secret. If the secret is
											undefined or empty (the
											default) the client does
											not
											require a
											secret.
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="redirect-uri" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											The re-direct URI(s) established during
											registration (optional, comma separated).
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="resource-ids" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											The resource ids to which this client can be
											granted access
											(comma-separated). If missing or
											empty all
											resources are
											accessible (not recommended by the spec).
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="scope" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											The scopes to which the client is limited
											(comma-separated). If
											scope is undefined or empty
											(the
											default) the client
											is not limited by scope, but in that case
											the authorization
											service must explicitly
											accept unlimited
											access by not
											specifying any scopes itself.
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="authorized-grant-types" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											Grant types that are authorized for the
											client to use
											(comma-separated). Currently defined
											grant types
											include
											"authorization_code", "password", "assertion", and
											"refresh_token". Default value is
											"authorization_code,refresh_token".
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="authorities" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											Authorities that are granted to the client
											(comma-separated). Distinct
											from the authorities
											granted to
											the user on behalf
											of whom the client is acting.
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="access-token-validity" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											The access token validity period in seconds (optional). If unspecified a global default will
											be applied by the token services.
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
								<xs:attribute name="refresh-token-validity" type="xs:string">
									<xs:annotation>
										<xs:documentation>
											The refresh token validity period in seconds (optional). If unspecified a global default
											will
											be applied by the token services.
										</xs:documentation>
									</xs:annotation>
								</xs:attribute>
							</xs:complexType>
						</xs:element>
					</xs:choice>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="expression-handler">
		<xs:annotation>
			<xs:documentation>
				Element for declaring and configuring an expression
				handler for oauth
				security expressions. See
				http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType" />
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="web-expression-handler">
		<xs:annotation>
			<xs:documentation>
				Element for declaring and configuring an expression
				handler for oauth
				security expressions in http
				intercept urls. See
				http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType" />
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="client">
		<xs:annotation>
			<xs:documentation>
				Creates the oauth 2 client filter be be added to the
				application security policy.
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType">
					<xs:attribute name="redirect-strategy-ref" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The reference to the bean that defines the
								redirect strategy, used when redirecting the user for
								access authorization. Default value is an instance of
								"org.springframework.security.web.DefaultRedirectStrategy".
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="resource">
		<xs:annotation>
			<xs:documentation>
				Definition of a remote resource that is protected via
				OAuth2 to which this client application wants
				access.
			</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:complexContent>
				<xs:extension base="beans:identifiedType">
					<xs:attribute name="type" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The grant type. Currently defined grant types
								include
								"authorization_code", "password", and
								"assertion".
								Default value
								is "authorization_code".
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="client-id" type="xs:string" use="required">
						<xs:annotation>
							<xs:documentation>
								The client id. This is the id by which the
								resource server will
								identify this application.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="access-token-uri" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The uri to where the access token may be
								obtained.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="scope" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								Comma-separted list of string specifying the
								scope of the access to the
								resource. By default,
								no
								scope will be
								specified.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="client-secret" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The secret asssociated with the resource. By
								default, no secret
								will be supplied for access to
								the resource.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="client-authentication-scheme" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The scheme that is used to pass the client
								secret. Suggested
								values: "header" and "form".
								Default:
								"header".
								See section 2.1 of the OAuth 2 spec.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="user-authorization-uri" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The uri to which the user will be redirected if
								the user is ever
								needed to grant an authorization
								code.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="authentication-scheme" default="header" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								The method for bearing the token when accessing
								the resource.
								Default value is "header". See
								AuthenticationScheme enum for possible values.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="token-name" type="xs:string" default="access_token">
						<xs:annotation>
							<xs:documentation>
								The name of the bearer token. The default is
								"access_token", which
								is according to the spec,
								but
								some providers
								(e.g. Facebook) don't conform to the spec.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="pre-established-redirect-uri" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								Some resource servers may require a
								pre-established URI to which
								they will redirect users after
								users
								authorize an access token.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
					<xs:attribute name="use-current-uri" type="xs:string">
						<xs:annotation>
							<xs:documentation>
								Boolean flag indicating that the current URI should be used as a redirect (if available) rather
								than the
								registered redirect URI. Default is true.
							</xs:documentation>
						</xs:annotation>
					</xs:attribute>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

</xs:schema>
New to GrepCode? Check out our FAQ X