صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
dromara
/
MaxKey
mirrorاز https://gitee.com/dromara/MaxKey.git
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 84eb786d27
شاخه‌ها تگ‌ها
MaxKey
/
maxkey-protocols
/
maxkey-protocol-oauth-2.0
/
bin
/
org
/
springframework
/
security
/
oauth2
/
spring-security-oauth2-1.0.xsd

spring-security-oauth2-1.0.xsd 23 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728 
  1. <?xml version="1.0" encoding="UTF-8"?>
    2. 

  2. <xs:schema xmlns="http://www.springframework.org/schema/security/oauth2" xmlns:xs="http://www.w3.org/2001/XMLSchema"
    3. 

  3. 	xmlns:beans="http://www.springframework.org/schema/beans" targetNamespace="http://www.springframework.org/schema/security/oauth2"
    4. 

  4. 	elementFormDefault="qualified" attributeFormDefault="unqualified">
    5. 

  5. 

  6. 	<xs:import namespace="http://www.springframework.org/schema/beans" schemaLocation="http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" />
    7. 

  7. 

  8. 	<xs:element name="rest-template">
    9. 

  9. 		<xs:annotation>
    10. 

  10. 			<xs:documentation>
    11. 

  11. 				Creates an OAuth2RestTemplate with all the pieces needed to connect to a remote resource from
    12. 

  12. 				a web
    13. 

  13. 				application. Injects request and session-scoped beans into the template, so can only be
    14. 

  14. 				used in the context of a web
    15. 

  15. 				request.
    16. 

  16. 			</xs:documentation>
    17. 

  17. 		</xs:annotation>
    18. 

  18. 		<xs:complexType>
    19. 

  19. 			<xs:complexContent>
    20. 

  20. 				<xs:extension base="beans:identifiedType">
    21. 

  21. 					<xs:sequence>
    22. 

  22. 						<xs:element ref="beans:description" minOccurs="0" />
    23. 

  23. 						<xs:choice minOccurs="0" maxOccurs="unbounded">
    24. 

  24. 							<xs:element ref="beans:property" />
    25. 

  25. 						</xs:choice>
    26. 

  26. 					</xs:sequence>
    27. 

  27. 					<xs:attribute name="resource">
    28. 

  28. 						<xs:annotation>
    29. 

  29. 							<xs:documentation>
    30. 

  30. 								The OAuth2ProtectedResourceDetails governing the configuration of this client. Mandatory.
    31. 

  31. 							</xs:documentation>
    32. 

  32. 						</xs:annotation>
    33. 

  33. 					</xs:attribute>
    34. 

  34. 					<xs:attribute name="access-token-provider" type="xs:string">
    35. 

  35. 						<xs:annotation>
    36. 

  36. 							<xs:documentation>
    37. 

  37. 								The reference to the bean that manages access token acquisition. Optional (defaults to a chain
    38. 

  38. 								including common grant types from the spec).
    39. 

  39. 							</xs:documentation>
    40. 

  40. 						</xs:annotation>
    41. 

  41. 					</xs:attribute>
    42. 

  42. 				</xs:extension>
    43. 

  43. 			</xs:complexContent>
    44. 

  44. 		</xs:complexType>
    45. 

  45. 	</xs:element>
    46. 

  46. 

  47. 	<xs:element name="authorization-server">
    48. 

  48. 		<xs:annotation>
    49. 

  49. 			<xs:documentation>
    50. 

  50. 				Specifies that the oauth 2 authorization and token
    51. 

  51. 				endpoints should be created in the application
    52. 

  52. 				context. These are
    53. 

  53. 				implemented as regular Spring @Controller beans, so as long as the
    54. 

  54. 				default Spring MVC set up in
    55. 

  55. 				present in the application
    56. 

  56. 				the endpoints should work (at /oauth/authorization and /oauth/token by
    57. 

  57. 				default).
    58. 

  58. 			</xs:documentation>
    59. 

  59. 		</xs:annotation>
    60. 

  60. 		<xs:complexType>
    61. 

  61. 

  62. 			<xs:sequence>
    63. 

  63. 				<xs:element name="authorization-code" minOccurs="0" maxOccurs="1">
    64. 

  64. 					<xs:annotation>
    65. 

  65. 						<xs:documentation>
    66. 

  66. 							The configuration of the authorization code
    67. 

  67. 							mechanism. This
    68. 

  68. 							mechanism enables a way for clients to
    69. 

  69. 							obtain an
    70. 

  70. 							access token by obtaining an authorization code.
    71. 

  71. 						</xs:documentation>
    72. 

  72. 					</xs:annotation>
    73. 

  73. 					<xs:complexType>
    74. 

  74. 						<xs:attribute name="disabled" type="xs:boolean">
    75. 

  75. 							<xs:annotation>
    76. 

  76. 								<xs:documentation>
    77. 

  77. 									Whether to disable the authorization code
    78. 

  78. 									mechanism.
    79. 

  79. 								</xs:documentation>
    80. 

  80. 							</xs:annotation>
    81. 

  81. 						</xs:attribute>
    82. 

  82. 						<xs:attribute name="authorization-code-services-ref" type="xs:string">
    83. 

  83. 							<xs:annotation>
    84. 

  84. 								<xs:documentation>
    85. 

  85. 									The reference to the bean that defines the
    86. 

  86. 									authorization code
    87. 

  87. 									services. Default value is an
    88. 

  88. 									instance of
    89. 

  89. 									"org.springframework.security.oauth2.provider.authorization_code.InMemoryAuthorizationCodeServices".
    90. 

  90. 								</xs:documentation>
    91. 

  91. 							</xs:annotation>
    92. 

  92. 						</xs:attribute>
    93. 

  93. 					</xs:complexType>
    94. 

  94. 				</xs:element>
    95. 

  95. 				<xs:element name="implicit" minOccurs="0" maxOccurs="1">
    96. 

  96. 					<xs:annotation>
    97. 

  97. 						<xs:documentation>
    98. 

  98. 							The configuration of the client credentials
    99. 

  99. 							grant type.
    100. 

  100. 						</xs:documentation>
    101. 

  101. 					</xs:annotation>
    102. 

  102. 					<xs:complexType>
    103. 

  103. 						<xs:attribute name="disabled" type="xs:boolean">
    104. 

  104. 							<xs:annotation>
    105. 

  105. 								<xs:documentation>
    106. 

  106. 									Whether to disable the implicit grant type
    107. 

  107. 								</xs:documentation>
    108. 

  108. 							</xs:annotation>
    109. 

  109. 						</xs:attribute>
    110. 

  110. 					</xs:complexType>
    111. 

  111. 				</xs:element>
    112. 

  112. 				<xs:element name="refresh-token" minOccurs="0" maxOccurs="1">
    113. 

  113. 					<xs:annotation>
    114. 

  114. 						<xs:documentation>
    115. 

  115. 							The configuration of the refresh token grant
    116. 

  116. 							type.
    117. 

  117. 						</xs:documentation>
    118. 

  118. 					</xs:annotation>
    119. 

  119. 					<xs:complexType>
    120. 

  120. 						<xs:attribute name="disabled" type="xs:boolean">
    121. 

  121. 							<xs:annotation>
    122. 

  122. 								<xs:documentation>
    123. 

  123. 									Whether to disable the refresh token grant
    124. 

  124. 									type
    125. 

  125. 								</xs:documentation>
    126. 

  126. 							</xs:annotation>
    127. 

  127. 						</xs:attribute>
    128. 

  128. 					</xs:complexType>
    129. 

  129. 				</xs:element>
    130. 

  130. 				<xs:element name="client-credentials" minOccurs="0" maxOccurs="1">
    131. 

  131. 					<xs:annotation>
    132. 

  132. 						<xs:documentation>
    133. 

  133. 							The configuration of the client credentials
    134. 

  134. 							grant type.
    135. 

  135. 						</xs:documentation>
    136. 

  136. 					</xs:annotation>
    137. 

  137. 					<xs:complexType>
    138. 

  138. 						<xs:attribute name="disabled" type="xs:boolean">
    139. 

  139. 							<xs:annotation>
    140. 

  140. 								<xs:documentation>
    141. 

  141. 									Whether to disable the refresh token grant
    142. 

  142. 									type
    143. 

  143. 								</xs:documentation>
    144. 

  144. 							</xs:annotation>
    145. 

  145. 						</xs:attribute>
    146. 

  146. 					</xs:complexType>
    147. 

  147. 				</xs:element>
    148. 

  148. 				<xs:element name="password" minOccurs="0" maxOccurs="1">
    149. 

  149. 					<xs:annotation>
    150. 

  150. 						<xs:documentation>
    151. 

  151. 							The configuration of the resource owner password
    152. 

  152. 							grant type.
    153. 

  153. 						</xs:documentation>
    154. 

  154. 					</xs:annotation>
    155. 

  155. 					<xs:complexType>
    156. 

  156. 						<xs:attribute name="disabled" type="xs:boolean">
    157. 

  157. 							<xs:annotation>
    158. 

  158. 								<xs:documentation>
    159. 

  159. 									Whether to disable the refresh token grant
    160. 

  160. 									type
    161. 

  161. 								</xs:documentation>
    162. 

  162. 							</xs:annotation>
    163. 

  163. 						</xs:attribute>
    164. 

  164. 						<xs:attribute name="authentication-manager-ref" type="xs:string">
    165. 

  165. 							<xs:annotation>
    166. 

  166. 								<xs:documentation>
    167. 

  167. 									A reference to an authentication manager that
    168. 

  168. 									can be used to
    169. 

  169. 									authenticate the resource owner
    170. 

  170. 								</xs:documentation>
    171. 

  171. 							</xs:annotation>
    172. 

  172. 						</xs:attribute>
    173. 

  173. 					</xs:complexType>
    174. 

  174. 				</xs:element>
    175. 

  175. 				<xs:element name="custom-grant" minOccurs="0" maxOccurs="unbounded">
    176. 

  176. 					<xs:annotation>
    177. 

  177. 						<xs:documentation>
    178. 

  178. 							The configuration of your custom grant type.
    179. 

  179. 						</xs:documentation>
    180. 

  180. 					</xs:annotation>
    181. 

  181. 					<xs:complexType>
    182. 

  182. 						<xs:attribute name="disabled" type="xs:boolean">
    183. 

  183. 							<xs:annotation>
    184. 

  184. 								<xs:documentation>
    185. 

  185. 									Whether to disable this grant
    186. 

  186. 									type
    187. 

  187. 								</xs:documentation>
    188. 

  188. 							</xs:annotation>
    189. 

  189. 						</xs:attribute>
    190. 

  190. 						<xs:attribute name="token-granter-ref" type="xs:string" use="required">
    191. 

  191. 							<xs:annotation>
    192. 

  192. 								<xs:documentation>
    193. 

  193. 									A reference to your token granter
    194. 

  194. 								</xs:documentation>
    195. 

  195. 							</xs:annotation>
    196. 

  196. 						</xs:attribute>
    197. 

  197. 					</xs:complexType>
    198. 

  198. 				</xs:element>
    199. 

  199. 			</xs:sequence>
    200. 

  200. 			<xs:attribute name="client-details-service-ref" type="xs:string">
    201. 

  201. 				<xs:annotation>
    202. 

  202. 					<xs:documentation>
    203. 

  203. 						The reference to the bean that defines the client
    204. 

  204. 						details service.
    205. 

  205. 					</xs:documentation>
    206. 

  206. 				</xs:annotation>
    207. 

  207. 			</xs:attribute>
    208. 

  208. 			<xs:attribute name="token-endpoint-url" type="xs:string">
    209. 

  209. 				<xs:annotation>
    210. 

  210. 					<xs:documentation>
    211. 

  211. 						The URL at which a request for an access token
    212. 

  212. 						will be serviced.
    213. 

  213. 						Default value: "/oauth/token"
    214. 

  214. 					</xs:documentation>
    215. 

  215. 				</xs:annotation>
    216. 

  216. 			</xs:attribute>
    217. 

  217. 			<xs:attribute name="authorization-endpoint-url" type="xs:string">
    218. 

  218. 				<xs:annotation>
    219. 

  219. 					<xs:documentation>
    220. 

  220. 						The URL at which a user is redirected for
    221. 

  221. 						authorization. Default
    222. 

  222. 						value: "/oauth/authorize"
    223. 

  223. 					</xs:documentation>
    224. 

  224. 				</xs:annotation>
    225. 

  225. 			</xs:attribute>
    226. 

  226. 

  227. 			<!--the following attributes are less used -->
    228. 

  228. 			<xs:attribute name="token-granter-ref" type="xs:string">
    229. 

  229. 				<xs:annotation>
    230. 

  230. 					<xs:documentation>
    231. 

  231. 						The reference to the bean that defines the
    232. 

  232. 						granter of different oauth
    233. 

  233. 						token types.
    234. 

  234. 					</xs:documentation>
    235. 

  235. 				</xs:annotation>
    236. 

  236. 			</xs:attribute>
    237. 

  237. 

  238. 			<xs:attribute name="implicit-grant-service-ref" type="xs:string">
    239. 

  239. 				<xs:annotation>
    240. 

  240. 					<xs:documentation>
    241. 

  241. 						The reference to the bean that defines the
    242. 

  242. 						implicit grant service.
    243. 

  243. 					</xs:documentation>
    244. 

  244. 				</xs:annotation>
    245. 

  245. 			</xs:attribute>
    246. 

  246. 			
    247. 

  247. 			<xs:attribute name="token-services-ref" type="xs:string">
    248. 

  248. 				<xs:annotation>
    249. 

  249. 					<xs:documentation>
    250. 

  250. 						The reference to the bean that defines the token
    251. 

  251. 						services. Default
    252. 

  252. 						value is an instance of
    253. 

  253. 						"org.springframework.security.oauth2.provider.token.DefaultTokenServices".
    254. 

  254. 					</xs:documentation>
    255. 

  255. 				</xs:annotation>
    256. 

  256. 			</xs:attribute>
    257. 

  257. 

  258. 			<xs:attribute name="authorization-request-manager-ref" type="xs:string">
    259. 

  259. 				<xs:annotation>
    260. 

  260. 					<xs:documentation>
    261. 

  261. 						The reference to the bean that defines the manager for
    262. 

  262. 						authorization requests from the input
    263. 

  263. 						parameters (e.g. request parameters).
    264. 

  264. 						Default
    265. 

  265. 						value is an
    266. 

  266. 						instance of
    267. 

  267. 						"org.springframework.security.oauth2.provider.token.DefaultAuthorizationRequestManager".
    268. 

  268. 					</xs:documentation>
    269. 

  269. 				</xs:annotation>
    270. 

  270. 			</xs:attribute>
    271. 

  271. 

  272. 			<xs:attribute name="user-approval-handler-ref" type="xs:string">
    273. 

  273. 				<xs:annotation>
    274. 

  274. 					<xs:documentation>
    275. 

  275. 						Reference to a bean that handles user approval decisions. Using this strategy servers can
    276. 

  276. 						selectively skip the approval process depending on decisions in the past or on the type of client.
    277. 

  277. 					</xs:documentation>
    278. 

  278. 				</xs:annotation>
    279. 

  279. 			</xs:attribute>
    280. 

  280. 

  281. 			<xs:attribute name="user-approval-page" type="xs:string">
    282. 

  282. 				<xs:annotation>
    283. 

  283. 					<xs:documentation>
    284. 

  284. 						The URL of the page that handles the user
    285. 

  285. 						approval form (if needed, depending on the grant type).
    286. 

  286. 						The default is "forward:/oauth/confirm_access" which is not handled
    287. 

  287. 						by the authorization endpoint, so normally you
    288. 

  288. 						will have to supply a handler
    289. 

  289. 						for this path.
    290. 

  290. 					</xs:documentation>
    291. 

  291. 				</xs:annotation>
    292. 

  292. 			</xs:attribute>
    293. 

  293. 

  294. 			<xs:attribute name="error-page" type="xs:string">
    295. 

  295. 				<xs:annotation>
    296. 

  296. 					<xs:documentation>
    297. 

  297. 						The URL of the page that handles errors (default forward:/oauth/error).
    298. 

  298. 					</xs:documentation>
    299. 

  299. 				</xs:annotation>
    300. 

  300. 			</xs:attribute>
    301. 

  301. 

  302. 			<xs:attribute name="approval-parameter-name" type="xs:string">
    303. 

  303. 				<xs:annotation>
    304. 

  304. 					<xs:documentation>
    305. 

  305. 						The name of the form parameter that is used to
    306. 

  306. 						indicate user
    307. 

  307. 						approval of the client
    308. 

  308. 						authentication
    309. 

  309. 						request.
    310. 

  310. 						Default value: "user_oauth_approval".
    311. 

  311. 					</xs:documentation>
    312. 

  312. 				</xs:annotation>
    313. 

  313. 			</xs:attribute>
    314. 

  314. 

  315. 			<xs:attribute name="redirect-resolver-ref" type="xs:string">
    316. 

  316. 				<xs:annotation>
    317. 

  317. 					<xs:documentation>
    318. 

  318. 						The reference to the bean that defines the
    319. 

  319. 						redirect resolver, used
    320. 

  320. 						during the user
    321. 

  321. 						authorization.
    322. 

  322. 						Default
    323. 

  323. 						value is an instance of
    324. 

  324. 						"org.springframework.security.oauth2.provider.authorization_code.DefaultRedirectResolver".
    325. 

  325. 					</xs:documentation>
    326. 

  326. 				</xs:annotation>
    327. 

  327. 			</xs:attribute>
    328. 

  328. 

  329. 		</xs:complexType>
    330. 

  330. 	</xs:element>
    331. 

  331. 

  332. 	<xs:element name="resource-server">
    333. 

  333. 		<xs:annotation>
    334. 

  334. 			<xs:documentation>
    335. 

  335. 				Specifies that there are oauth 2 protected resources in
    336. 

  336. 				the application context. This element
    337. 

  337. 				has an
    338. 

  338. 				id which is the bean id of the filter created. The filter
    339. 

  339. 				should be added to the Spring Security filter chain at
    340. 

  340. 				position before="PRE_AUTH_FILTER"
    341. 

  341. 			</xs:documentation>
    342. 

  342. 		</xs:annotation>
    343. 

  343. 		<xs:complexType>
    344. 

  344. 			<xs:complexContent>
    345. 

  345. 				<xs:extension base="beans:identifiedType">
    346. 

  346. 

  347. 					<xs:attribute name="resource-id" type="xs:string">
    348. 

  348. 						<xs:annotation>
    349. 

  349. 							<xs:documentation>
    350. 

  350. 								The resource id that is protected by this filter
    351. 

  351. 								if any. If empty or
    352. 

  352. 								absent then all resource ids
    353. 

  353. 								are allowed,
    354. 

  354. 								otherwise
    355. 

  355. 								only tokens which are granted to a client that contains
    356. 

  356. 								this reosurce
    357. 

  357. 								id will be legal.
    358. 

  358. 							</xs:documentation>
    359. 

  359. 						</xs:annotation>
    360. 

  360. 					</xs:attribute>
    361. 

  361. 

  362. 					<xs:attribute name="token-services-ref" type="xs:string">
    363. 

  363. 						<xs:annotation>
    364. 

  364. 							<xs:documentation>
    365. 

  365. 								The reference to the bean that defines the token
    366. 

  366. 								services. Default
    367. 

  367. 								value is an instance of
    368. 

  368. 								"org.springframework.security.oauth2.provider.token.DefaultTokenServices".
    369. 

  369. 							</xs:documentation>
    370. 

  370. 						</xs:annotation>
    371. 

  371. 					</xs:attribute>
    372. 

  372. 

  373. 					<xs:attribute name="entry-point-ref" type="xs:string">
    374. 

  374. 						<xs:annotation>
    375. 

  375. 							<xs:documentation>
    376. 

  376. 								The reference to the bean that defines the entry point for failed authentications. Defaults to
    377. 

  377. 								a vanilla
    378. 

  378. 								org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint.
    379. 

  379. 							</xs:documentation>
    380. 

  380. 						</xs:annotation>
    381. 

  381. 					</xs:attribute>
    382. 

  382. 

  383. 					<xs:attribute name="auth-details-source-ref" type="xs:string">
    384. 

  384. 						<xs:annotation>
    385. 

  385. 							<xs:documentation>
    386. 

  386. 								The reference to the bean that defines the AuthenticationDetailsSource.
    387. 

  387. 							</xs:documentation>
    388. 

  388. 						</xs:annotation>
    389. 

  389. 					</xs:attribute>
    390. 

  390. 				</xs:extension>
    391. 

  391. 			</xs:complexContent>
    392. 

  392. 		</xs:complexType>
    393. 

  393. 	</xs:element>
    394. 

  394. 

  395. 	<xs:element name="client-details-service">
    396. 

  396. 		<xs:annotation>
    397. 

  397. 			<xs:documentation>
    398. 

  398. 				Default element that contains the definition of the
    399. 

  399. 				OAuth clients that are
    400. 

  400. 				allowed to access this
    401. 

  401. 				service.
    402. 

  402. 			</xs:documentation>
    403. 

  403. 		</xs:annotation>
    404. 

  404. 

  405. 		<xs:complexType>
    406. 

  406. 			<xs:complexContent>
    407. 

  407. 				<xs:extension base="beans:identifiedType">
    408. 

  408. 					<xs:choice minOccurs="0" maxOccurs="unbounded">
    409. 

  409. 						<xs:element name="client">
    410. 

  410. 							<xs:annotation>
    411. 

  411. 								<xs:documentation>
    412. 

  412. 									Definition of a client that can act on behalf
    413. 

  413. 									of a user.
    414. 

  414. 								</xs:documentation>
    415. 

  415. 							</xs:annotation>
    416. 

  416. 

  417. 							<xs:complexType>
    418. 

  418. 								<xs:attribute name="client-id" type="xs:string" use="required">
    419. 

  419. 									<xs:annotation>
    420. 

  420. 										<xs:documentation>
    421. 

  421. 											The client id.
    422. 

  422. 										</xs:documentation>
    423. 

  423. 									</xs:annotation>
    424. 

  424. 								</xs:attribute>
    425. 

  425. 								<xs:attribute name="secret" type="xs:string">
    426. 

  426. 									<xs:annotation>
    427. 

  427. 										<xs:documentation>
    428. 

  428. 											The client secret. If the secret is
    429. 

  429. 											undefined or empty (the
    430. 

  430. 											default) the client does
    431. 

  431. 											not
    432. 

  432. 											require a
    433. 

  433. 											secret.
    434. 

  434. 										</xs:documentation>
    435. 

  435. 									</xs:annotation>
    436. 

  436. 								</xs:attribute>
    437. 

  437. 								<xs:attribute name="redirect-uri" type="xs:string">
    438. 

  438. 									<xs:annotation>
    439. 

  439. 										<xs:documentation>
    440. 

  440. 											The re-direct URI(s) established during
    441. 

  441. 											registration (optional, comma separated).
    442. 

  442. 										</xs:documentation>
    443. 

  443. 									</xs:annotation>
    444. 

  444. 								</xs:attribute>
    445. 

  445. 								<xs:attribute name="resource-ids" type="xs:string">
    446. 

  446. 									<xs:annotation>
    447. 

  447. 										<xs:documentation>
    448. 

  448. 											The resource ids to which this client can be
    449. 

  449. 											granted access
    450. 

  450. 											(comma-separated). If missing or
    451. 

  451. 											empty all
    452. 

  452. 											resources are
    453. 

  453. 											accessible (not recommended by the spec).
    454. 

  454. 										</xs:documentation>
    455. 

  455. 									</xs:annotation>
    456. 

  456. 								</xs:attribute>
    457. 

  457. 								<xs:attribute name="scope" type="xs:string">
    458. 

  458. 									<xs:annotation>
    459. 

  459. 										<xs:documentation>
    460. 

  460. 											The scopes to which the client is limited
    461. 

  461. 											(comma-separated). If
    462. 

  462. 											scope is undefined or empty
    463. 

  463. 											(the
    464. 

  464. 											default) the client
    465. 

  465. 											is not limited by scope, but in that case
    466. 

  466. 											the authorization
    467. 

  467. 											service must explicitly
    468. 

  468. 											accept unlimited
    469. 

  469. 											access by not
    470. 

  470. 											specifying any scopes itself.
    471. 

  471. 										</xs:documentation>
    472. 

  472. 									</xs:annotation>
    473. 

  473. 								</xs:attribute>
    474. 

  474. 								<xs:attribute name="authorized-grant-types" type="xs:string">
    475. 

  475. 									<xs:annotation>
    476. 

  476. 										<xs:documentation>
    477. 

  477. 											Grant types that are authorized for the
    478. 

  478. 											client to use
    479. 

  479. 											(comma-separated). Currently defined
    480. 

  480. 											grant types
    481. 

  481. 											include
    482. 

  482. 											"authorization_code", "password", "assertion", and
    483. 

  483. 											"refresh_token". Default value is
    484. 

  484. 											"authorization_code,refresh_token".
    485. 

  485. 										</xs:documentation>
    486. 

  486. 									</xs:annotation>
    487. 

  487. 								</xs:attribute>
    488. 

  488. 								<xs:attribute name="authorities" type="xs:string">
    489. 

  489. 									<xs:annotation>
    490. 

  490. 										<xs:documentation>
    491. 

  491. 											Authorities that are granted to the client
    492. 

  492. 											(comma-separated). Distinct
    493. 

  493. 											from the authorities
    494. 

  494. 											granted to
    495. 

  495. 											the user on behalf
    496. 

  496. 											of whom the client is acting.
    497. 

  497. 										</xs:documentation>
    498. 

  498. 									</xs:annotation>
    499. 

  499. 								</xs:attribute>
    500. 

  500. 								<xs:attribute name="access-token-validity" type="xs:string">
    501. 

  501. 									<xs:annotation>
    502. 

  502. 										<xs:documentation>
    503. 

  503. 											The access token validity period in seconds (optional). If unspecified a global default will
    504. 

  504. 											be applied by the token services.
    505. 

  505. 										</xs:documentation>
    506. 

  506. 									</xs:annotation>
    507. 

  507. 								</xs:attribute>
    508. 

  508. 								<xs:attribute name="refresh-token-validity" type="xs:string">
    509. 

  509. 									<xs:annotation>
    510. 

  510. 										<xs:documentation>
    511. 

  511. 											The refresh token validity period in seconds (optional). If unspecified a global default
    512. 

  512. 											will
    513. 

  513. 											be applied by the token services.
    514. 

  514. 										</xs:documentation>
    515. 

  515. 									</xs:annotation>
    516. 

  516. 								</xs:attribute>
    517. 

  517. 							</xs:complexType>
    518. 

  518. 						</xs:element>
    519. 

  519. 					</xs:choice>
    520. 

  520. 				</xs:extension>
    521. 

  521. 			</xs:complexContent>
    522. 

  522. 		</xs:complexType>
    523. 

  523. 	</xs:element>
    524. 

  524. 

  525. 	<xs:element name="expression-handler">
    526. 

  526. 		<xs:annotation>
    527. 

  527. 			<xs:documentation>
    528. 

  528. 				Element for declaring and configuring an expression
    529. 

  529. 				handler for oauth
    530. 

  530. 				security expressions. See
    531. 

  531. 				http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
    532. 

  532. 			</xs:documentation>
    533. 

  533. 		</xs:annotation>
    534. 

  534. 		<xs:complexType>
    535. 

  535. 			<xs:complexContent>
    536. 

  536. 				<xs:extension base="beans:identifiedType" />
    537. 

  537. 			</xs:complexContent>
    538. 

  538. 		</xs:complexType>
    539. 

  539. 	</xs:element>
    540. 

  540. 

  541. 	<xs:element name="web-expression-handler">
    542. 

  542. 		<xs:annotation>
    543. 

  543. 			<xs:documentation>
    544. 

  544. 				Element for declaring and configuring an expression
    545. 

  545. 				handler for oauth
    546. 

  546. 				security expressions in http
    547. 

  547. 				intercept urls. See
    548. 

  548. 				http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
    549. 

  549. 			</xs:documentation>
    550. 

  550. 		</xs:annotation>
    551. 

  551. 		<xs:complexType>
    552. 

  552. 			<xs:complexContent>
    553. 

  553. 				<xs:extension base="beans:identifiedType" />
    554. 

  554. 			</xs:complexContent>
    555. 

  555. 		</xs:complexType>
    556. 

  556. 	</xs:element>
    557. 

  557. 

  558. 	<xs:element name="client">
    559. 

  559. 		<xs:annotation>
    560. 

  560. 			<xs:documentation>
    561. 

  561. 				Creates the oauth 2 client filter be be added to the
    562. 

  562. 				application security policy.
    563. 

  563. 			</xs:documentation>
    564. 

  564. 		</xs:annotation>
    565. 

  565. 		<xs:complexType>
    566. 

  566. 			<xs:complexContent>
    567. 

  567. 				<xs:extension base="beans:identifiedType">
    568. 

  568. 					<xs:attribute name="redirect-strategy-ref" type="xs:string">
    569. 

  569. 						<xs:annotation>
    570. 

  570. 							<xs:documentation>
    571. 

  571. 								The reference to the bean that defines the
    572. 

  572. 								redirect strategy, used when redirecting the user for
    573. 

  573. 								access authorization. Default value is an instance of
    574. 

  574. 								"org.springframework.security.web.DefaultRedirectStrategy".
    575. 

  575. 							</xs:documentation>
    576. 

  576. 						</xs:annotation>
    577. 

  577. 					</xs:attribute>
    578. 

  578. 				</xs:extension>
    579. 

  579. 			</xs:complexContent>
    580. 

  580. 		</xs:complexType>
    581. 

  581. 	</xs:element>
    582. 

  582. 

  583. 	<xs:element name="resource">
    584. 

  584. 		<xs:annotation>
    585. 

  585. 			<xs:documentation>
    586. 

  586. 				Definition of a remote resource that is protected via
    587. 

  587. 				OAuth2 to which this client application wants
    588. 

  588. 				access.
    589. 

  589. 			</xs:documentation>
    590. 

  590. 		</xs:annotation>
    591. 

  591. 		<xs:complexType>
    592. 

  592. 			<xs:complexContent>
    593. 

  593. 				<xs:extension base="beans:identifiedType">
    594. 

  594. 					<xs:attribute name="type" type="xs:string">
    595. 

  595. 						<xs:annotation>
    596. 

  596. 							<xs:documentation>
    597. 

  597. 								The grant type. Currently defined grant types
    598. 

  598. 								include
    599. 

  599. 								"authorization_code", "password", and
    600. 

  600. 								"assertion".
    601. 

  601. 								Default value
    602. 

  602. 								is "authorization_code".
    603. 

  603. 							</xs:documentation>
    604. 

  604. 						</xs:annotation>
    605. 

  605. 					</xs:attribute>
    606. 

  606. 					<xs:attribute name="client-id" type="xs:string" use="required">
    607. 

  607. 						<xs:annotation>
    608. 

  608. 							<xs:documentation>
    609. 

  609. 								The client id. This is the id by which the
    610. 

  610. 								resource server will
    611. 

  611. 								identify this application.
    612. 

  612. 							</xs:documentation>
    613. 

  613. 						</xs:annotation>
    614. 

  614. 					</xs:attribute>
    615. 

  615. 					<xs:attribute name="access-token-uri" type="xs:string">
    616. 

  616. 						<xs:annotation>
    617. 

  617. 							<xs:documentation>
    618. 

  618. 								The uri to where the access token may be
    619. 

  619. 								obtained.
    620. 

  620. 							</xs:documentation>
    621. 

  621. 						</xs:annotation>
    622. 

  622. 					</xs:attribute>
    623. 

  623. 					<xs:attribute name="scope" type="xs:string">
    624. 

  624. 						<xs:annotation>
    625. 

  625. 							<xs:documentation>
    626. 

  626. 								Comma-separted list of string specifying the
    627. 

  627. 								scope of the access to the
    628. 

  628. 								resource. By default,
    629. 

  629. 								no
    630. 

  630. 								scope will be
    631. 

  631. 								specified.
    632. 

  632. 							</xs:documentation>
    633. 

  633. 						</xs:annotation>
    634. 

  634. 					</xs:attribute>
    635. 

  635. 					<xs:attribute name="client-secret" type="xs:string">
    636. 

  636. 						<xs:annotation>
    637. 

  637. 							<xs:documentation>
    638. 

  638. 								The secret asssociated with the resource. By
    639. 

  639. 								default, no secret
    640. 

  640. 								will be supplied for access to
    641. 

  641. 								the resource.
    642. 

  642. 							</xs:documentation>
    643. 

  643. 						</xs:annotation>
    644. 

  644. 					</xs:attribute>
    645. 

  645. 					<xs:attribute name="client-authentication-scheme" type="xs:string">
    646. 

  646. 						<xs:annotation>
    647. 

  647. 							<xs:documentation>
    648. 

  648. 								The scheme that is used to pass the client
    649. 

  649. 								secret. Suggested
    650. 

  650. 								values: "header" and "form".
    651. 

  651. 								Default:
    652. 

  652. 								"header".
    653. 

  653. 								See section 2.1 of the OAuth 2 spec.
    654. 

  654. 							</xs:documentation>
    655. 

  655. 						</xs:annotation>
    656. 

  656. 					</xs:attribute>
    657. 

  657. 					<xs:attribute name="user-authorization-uri" type="xs:string">
    658. 

  658. 						<xs:annotation>
    659. 

  659. 							<xs:documentation>
    660. 

  660. 								The uri to which the user will be redirected if
    661. 

  661. 								the user is ever
    662. 

  662. 								needed to grant an authorization
    663. 

  663. 								code.
    664. 

  664. 							</xs:documentation>
    665. 

  665. 						</xs:annotation>
    666. 

  666. 					</xs:attribute>
    667. 

  667. 					<xs:attribute name="authentication-scheme" default="header" type="xs:string">
    668. 

  668. 						<xs:annotation>
    669. 

  669. 							<xs:documentation>
    670. 

  670. 								The method for bearing the token when accessing
    671. 

  671. 								the resource.
    672. 

  672. 								Default value is "header". See
    673. 

  673. 								AuthenticationScheme enum for possible values.
    674. 

  674. 							</xs:documentation>
    675. 

  675. 						</xs:annotation>
    676. 

  676. 					</xs:attribute>
    677. 

  677. 					<xs:attribute name="token-name" type="xs:string" default="access_token">
    678. 

  678. 						<xs:annotation>
    679. 

  679. 							<xs:documentation>
    680. 

  680. 								The name of the bearer token. The default is
    681. 

  681. 								"access_token", which
    682. 

  682. 								is according to the spec,
    683. 

  683. 								but
    684. 

  684. 								some providers
    685. 

  685. 								(e.g. Facebook) don't conform to the spec.
    686. 

  686. 							</xs:documentation>
    687. 

  687. 						</xs:annotation>
    688. 

  688. 					</xs:attribute>
    689. 

  689. 					<xs:attribute name="pre-established-redirect-uri" type="xs:string">
    690. 

  690. 						<xs:annotation>
    691. 

  691. 							<xs:documentation>
    692. 

  692. 								Some resource servers may require a
    693. 

  693. 								pre-established URI to which
    694. 

  694. 								they will redirect users after
    695. 

  695. 								users
    696. 

  696. 								authorize an access token.
    697. 

  697. 							</xs:documentation>
    698. 

  698. 						</xs:annotation>
    699. 

  699. 					</xs:attribute>
    700. 

  700. 					<xs:attribute name="use-current-uri" type="xs:string">
    701. 

  701. 						<xs:annotation>
    702. 

  702. 							<xs:documentation>
    703. 

  703. 								Boolean flag indicating that the current URI should be used as a redirect (if available) rather
    704. 

  704. 								than the
    705. 

  705. 								registered redirect URI. Default is true.
    706. 

  706. 							</xs:documentation>
    707. 

  707. 						</xs:annotation>
    708. 

  708. 					</xs:attribute>
    709. 

  709. 					<xs:attribute name="username" type="xs:string">
    710. 

  710. 						<xs:annotation>
    711. 

  711. 							<xs:documentation>
    712. 

  712. 								The username for authentication, required only when type is "password".
    713. 

  713. 							</xs:documentation>
    714. 

  714. 						</xs:annotation>
    715. 

  715. 					</xs:attribute>
    716. 

  716. 					<xs:attribute name="password" type="xs:string">
    717. 

  717. 						<xs:annotation>
    718. 

  718. 							<xs:documentation>
    719. 

  719. 								The password for authentication, required only when type is "password".
    720. 

  720. 							</xs:documentation>
    721. 

  721. 						</xs:annotation>
    722. 

  722. 					</xs:attribute>
    723. 

  723. 				</xs:extension>
    724. 

  724. 			</xs:complexContent>
    725. 

  725. 		</xs:complexType>
    726. 

  726. 	</xs:element>
    727. 

  727. 

  728. </xs:schema>
    729.