Comments (5)
authorization server issues token, resource server provides access to resource based on that token but it has to have a way to validate it to confirm it is the token issued by authorization server, in royclarkson's example tokens are stored in memory private TokenStore tokenStore = new InMemoryTokenStore();
by authentication server but it is within same application, when dealing with separated implementation on more hosts, you have to have a way to check from resource server against the tokenstore in authentication server, how you establish communication when both are on separate hosts and validate token is up to you and it is probably way beyond the scope of this example, but it should not be that hard ResourceServerSecurityConfigurer
allows you to implement your own approach when verifying token
from spring-rest-service-oauth.
@mariubog , thanks for your answer!
Please let me summarize - I have two application - first is oauth2 AuthorizationServer(my SSO point) and the second application is some business REST service API. So, based on this example, I need to move implementation of ResourceServerConfiguration from first to my second application and implement some kind of shared TokenStore for both of them, for example based on persistent database ?
from spring-rest-service-oauth.
whichever endpoints you want to secure with oauth thats where your resource server has to be, in you case REST endpoints, yes probably some kind of database and than provide secure endpoint to access that database and verify that token is valid, I have not done it but would suggest to take good look at both AuthorizationServerEndpointsConfigurer
and ResourceServerSecurityConfigurer
they offer some api to make lot of customizations, though communication will be still the part that is left to your own implementation
from spring-rest-service-oauth.
@mariubog , thanks !
from spring-rest-service-oauth.
@mariubog thanks for the information! Agreed that it is beyond scope of this example.
from spring-rest-service-oauth.
Related Issues (20)
- @EnableWebMvcSecurity is deprecared HOT 1
- Adding new users HOT 3
- Question trying this w/ existing project HOT 1
- How to make this project scalable?
- Add a RESTful api to revoke access tokens?
- NullPointerException on /oauth/check_token with valid token
- Trying to use an html page to get OAuth code instead of curl
- How to access spring-rest-service-oauth to client device ? HOT 1
- Facebook/twitter login? HOT 1
- How to force Spring Security OAuth 2 to use JSON instead of XML? HOT 1
- UserRepositoryUserDetails has to implement abstract method getPassword HOT 1
- If Gson mapper is chosen, the oauth token response is empty HOT 2
- Connect This Project To Mysql HOT 3
- Oauth key annotations are not activated in spring MVC application
- Deployed in AWS Elastic Beanstalk
- What is User credentails to get access token HOT 2
- Project is broken on Spring Boot 1.5.4.RELEASE HOT 2
- UserDetailsService is required for two providers HOT 1
- Refresh token request doesn't work, when used with Spring Security OAuth 2.0.14 HOT 1
- 'entityManagerFactory' in your configuration.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-rest-service-oauth.