Giter Club home page Giter Club logo

Comments (5)

mariubog avatar mariubog commented on September 26, 2024

authorization server issues token, resource server provides access to resource based on that token but it has to have a way to validate it to confirm it is the token issued by authorization server, in royclarkson's example tokens are stored in memory private TokenStore tokenStore = new InMemoryTokenStore(); by authentication server but it is within same application, when dealing with separated implementation on more hosts, you have to have a way to check from resource server against the tokenstore in authentication server, how you establish communication when both are on separate hosts and validate token is up to you and it is probably way beyond the scope of this example, but it should not be that hard ResourceServerSecurityConfigurer allows you to implement your own approach when verifying token

from spring-rest-service-oauth.

Artgit avatar Artgit commented on September 26, 2024

@mariubog , thanks for your answer!

Please let me summarize - I have two application - first is oauth2 AuthorizationServer(my SSO point) and the second application is some business REST service API. So, based on this example, I need to move implementation of ResourceServerConfiguration from first to my second application and implement some kind of shared TokenStore for both of them, for example based on persistent database ?

from spring-rest-service-oauth.

mariubog avatar mariubog commented on September 26, 2024

whichever endpoints you want to secure with oauth thats where your resource server has to be, in you case REST endpoints, yes probably some kind of database and than provide secure endpoint to access that database and verify that token is valid, I have not done it but would suggest to take good look at both AuthorizationServerEndpointsConfigurer and ResourceServerSecurityConfigurer they offer some api to make lot of customizations, though communication will be still the part that is left to your own implementation

from spring-rest-service-oauth.

Artgit avatar Artgit commented on September 26, 2024

@mariubog , thanks !

from spring-rest-service-oauth.

royclarkson avatar royclarkson commented on September 26, 2024

@mariubog thanks for the information! Agreed that it is beyond scope of this example.

from spring-rest-service-oauth.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.