Spring Security OAuth2 pure resource server
We already have an OAuth2 authorization server set up, so I need to create a corresponding resource server (separate server). We plan to use the Spring Security OAuth2 project.
-
Yes its possible. Like you have already mentioned in your question,
RemoteTokenServicesis the solution.I have created one sample which has separate auth and resource server. Its just a sample to give a quick idea about the concept and open for extension.
Spring-AngularJS-OAuth2-Sample
讨论(0) -
This is possible as long as the authorization server and resource server(s) access a shared
tokenStore(e.g. usingJdbcTokenStorewith a commondataSource). You can just useDefaultTokenServiceswith a reference to your sharedtokenStore. Below is an example Spring config which you should be able to tweak to fit your needs:<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd"> <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore"> <constructor-arg name="dataSource" ref="dataSource" /> </bean> <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> <property name="tokenStore" ref="tokenStore" /> </bean> <bean id="authenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> <property name="realmName" value="myRealm" /> </bean> <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" /> <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> </list> </constructor-arg> </bean> <!-- This is not actually used, but it's required by Spring Security --> <security:authentication-manager alias="authenticationManager" /> <oauth2:expression-handler id="oauthExpressionHandler" /> <oauth2:web-expression-handler id="oauthWebExpressionHandler" /> <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"> <security:expression-handler ref="oauthExpressionHandler" /> </security:global-method-security> <oauth2:resource-server id="myResource" resource-id="myResourceId" token-services-ref="tokenServices" /> <security:http pattern="/myPattern/**" create-session="never" entry-point-ref="authenticationEntryPoint" access-decision-manager-ref="accessDecisionManager"> <security:anonymous enabled="false" /> <security:intercept-url pattern="/**" access="SCOPE_READ" method="GET" /> <security:intercept-url pattern="/**" access="SCOPE_READ" method="HEAD" /> <security:intercept-url pattern="/**" access="SCOPE_READ" method="OPTIONS" /> <security:intercept-url pattern="/**" access="SCOPE_WRITE" method="PUT" /> <security:intercept-url pattern="/**" access="SCOPE_WRITE" method="POST" /> <security:intercept-url pattern="/**" access="SCOPE_WRITE" method="DELETE" /> <security:custom-filter ref="myResource" before="PRE_AUTH_FILTER" /> <security:access-denied-handler ref="oauthAccessDeniedHandler" /> <security:expression-handler ref="oauthWebExpressionHandler" /> </security:http> </beans>讨论(0)
加载中...
- 热议问题