How to use AuthorizationServerSecurityConfigurer?

Question

How to use AuthorizationServerSecurityConfigurer?

I am looking at a Spring boot project that has this code:

public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer .tokenKeyAccess("permitAll()") .checkTokenAccess("isAuthenticated()"); }

Unfortunately, I cannot find any resources anywhere (i.e. Google, Spring docs, Spring oauth docs), which explains to me how to actually use AuthorizationServerSecurityConfigurer . Moreover, I do not understand what exactly tokenKeyAccess("permitAll()") or checkTokenAccess("isAuthenticated()") .

In addition to helping me understand what these two functions do, please help me find out where to look for these types of information in the future.

+5

spring spring-boot spring-mvc spring-security

KZcoding Aug 19 '17 at 2:46

source share

1 answer

koe · Accepted Answer · 2017-08-19T17:31:07+0000

Spring Security OAuth provides two endpoints for checking tokens ( /oauth/check_token and /oauth/token_key ). These endpoints are not displayed by default (they have "denyAll ()" access).

So, if you want to check tokens with this endpoint, you will have to add this to the configuration of authorization servers:

 @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.tokenKeyAccess("isAnonymous() || hasAuthority('ROLE_TRUSTED_CLIENT')") .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')"); }

See the Resource Server Configuration section of the Spring Security OAuth2 documentation for more information.

How to use AuthorizationServerSecurityConfigurer?

More articles: