I am trying to split a resource server from an authorization server in spring-boot. I have two different applications that I run separately. On the authorization server, I can get the carrier token from oauth / token, but when I try to access the resource (sending the token in the header), I get an invalid token error. My intention is to use the InMemoryTokenStore and the token carrier. Can someone tell me what is wrong in my code?
Authorization Server:
@SpringBootApplication public class AuthorizationServer extends WebMvcConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(AuthorizationServer.class, args); } @Configuration @EnableAuthorizationServer protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { private TokenStore tokenStore = new InMemoryTokenStore(); @Autowired private AuthenticationManager authenticationManager; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints .authenticationManager(authenticationManager) .tokenStore(tokenStore); } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security.checkTokenAccess("hasAuthority('ROLE_USER')"); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients .inMemory() .withClient("user") .secret("password") .authorities("ROLE_USER") .authorizedGrantTypes("password") .scopes("read", "write") .accessTokenValiditySeconds(1800); } }
Resource Server:
@SpringBootApplication @RestController @EnableOAuth2Resource @EnableWebSecurity @Configuration public class ResourceServer extends WebSecurityConfigurerAdapter { public static void main(String[] args){ SpringApplication.run(ResourceServer.class, args); } @RequestMapping("/") public String home(){ return "Hello Resource World!"; } @Bean public ResourceServerTokenServices tokenService() { RemoteTokenServices tokenServices = new RemoteTokenServices(); tokenServices.setClientId("user"); tokenServices.setClientSecret("password"); tokenServices.setTokenName("tokenName"); tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token"); return tokenServices; } @Override public AuthenticationManager authenticationManagerBean() throws Exception { OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager(); authenticationManager.setTokenServices(tokenService()); return authenticationManager; } @Configuration @EnableResourceServer protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/","/home") .and() .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')"); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { TokenStore tokenStore = new InMemoryTokenStore(); resources.resourceId("Resource Server"); resources.tokenStore(tokenStore); } }
source share