How to use AuthorizationServerSecurityConfigurer?

spring spring-mvc spring-boot spring-security spring-oauth2
12,354

Spring Security OAuth exposes two endpoints for checking tokens (/oauth/check_token and /oauth/token_key). Those endpoints are not exposed by default (have access "denyAll()").

So if you want to verify the tokens with this endpoint you'll have to add this to your authorization servers' config:

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.tokenKeyAccess("isAnonymous() || hasAuthority('ROLE_TRUSTED_CLIENT')")
               .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");
}

Some more details can be found in the "Resource Server Configuration" section of the Spring Security OAuth2 documentation.

Share:
12,354

Related videos on Youtube

KZcoding
Author by

KZcoding

Updated on June 04, 2022

Comments

  • KZcoding
    KZcoding almost 2 years

    I am looking at a Spring boot project which has this code:

    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer
        .tokenKeyAccess("permitAll()")
        .checkTokenAccess("isAuthenticated()");
}

    Unfortunately, I am not able to find any resources anywhere (i.e. Google, Spring docs, Spring oauth docs) that explains to me how to actually use AuthorizationServerSecurityConfigurer. Moreover, I do not understand exactly what tokenKeyAccess("permitAll()") or checkTokenAccess("isAuthenticated()") do.

    Other than helping me understand what those two functions do, please help me learn where to look for these types of information in the future.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how to achieve Ldap Authentication using spring security(spring boot)
Spring security 401 Unauthorized even with permitAll
Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
Cannot get rid of "An Authentication object was not found in the SecurityContext" in a Spring Boot application without @WithMockUser
Spring security + session : Receive "Set-Cookie" header but not set in browser
Spring Boot Security Anonymous authorization
Spring boot - return 403 Forbidden instead of redirect to login page
@WithMockUser doesn't pick Spring Security auth credentials
How to autowire this TokenStore
Null @AuthenticationPrincipal with Spring-Boot / Security