Java – spring oauth2 access token in HTTP header

Java

I try to use authorization server to implement spring oauth2 settings in an application and resource server in a separate application

I will say from the beginning that due to the current system limitations, I am forced to use the old version of spring / spring security until we can plan to upgrade the system:

>Spring: 3.1 1 > safety: 3.2 7 > Spring OAuth:1.0. five

I have all the work, but when I request restricted resources from the resource server, I must provide access_ Token as query parameter

I prefer to provide it as an HTTP header Is there a built-in function in spring security OAuth?

Resource server configuration

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans

    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/security/oauth2
    http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <!-- Resource Server Filter -->
    <oauth:resource-server id="resourceServerFilter" resource-id="someResourceId" token-services-ref="tokenServices"/>
    <!-- END Resource Server Filter -->

    <!-- Protected resources -->
    <http pattern="/rest/BasicService/**" create-session="stateless" xmlns="http://www.springframework.org/schema/security" entry-point-ref="oauthAuthenticationEntryPoint">  
        <anonymous enabled="false"/>
        <intercept-url pattern="/rest/BasicService/**" access="ROLE_USER"/>
        <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
        <access-denied-handler ref="oauthAccessDeniedHandler"/> 
    </http>   
    <!-- END Protected resources -->

    <!-- Authentication -->
    <sec:authentication-manager xmlns="http://www.springframework.org/schema/security" /> 
    <bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/beans"/>
    <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
    <!-- END Authentication -->         

    <!-- Token Store -->    
    <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
        <constructor-arg ref="myJdbcTokenStore" />
    </bean>

    <bean id="myJdbcTokenStore" class="org.springframework.jndi.Jndiobjectfactorybean">
        <property name="jndiName" value="java:comp/env/jdbc/someJNDIDatabaseName"/>
    </bean>

    <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore"/>
    </bean>
    <!-- END Token Store -->

</beans>

Solution

As prtk_ As mentioned in Shah's comments, the token type needs to be added to the authorization header

Authorization: holder

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>