Announcement Announcement Module
Collapse
No announcement yet.
Spring Batch client and rest template Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Batch client and rest template

    Hi

    I am trying to use OAuth2RestTemplate and call my resource server from my a spring batch job.
    Since I don't have access to OAuth2ClientContextFilter to get the access token, is there any recommandations or best practices on how to call OAuth servers out of servlet container (and request filters)?

    Thanks

  • #2
    For a Batch job I would expect you have the token or tokens in the input dataset or job parameters? If that is the case you should only nee dto add the Authorization header to the outgoing request (so no need for OAuth2RestTemplate).

    If you need OAuth2RestTemplate, my comments at the end of https://jira.springsource.org/browse/SECOAUTH-28 might help. I am also in the process of refactoring the client support so that the OAuth2RestTemplate can acquire its own token (SECOAUTH-222).

    Comment


    • #3
      I am thinking to use @Before advice similar to
      @Before("execution(* org.springframework.security.oauth2.client.http.OA uth2ClientHttpRequestFactory.createRequest(..))")

      Then use an implementation of AuthorizationServerTokenServices to access/validate the token and finally put it into OAuth2ClientContextHolder!

      I think the logic to obtain the access token should move out of OAuth2ClientContextFilter filter!

      Comment


      • #4
        Originally posted by shahbazi View Post
        I am thinking to use @Before advice similar to
        @Before("execution(* org.springframework.security.oauth2.client.http.OA uth2ClientHttpRequestFactory.createRequest(..))")
        Up to you, but it looks like overkill to me to use AOP for this one (and you need cglib or aspectj to intercept that pointcut).

        Then use an implementation of AuthorizationServerTokenServices to access/validate the token and finally put it into OAuth2ClientContextHolder!
        AuthorizationServerTokenServices is for the Auth Server (hence the name) - it does not provide any services that a client should need or be allowed to use. On a client you probably want to use an AccessTokenProvider.

        I think the logic to obtain the access token should move out of OAuth2ClientContextFilter filter!
        Agree up to a point, but there may still be a place for the filter. There is some work in progress (https://jira.springsource.org/browse/SECOAUTH-222), which will probably move the AccessTokenProvider to the OAuth2RestTemplate.

        Comment

        Working...
        X