Announcement Announcement Module
Collapse
No announcement yet.
Authentication and Authorization without Basic Authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication and Authorization without Basic Authentication

    Is there any documentation on authentication and authorization with OAuth 2.0, and without using form based authentication?
    Is Basic Authentication a requirement for using OAuth with spring security?

    I see the AuthorizationEndPoint class requires the ModelView, but is there any way to suppress the ModelView and switch to JSON response?

    I'm building a service which is rest based and does not have any front end, hence need advice on how i can bundle spring security and OAuth 2.0 into it.

  • #2
    Originally posted by rahul_kj View Post
    Is there any documentation on authentication and authorization with OAuth 2.0, and without using form based authentication?
    OAuth is not an authentication protocol so authentication is a completely orthogonal concern that you can implement any way you choose. To find out more about your options just look at the Spring Security docs and samples (https://github.com/SpringSource/spring-security).

    Is Basic Authentication a requirement for using OAuth with spring security?
    Basic auth is used for the token endpoint by default. If you like you can use request parameters, but the spec strongly discourages it (see ClientCredentialsEndpointFilter).

    I see the AuthorizationEndPoint class requires the ModelView, but is there any way to suppress the ModelView and switch to JSON response?
    Normally you would just send "Accept: application/json" in the request headers. All that requires to make it work is the right ViewResolver setup in your servlet context (it should work with the sparklr sample for instance).

    I'm building a service which is rest based and does not have any front end, hence need advice on how i can bundle spring security and OAuth 2.0 into it.
    There's no need for a resource server to have a UI. The sparklr sample does, but only because it is a demo (with auth server and resource server rolled into one). If you create an app with just the <oauth:resource-server/> configuration (and dependent pieces) that should do it.

    Comment

    Working...
    X