Announcement Announcement Module
Collapse
No announcement yet.
M4-to-1.0-Release: Caching of access token in OAuth2RestTemplate? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • M4-to-1.0-Release: Caching of access token in OAuth2RestTemplate?

    Hi,

    I am migrating from spring-security-oauth from M4 to 1.0.0-RELEASE and having difficulty understanding token-acquring logic that has moved into OAuth2RestTemplate.

    In M4, for the http request being processed, the access token used to be cached in OAuth2ClientContextHolder.

    But now, I see that there is just one copy of "OAuth2ClientContext" that OAuth2RestTemplate uses. So, how does it prevent the mixing-up of access tokens if multiple http requests (belonging to different users) are being processed simultaneously, say?

    Is there any sample / reference app that shows how OAuth2RestTemplate should be configured / used now?

    Regards,
    Roshan

  • #2
    Originally posted by roshandawrani View Post
    how does it prevent the mixing-up of access tokens if multiple http requests (belonging to different users) are being processed simultaneously, say?
    If you use <oauth:rest-template/> the result is session scoped and it has a request scoped context (replacing the old context holder). If you want to create your own bean definition you will have to manage the state yourself, or use session and request scope explcitly.

    Is there any sample / reference app that shows how OAuth2RestTemplate should be configured / used now?
    The tonr2 sample should show as much as there is to show.
    Last edited by Dave Syer; Nov 22nd, 2012, 03:25 AM.

    Comment


    • #3
      Got it. Thanks.

      No, I don't use <oauth:rest-template/>. I configure the bean def myself. I will change its scope to "request" explicitly.

      Comment

      Working...
      X