Announcement Announcement Module
Collapse
No announcement yet.
Spring Security OAuth2 Resource Server with remote Authorization Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security OAuth2 Resource Server with remote Authorization

    We already have an OAuth2 authorization server set up, so I need to create a corresponding resource server (separate server). We plan to use the Spring Security OAuth2 project. The documentation for setting up a resource server:

    https://github.com/spring-projects/s...-configuration

    `token-services-ref` should point to the token-handling bean. However it seems like the token handling is done by the server itself even though it is the resource server (specifically by DefaultTokenServices). There doesn't seem to be any remote token services class or any configuration relating to a remote server. This is in contrast with the CloudFoundary UAA (https://github.com/cloudfoundry/uaa/...ng-servlet.xml) which has:

    <bean id="tokenServices"
    class="org.cloudfoundry.identity.uaa.oauth.RemoteTok enSe rvices">
    <property name="checkTokenEndpointUrl" value="${checkTokenEndpointUrl}" />

    Is there any way to use Spring Security OAuth2 for a resource server that communicates with a separate OAuth2 Authorization server? How can I set the communication endpoint?

  • #2
    Do you have any solution for this problem? I'm in the same point now implementing my Resource Server. Thanks for any idea!

    Comment


    • #3
      Hi,


      If your resource server and your authorization server shares the same database, you can re-define a TokenServices using a JdbcTokenStore.

      In latest version (2.0.0.RC1 ++ master branch on GitHub), a RemoteTokenServices has been implemented with a check_token endpoint on the authorization server to achieve this goal.

      Here is the RemoteTokenServices : https://github.com/spring-projects/s...nServices.java

      So, implement yours, including check_token endpoint if you can't wait.


      Regards,

      Comment

      Working...
      X