Menu
Whats are the difference between these classes? I know that WebSecurityConfigurerAdapter is used to customize "security" on our apps.
Whats I've done:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomUserDetailsService customUserDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
But i don't understand the meaning of AuthorizationServerConfigurerAdapter.
I read a couple of articles but I don't get it.
828
AuthorizationServerConfigurerAdapter is used to configure how the OAuth authorization server works. Here are some aspects which can be configured: supported grant types (e.g. authorization code grant) authorization code service, to store authorization codes.
Class ResourceServerConfigurerAdapter Use this to configure the access rules for secure resources. Add resource-server specific properties (like a resource id).
Spring Security OAuth2 − Implements the OAUTH2 structure to enable the Authorization Server and Resource Server. Spring Security JWT − Generates the JWT Token for Web security. Spring Boot Starter JDBC − Accesses the database to ensure the user is available or not. Spring Boot Starter Web − Writes HTTP endpoints.
One thing first. OAuth 2 is an authorization framework. It allows an application (client) to obtain limited access to a HTTP service on behalf of a resource owner (user). OAuth 2 is not an authentication protocol.
AuthorizationServerConfigurerAdapter is used to configure how the OAuth authorization server works.
Here are some aspects which can be configured:
WebSecurityConfigurerAdapter is used to configure how the OAuth authorization server is secured.
Or in other words, how the user has to authenticate to grant a client access to his resources.
This can be:
(I have intentionally omitted some details to keep the answer as simple as possible.)
Example authorization server configuration with an in-memory token store:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore());
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
...
}
Example security configuration with form login:
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/oauth/authorize").authenticated()
.and()
.formLogin();
}
...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
