Menu
I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter and some of have WebSecurityConfigurerAdapter as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authentication for Spring MVC REST which is currently based on Basic Authentication. Can someone exaplin me what is required and not or good resource to understand the Spring MVC REST +OAuth integration in a single server?
Currently my POC works without WebSecurityConfigurerAdapter, but with ResourceServerConfigurerAdapter along with AuthorizationServerConfigurerAdapter. It looks like ResourceServerConfigurerAdapter is enough. Now I'm not sure what should I do to my existing WebSecurityConfigurerAdapter which is working perfectly in my Spring MVC REST application.
409
Class ResourceServerConfigurerAdapter Use this to configure the access rules for secure resources. Add resource-server specific properties (like a resource id).
In Spring Boot 2, if we want our own security configuration, we can simply add a custom WebSecurityConfigurerAdapter. This will disable the default auto-configuration and enable our custom security configuration. Spring Boot 2 also uses most of Spring Security's defaults.
WebSecurityConfigurerAdapter is a convenience class that allows customization to both WebSecurity and HttpSecurity. We can extend WebSecurityConfigurerAdapter multiple times (in distinct objects) to replicate the behavior of having multiple http elements.
The type WebSecurityConfigurerAdapter is deprecatedWell, it's because the developers of Spring framework encourage users to move towards a component-based security configuration.
Here is a good answer https://stackoverflow.com/a/28604260, it looks like WebSecurityConfigurerAdapter is an order inferior to the ResourceServerConfigurerAdapter.
I have a WebSecurityConfigurerAdapter and a ResourceServerConfigurerAdapter, but the endpoints security configuration is in the ResourceServerConfigurerAdapter under:
public void configure(HttpSecurity http) throws Exception { I also have the following configuration:
security: oauth2: resource: filter-order: 3 Else the endpoints security configuration is ignored (I don't know why).
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
