Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Security OAuth2 check_token endpoint

Tags:

I'm trying to setup a resource server to work with separate authorization server using spring security oauth. I'm using RemoteTokenServices which requires /check_token endpoint.

I could see that /oauth/check_token endpoint is enabled by default when @EnableAuthorizationServer is used. However the endpoint is not accessible by default.

Should the following entry be added manually to whitelist this endpoint?

http.authorizeRequests().antMatchers("/oauth/check_token").permitAll();

This will make this endpoint accessible to all, is this the desired behavior? Or am I missing something.

Thanks in advance,

like image 476
sowdri Avatar asked Nov 05 '14 06:11

sowdri


1 Answers

You have to

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception
{
   oauthServer.checkTokenAccess("permitAll()");    
}

For more information on this ::

How to use RemoteTokenService?

like image 72
Pratik Shah Avatar answered Sep 25 '22 10:09

Pratik Shah