Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the use of JdbcApprovalStore(ApprovalStore) in spring-security-oauth?

Tags:

java

jwt

spring-security

spring-security-oauth2

I am using JWTTOkenStore in spring-security-oauth.

The issue I am facing is I want to add support of revoking JWT token. I know there are other options to handle this but I am looking for this option. I found that we can use org.springframework.security.oauth2.provider.approval.JdbcApprovalStore for the same. Is my understanding correct? I really searched on internet for some example, but I did not find any.

    /**
     * ApprovalStore to be used to validate and restrict refresh tokens.
     * 
     * @param approvalStore the approvalStore to set
     */
    public void setApprovalStore(ApprovalStore approvalStore) {
        this.approvalStore = approvalStore;
    }

Can someone please explain me briefly what is the use JdbcApprovalStore with JWTTokenStore?

like image 827
027 Avatar asked Jun 27 '17 17:06

027

People also ask

What is the latest version of OAuth in Spring Security?

The latest OAuth 2.0 support is provided by Spring Security. See the OAuth 2.0 Migration Guide for further details. Spring Security OAuth provides support for using Spring Security with OAuth (1a) and OAuth2 using standard Spring and Spring Security programming models and configuration idioms.

How do I check for OAuth tokens in Spring Security?

For checking oauth tokens, Spring Security oauth exposes two endpoints – /oauth/check_token and /oauth/token_key. These endpoints are protected by default behind denyAll (). tokenKeyAccess () and checkTokenAccess () methods open these endpoints for use.

Which password encoder should I use in Spring Security?

We should always use the other highly secure options provided by Spring Security, the most popular of which is the BCryptPasswordEncoder, which we will be using later in our series of tutorials. To put it in the Spring context we annotate the method with @Bean.

How to use the userdetailsservice in Spring Boot?

To be able to use the UserDetailsService defined by us, it is necessary to provide a PasswordEncoder bean in the Spring context. Again, to keep it simple for now we use the NoOpPasswordEncoder.

1 Answers

Approval stores are used to manage the decisions (approvals) made by the users (accept or deny an app). These decisions can be stored on a db (jdbc), in memory or a third which is the TokenApprovalStore. In this one, the approvals are stored on the TokenStore itself. In your case, you would need this last one.

The use of JDBC with JWT is that, whenever a token is validated by the app, it would validate if the approval which appears inside of it is the same that the one stored on a certain place (jdbc, memory or tokenStore).

I hope this helps you, I'm just starting with OAUTH

like image 110
Federico Paulettich Avatar answered Oct 20 '22 01:10

Federico Paulettich

Sign in to Comment

Related questions

@ExceptionHandler doesn't catch exceptions being thrown from Spring Formatters
Good JSP code structure for header and footer
How to properly setup documentation for Restful services in a micro-service architecture (HAL, ALPS)
Tomcat: Failed to destroy end point associated with ProtocolHandler
Android how to resize (scale) an xml vector icon programmatically
How do you remove a Java Annotation at Runtime (probably using Reflection)?
Return class literal as intersection type
Upload a text File from .Net http client to Java REST API in InputStream format
Too Many Open Files (Selenium + PhantomJSDriver)
Spring Boot Testing @WebMvcTest for a Controller appears to load other controllers in the context
How to configure logging in Hadoop / HDP components?
How to instantiate GoogleIdTokenVerifier properly / what does .setAudience() do?
Make Gradle use Maven local repository for downloading artifacts
Fortify high: Access specifier manipulation on reflection that is used to invoke a private constructor
IntelliJ null check warnings
"Force update of snapshots/releases" - what does it mean
Consume Sharepoint Office 365 web services from Java application
Swagger doesnt show inherited objects
Interceptor for not existing request mapping with java configuration
Firebase, is it possible to place verifyPhoneNumber outside activity without passing activity reference to it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!