Spring Security Flashcards
OATH : Authorisation Server –> creates the tokens JWT(Jason WebToken) using RSA public/private keys
Resourse Server –> accepts/denies the tokens . Using the public key provided by the Authorisation Server.
The key is encoded!
Authorisation Server –> creates the tokens JWT(Jason WebToken) using RSA public/private keys
Resourse Server
–> accepts/denies the tokens . Using the public key provided by the Authorisation Server.
–>maven dep: spring-boot-starter-oath2-resource-server
The key is encoded!
Servlet Staks vs reactive stack?????????
Servlet Staks vs reactive stack?????????
OAth usage
- In your MVC restful implementation:
modify class SecurityFilterChain to add .and().oath2ResourceServer().jwt() - In the RestTemplate client, calling the MVC restful service:
- use maven dep: spring-boot-starter-oath2-client
- in application.properties add the stadard oath2 client settings:
rest.template.rootUrl=http://localhost:8080
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:9000
spring.security.oauth2.client.registration.springauth.client-id=messaging-client
spring.security.oauth2.client.registration.springauth.client-secret=secret
spring.security.oauth2.client.registration.springauth.scope[0]=message.read
spring.security.oauth2.client.registration.springauth.scope[1]=message.write
spring.security.oauth2.client.registration.springauth.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.springauth.provider=springauth
spring.security.oauth2.client.provider.springauth.authorization-uri=http://localhost:9000/auth2/authorize
spring.security.oauth2.client.provider.springauth.token-uri=http://localhost:9000/oauth2/token
Using OAth2 in the client(RestTemplate)
