Resource server for Non-reactive approach
hfye opened this issue · comments
Is possible to create a sample resource server using spring-boot-starter-web? I managed to add @EnableResourceServer to my non-reactive web app, but often face unauthorized errors.
It would be helpful to have another sample for non-reactive approach.
@hfye Here is a full sample with client and resource servers https://github.com/jgrandja/oauth2-protocol-patterns
It works perfectly! Thank you!
Following the sample oauth2-protocol-patterns, the microservice app is able to accept oauth2 token. but I'm facing another issue with actuator health endpoints after adding the dependency "org.springframework.boot:spring-boot-starter-actuator". It always return 401 error even I exclude the authentication check in ResourceServerConfig as below:
@Autowired
private OAuth2ResourceServerProperties resourceServerProperties;
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/actuator/health").permitAll()
.mvcMatchers("/api/**").access("hasAuthority('SCOPE_resource.read')")
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwkSetUri(this.resourceServerProperties.getJwt().getJwkSetUri());
}
// @formatter:on
Do you have any solution on this? I see that the sample gateway provides a walkaround solution for webflux.
It's caused by my other mistake. The above code is working for health endpoint.