Resource server for Non-reactive approach

Question

Resource server for Non-reactive approach

hfye opened this issue 6 years ago · comments

Is possible to create a sample resource server using spring-boot-starter-web? I managed to add @EnableResourceServer to my non-reactive web app, but often face unauthorized errors.

It would be helpful to have another sample for non-reactive approach.

Joe Grandja · Answer 1 · Thu Feb 14 2019 17:16:44 GMT+0800 (China Standard Time)

@hfye Here is a full sample with client and resource servers https://github.com/jgrandja/oauth2-protocol-patterns

hfye · Answer 2 · Fri Feb 15 2019 11:27:36 GMT+0800 (China Standard Time)

It works perfectly! Thank you!

hfye · Answer 3 · Fri Feb 15 2019 18:22:53 GMT+0800 (China Standard Time)

Following the sample oauth2-protocol-patterns, the microservice app is able to accept oauth2 token. but I'm facing another issue with actuator health endpoints after adding the dependency "org.springframework.boot:spring-boot-starter-actuator". It always return 401 error even I exclude the authentication check in ResourceServerConfig as below:

@Autowired
private OAuth2ResourceServerProperties resourceServerProperties;

// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
			.authorizeRequests()
			.mvcMatchers("/actuator/health").permitAll()
			.mvcMatchers("/api/**").access("hasAuthority('SCOPE_resource.read')")
			.anyRequest().authenticated()
			.and()
			.oauth2ResourceServer()
			.jwt()
			.jwkSetUri(this.resourceServerProperties.getJwt().getJwkSetUri());
}
// @formatter:on

Do you have any solution on this? I see that the sample gateway provides a walkaround solution for webflux.

hfye · Answer 4 · Sun Feb 17 2019 17:36:17 GMT+0800 (China Standard Time)

It's caused by my other mistake. The above code is working for health endpoint.