Spring Boot Security如何检查/验证访问令牌
[英]Spring Boot Security how to check/verify access token
问题描述
I am spring newbie 
我是春季新手
I've implemented OAuth2 implicit flow using spring security. 我已经使用Spring Security实现了OAuth2隐式流。 The question is how to check token validity? 问题是如何检查令牌的有效性? I've found oauth/check_token endpoint but first I wasn't able to reach it. 我找到了oauth/check_token端点,但是首先我无法到达它。 Then I've made the following change: 然后,我进行了以下更改:
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception
{
oauthServer.checkTokenAccess("permitAll()");
}
After the configuration I can use check_token endpoint but I wonder if it is correct to use permitAll on the endpoint. 配置完成后,我可以使用check_token端点,但是我想知道在端点上使用permitAll是否正确。 I've tried to change it to isAuthenticated but in that case I am not able to reach the endpoint because I don't store client_secret on my frontend app. 我尝试将其更改为isAuthenticated但是在那种情况下,由于我没有在我的前端应用程序中存储client_secret,因此无法到达端点。
Should I continue use permitAll or there is better way? 我应该继续使用permitAll还是有更好的方法?
1 个解决方案
解决方案1
2 2017-09-28 21:14:08
You should check access while using oAuth. 使用oAuth时,您应该检查访问权限。
Try below code if works, 如果可行,请尝试以下代码,
@Override
public void configure(
AuthorizationServerSecurityConfigurer oauthServer)
throws Exception {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
If doesn't, please share your security related snippets. 如果不是,请分享您与安全相关的摘要。 Happy coding :) 快乐的编码:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.