[英]Spring Boot Security how to check/verify access token
I am spring newbie 我是春季新手
I've implemented OAuth2 implicit flow using spring security. 我已经使用Spring Security实现了OAuth2隐式流。 The question is how to check token validity?
问题是如何检查令牌的有效性? I've found
oauth/check_token
endpoint but first I wasn't able to reach it. 我找到了
oauth/check_token
端点,但是首先我无法到达它。 Then I've made the following change: 然后,我进行了以下更改:
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception
{
oauthServer.checkTokenAccess("permitAll()");
}
After the configuration I can use check_token
endpoint but I wonder if it is correct to use permitAll
on the endpoint. 配置完成后,我可以使用
check_token
端点,但是我想知道在端点上使用permitAll
是否正确。 I've tried to change it to isAuthenticated
but in that case I am not able to reach the endpoint because I don't store client_secret on my frontend app. 我尝试将其更改为
isAuthenticated
但是在那种情况下,由于我没有在我的前端应用程序中存储client_secret,因此无法到达端点。
Should I continue use permitAll
or there is better way? 我应该继续使用
permitAll
还是有更好的方法?
You should check access while using oAuth. 使用oAuth时,您应该检查访问权限。
Try below code if works, 如果可行,请尝试以下代码,
@Override
public void configure(
AuthorizationServerSecurityConfigurer oauthServer)
throws Exception {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
If doesn't, please share your security related snippets. 如果不是,请分享您与安全相关的摘要。 Happy coding :)
快乐的编码:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.