使用oAuth2保护Spring Boot API | 过滤用户

Question

I have a Spring boot API that I managed to secure with oAuth2 and Google. I have something similar to this: Rest, Spring own OAuth2 server + OAuth2 providers like Facebook, Google, Yahoo

Everything works as expected.

My question is the following: How can I know limit the access to certain users (not every google user) ? This sounds like the authorization part to me. I'm not sure where to start as I'm a beginner in all this.

Thanks for any help or pointer.

Answer 1

To the best of my knowledge, if you want to limit access to an API based on a user's last name (going by your example) I will set up a sample scenario of something I might do.

Say for instance I have an API with an endpoint such as /api/family?lastname=doe and the purpose of this API is to return a list of people with the same last name as "doe" in this case. The API will only return a result if the last name provided in the parameter is equal to the current authorized user's last name.

So maybe I'd have an API set up as follows:

@RequestMapping(value="/api/family", method = RequestMethod.GET)
@ResponseBody
public List<Member> findFamilyMembersByLastName(@RequestParam(value="lastname", required=true) String lastName){

      User authorizedUser = getCurrentUser(); // Set up a method that is able to get the current logged in user
      if(!authorizedUser.getLastName().equals(lastName){
         // Throw some kind of exception here
      }
      // otherwise perform a query to find a list of Members with last name and return them

}