OAuth Resource Owner Password Java
Question
Is there a Java provider implementation of the OAuth's Resource Owner Password flow or a library to include in my project?
I have read that Spring Security provides those libraries with a server or provider implementation, can I only include those Spring libraries to my standard Java EE project without using the full Spring stack?
Could it be possible or reasonable to implement the OAuth provider and client for that flow following the RFC?
1 answers
solution1
0 2013-10-09 15:29:55
The UAA project uses Spring Security's OAuth provider to implement a full OAuth2 authorization server (including resource owner grant). Why not use that?
You can't "only include those Spring libraries to my standard Java EE project" without using Spring. It's not really clear from your question how you would expect that to work. Where would the authorization server be implemented, for example?
It's certainly possible to implement the OAuth2 provider yourself, especially if you are only using part of the spec, but it's not trivial and probably not "reasonable" if it is just incidental to your main application development.
You will still need to consider how to protect your resource servers when they are accessed by an application which has obtained a token from the authorization server. In other words, they need to be able to check and understand the token that is issued and make an access decision based on it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.