Skip to content

webflux oauth2ResourceServer don't support redisToken? #7230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
CK110 opened this issue Aug 7, 2019 · 1 comment
Closed

webflux oauth2ResourceServer don't support redisToken? #7230

CK110 opened this issue Aug 7, 2019 · 1 comment
Assignees
@jzheaux
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@CK110
Copy link

CK110 commented Aug 7, 2019

Summary

use webflux. is there any filter like OAuth2AuthenticationProcessingFilter in project spring-security-oauth?because i don't use JWT

Actual Behavior

Actual i use redis token。in my old project,zuul gateway is a resource server

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.tokenStore(tokenStore)
                .stateless(true)
                .authenticationEntryPoint(authenticationEntryPoint)
                .expressionHandler(expressionHandler)
                .accessDeniedHandler(oAuth2AccessDeniedHandler);
    }
   
   .....
}

but now i change the gateway to spring cloud gateway.

@Configuration
@EnableWebFluxSecurity
public class WebfluxResourceServerConfig {
    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {

        ServerBearerTokenAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter();
        bearerTokenConverter.setAllowUriQueryParameter(true);
        http.authorizeExchange()
                .anyExchange().access(new HasScope());
                .and()
                .oauth2ResourceServer();
        return http.build();
}

the oauth2ResourceServer just support jwt in webflux , i cant use it like in spring-security-oauth

i need to check token and get Authentication by SecurityContextHolder by some filter like OAuth2AuthenticationProcessingFilter

i need to write the filter by myself?

Expected Behavior

some filter like OAuth2AuthenticationProcessingFilter

Version

5.1.5
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 7, 2019
@jzheaux
Copy link
Contributor

jzheaux commented Aug 9, 2019

Spring Security 5.2 supports two ways of token verification. The first is JWT and the second is opaque tokens. In this case, it appears that you have an opaque token.

This can be customized by doing:

http
    .oauth2ResourceServer()
        .opaqueToken()
            .introspectionClient(new MyRedisIntrospectionClient())

Where your custom class would take the token string and return a Map of attributes.

Note that since 5.2 is not yet GA, the name of the introspection interface may change.

@jzheaux jzheaux closed this as completed Aug 9, 2019
@jzheaux jzheaux mentioned this issue Aug 9, 2019
Closed
@jzheaux jzheaux self-assigned this Sep 4, 2019
@jzheaux jzheaux added for: stackoverflow A question that's better suited to stackoverflow.com and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jzheaux @CK110 @spring-projects-issues