在Spring-Boot中验证访问令牌Oauth2

时间:2018-07-18 19:13:02

标签: spring-boot oauth-2.0

我正在使用Azure AD作为授权服务器在Spring-Boot中配置资源服务器,因此我具有以下配置:

@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_ID = "calcsqrt";
    private static final String SECURED_READ_SCOPE = "#oauth2.hasScope('read')";
    private static final String SECURED_WRITE_SCOPE = "#oauth2.hasScope('write')";
    private static final String SECURED_PATTERN = "/calcsqrt/**";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers()
                .antMatchers(SECURED_PATTERN).and().authorizeRequests()
                .antMatchers(HttpMethod.POST, SECURED_PATTERN).access(SECURED_WRITE_SCOPE)
                .anyRequest().access(SECURED_READ_SCOPE);
    }
}

但是我不知道Spring-Boot在哪一点上验证Azure生成的访问令牌。我正在考虑将https://jwt.io/用于Java,但我想确保Spring-Boot不会在后台为我做这件事。

0 个答案:

没有答案
相关问题
最新问题