我具有以下配置,以使用资源服务器api验证来自请求的access_token。我需要验证在自定义标头中设置的另一个access_token(Authorization_custom = Bearer blabla ....)。我该如何使用以下配置逐个验证两个令牌?
第一个优先事项是使用同一resourceServer验证默认标头“ Authorization:Bearer ....”,然后第二个验证自定义标头“ Authorization_custom:Bearer ....”。有可能吗?
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
public Environment env;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("sample");
RemoteTokenServices tokenServices = new RemoteTokenServices();
tokenServices.setCheckTokenEndpointUrl(sampleResource().getTokenInfoUri());
tokenServices.setClientId(sampleClient().getClientId());
tokenServices.setClientSecret(sampleClient().getClientSecret());
resources.tokenServices(tokenServices);
resources.authenticationEntryPoint(authenticationEntryPoint());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(env.getProperty("some.web.base-path") + "/some",
.permitAll().antMatchers("/**")
.authenticated();
}
/** Access the configuration for the token service. */
@Bean
@ConfigurationProperties("some.oauth2.client")
public AuthorizationCodeResourceDetails sampleClient() {
return new AuthorizationCodeResourceDetails();
}
/** Access the configuration for the token validation. */
@Bean
@ConfigurationProperties("some.oauth2.resource")
public ResourceServerProperties sampleResource() {
return new ResourceServerProperties();
}
}
app.yml:
some:
oauth2
client:
clientId: some_resource
clientSecret: some_pass
accessTokenUri: some_uri
userAuthorizationUri: some_uri
tokenName: Bearer
authenticationScheme: header
clientAuthenticationScheme: header
scope:
- email
resource:
userInfoUri: some_uri
tokenInfoUri: some_uri