Updated Token Introspecting Client Config (markdown)
Justin Richer
parent
985cb03fa3
commit
87578504ea
|
|
@ -1,4 +1,4 @@
|
||||||
The following code sets up a filter to take a token passed in to the web application, and fill in the details as an `OAuth2Authentication` object by introspecting it at a configured issuer's Introspection Endpoint. The URL for the Introspection Endpoint is provided by the configured `introspectionUrlProvider` service. The token service authenticates its calls using the `clientId` and `clientSecret` properties.
|
The following code sets up a filter to take a token passed in to the web application, and fill in the details as an `OAuth2Authentication` object by introspecting it at a configured issuer's Introspection Endpoint. The URL for the Introspection Endpoint is provided by the configured `introspectionConfigurationService` property.
|
||||||
|
|
||||||
If the token is valid, the service creates an `Authentication` object with the user in the `sub` object as its principle. This `Authentication` is given a set of `GrantedAuthorities` provided by the configured `introspectionAuthorityGranter` service.
|
If the token is valid, the service creates an `Authentication` object with the user in the `sub` object as its principle. This `Authentication` is given a set of `GrantedAuthorities` provided by the configured `introspectionAuthorityGranter` service.
|
||||||
|
|
||||||
|
|
@ -6,9 +6,7 @@ In applicationContext.xml:
|
||||||
```
|
```
|
||||||
<oauth:resource-server id="resourceServerFilter" token-services-ref="introspectingService" />
|
<oauth:resource-server id="resourceServerFilter" token-services-ref="introspectingService" />
|
||||||
<bean id="introspectingService" class="org.mitre.oauth2.introspectingfilter.IntrospectingTokenService">
|
<bean id="introspectingService" class="org.mitre.oauth2.introspectingfilter.IntrospectingTokenService">
|
||||||
<property name="clientId" value="yourClientId"/>
|
<property name="introspectionConfigurationService">
|
||||||
<property name="clientSecret" value="yourClientSecret"/>
|
|
||||||
<property name="introspectionUrlProvider">
|
|
||||||
...
|
...
|
||||||
</property>
|
</property>
|
||||||
<property name="introspectionAuthorityGranter">
|
<property name="introspectionAuthorityGranter">
|
||||||
|
|
@ -17,29 +15,38 @@ In applicationContext.xml:
|
||||||
</bean>
|
</bean>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Introspection URL Providers
|
## Introspection Configuration Service
|
||||||
|
|
||||||
The `IntrospectionURLProvider` interface looks at the context of the request and returns a URL to which the token service can make its introspection call.
|
The `Introspection Configuration Service` interface looks at the context of the request and returns a URL to which the token service can make its introspection call.
|
||||||
|
|
||||||
### Static Introspection URL Provider
|
### Static Introspection Configuration Service
|
||||||
|
|
||||||
The static provider simply returns the same configured URL for all requests, regardless of context.
|
The static provider simply returns the same configured URL and the same configured client for all requests, regardless of context.
|
||||||
|
|
||||||
```
|
```
|
||||||
<bean class="org.mitre.oauth2.introspectingfilter.StaticIntrospectionUrlProvider">
|
<bean class="org.mitre.oauth2.introspectingfilter.StaticIntrospectionUrlProvider">
|
||||||
<property name="introspectionUrl" value="http://authserver/introspect" />
|
<property name="introspectionUrl" value="http://authserver/introspect" />
|
||||||
|
<property name="clientConfiguration">
|
||||||
|
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
||||||
|
<property name="clientId" value="yourClientId"/>
|
||||||
|
<property name="clientSecret" value="yourClientSecret"/>
|
||||||
|
</bean>
|
||||||
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
```
|
```
|
||||||
|
|
||||||
### JWT-Parsing Introspection URL Provider
|
### JWT-Parsing Introspection URL Provider
|
||||||
|
|
||||||
The JWT-parsing provider assumes that the access token is a properly formed JWT and parses the token value into a JWT object. The provider then extracts the `iss` field and looks up the introspection URL using the configured `serverConfigurationService`. This service the same as that described in [Client Configuration](Client-configuration#server-configuration).
|
The JWT-parsing provider assumes that the access token is a properly formed JWT and parses the token value into a JWT object. The provider then extracts the `iss` field and looks up the introspection URL using the configured `serverConfigurationService` and `clientConfigurationService`. These services are the same as described in [Client Configuration/server service configuration](Client-configuration#server-configuration) and [Client Configuration/client service configuration](Client-configuration#client-configuration).
|
||||||
|
|
||||||
```
|
```
|
||||||
<bean class="org.mitre.oauth2.introspectingfilter.JWTParsingIntrospectionUrlProvider">
|
<bean class="org.mitre.oauth2.introspectingfilter.JWTParsingIntrospectionUrlProvider">
|
||||||
<property name="serverConfigurationService">
|
<property name="serverConfigurationService">
|
||||||
...
|
...
|
||||||
</property>
|
</property>
|
||||||
|
<property name="clientConfigurationService">
|
||||||
|
...
|
||||||
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue