From bf11ade4b6c2d7dd76f9255eb33fcb40cdae5c84 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 8 Jul 2013 11:52:20 -0700 Subject: [PATCH] Updated Token Introspecting Client Config (markdown) --- Token-Introspecting-Client-Config.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Token-Introspecting-Client-Config.md b/Token-Introspecting-Client-Config.md index 7b1362d..5f635f0 100644 --- a/Token-Introspecting-Client-Config.md +++ b/Token-Introspecting-Client-Config.md @@ -1,12 +1,13 @@ -The following code sets up a filter to take a token passed in to the web application, and fill in the details as an OAuth2Authentication object by introspecting it with the IDP. +The following code sets up a filter to take a token passed in to the web application, and fill in the details as an `OAuth2Authentication` object by introspecting it with the configured issuer's Introspection Endpoint (configured as the `introspectionUrl` property). The service authenticates its calls using the `clientId` and `clientSecret` properties. In applicationContext.xml: ``` - - + + - + +``` - ``` \ No newline at end of file +If the token is valid, the service creates an Authorization with the user in the `sub` field of the response and the role `ROLE_API`. \ No newline at end of file