Reputation: 63
spring-security-oauth2-provider provider on Grails
I need to expose a specific URL of my Grails web-application. However, I want it to be protected by a OAuth2 client-credentials flow(grant_type). To be precise, a external agent will send a request to something like
http://server-url/oauth/token?client_id=clientId&client_secret=clientSecret&grant_type=client_credentials
and obtain a access_token. Then, my URL(protected resource) should be accesible with something like
http://server-url/resource?access_token={access-token obtained before}
My approach till now involved using this grails plugin ( spring-security-oauth2-provider: http://grails.org/plugin/spring-security-oauth2-provider ).
Following the documentation given at https://github.com/adaptivecomputing/grails-spring-security-oauth2-provider, I have been able to setup the granting access_token part (A registered client is able to get the access token by providing its id and secret. But, I am not able to understand from the tutorial as to how to protect a given resource ( restrict access to clients with the access token only ).
The documentation link above only mentions upto the stage of setting up of access token distribution and then moves to user approval ( which I don't require ).
Any pointers regarding as to how to proceed will be nice. Alternatively, suggestions regarding any other options for fulfilling the requirements are also welcome.
Upvotes: 1
Views: 2464
Answers (2)
Reputation: 1
You can protect your resource by using the spring-security-core. Example: you can list the url path in Requestmap.
new Requestmap(url: '/api/v1/states/**', configAttribute: 'ROLE_USER,ROLE_USER').save()
new Requestmap(url: '/api/v1/subscriptions/**', configAttribute: 'ROLE_USER,ROLE_USER').save()
new Requestmap(url: '/api/v1/surveys/**', configAttribute: 'ROLE_USER,ROLE_USER').save()
I have tested with grails plugin "spring-security-oauth2-provider:1.0.0.M5.1".
Upvotes: 0
Reputation: 5540
The grails plugin is a wrap of spring security plugin spring-security-oauth, take a look to spring-security-oauth documentation. I assume you already have familiarity with ouath2 specifications, if not read enter link description here and even google oauth2 API is a google documentation sample. The plugin you are using is not updated to the last release of spring-security-oauth, if you want take a look I have forked and updated it on github
Upvotes: 1
Related Questions
- How to tie OAuth authentication with Spring Security
- Grails 3 Example for oauth consumer
- Grails spring security oauth2 provider request for resource with correct bearer token redirects to login
- Grails oAuth2 Provider plugin does not authenticate for grant_type 'password'
- implementing an OAuth2 provider with Grails
- OAuth 2.0 for Grails without Spring security
- Grails Oauth2 Provider NullPointerException
- Spring Oauth2 Provider in Grails - dependency
- Grails and Oauth2 Spring security
- Grails Custom Authentication Provider