CODEWITHSUNDEEP
springspring-securityspring-security-oauth2
Kristofer S
Kristofer S

Reputation: 43

How to enable /oauth/check_token with Spring Security Oauth2 using XML

I have successfully enabled the '/oauth/check_token' endpoint using spring-security 3.2.* and javaconfig but currently I'm restricted to spring-security 3.1.4 and then i'm stucked to XML config. '/oauth/token' endpoint is working as i wish but I can't get the check_token endpoint to be enabled and I can't find any (non javaconfig) documentation explaining what to do.

Vanila Authorization server config:

<oauth:authorization-server 
        client-details-service-ref="client-service" 
        token-services-ref="tokenServices" >
    <oauth:refresh-token disabled="false" />
    <oauth:client-credentials disabled="false" />
    <oauth:password authentication-manager-ref="userAuthenticationManager"  />       
</oauth:authorization-server>

http security config:

<sec:http 
        auto-config="true"
        pattern="/oauth/token" 
        create-session="stateless"
        authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false"/>
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
</sec:http>

I've tried to add following http config without success.

<sec:http 
        auto-config="true"
        pattern="/oauth/check_token" 
        create-session="stateless"
        authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/check_token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false"/>
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
</sec:http>

please, any suggestions. A working example would be great.

best ./Kristofer

Upvotes: 4

Views: 4672

Answers (2)

thiagoms83
thiagoms83

Reputation: 81

Use the last version of spring oauth2:

<dependency>
  <groupId>org.springframework.security.oauth</groupId>
  <artifactId>spring-security-oauth2</artifactId>
  <version>2.0.10.RELEASE</version>
</dependency>

Ensure what the correct version of xsd is in use in spring security oauth file configuration:

http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd

Insert the option check-token-enabled="true" in the element authorization-server:

<oauth:authorization-server ... check-token-enabled="true">
... 
</oauth:authorization-server>

Upvotes: 4

Dave Syer
Dave Syer

Reputation: 58124

You need to create a bean of type CheckTokenEndpoint (org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint).

Upvotes: 6

Related Questions