Reputation: 4384
What is the purpose of the realm method in AuthorizationServerSecurityConfigurer?
Looking at the (practically non-existent) documentation for AuthorizationServerSecurityConfigurer I do not see any description for the realm method. What is it's purpose?
I have seen it used in an example online in the following way, but without any description so I'm still not sure
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.realm(RESOURCE_ID + "/client")
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(entryPoint);
}
Upvotes: 2
Views: 1201
Answers (1)
Reputation: 62663
The source code of the realm method of AuthorizationServerSecurityConfigurer is:
public AuthorizationServerSecurityConfigurer realm(String realm) {
this.realm = realm;
return this;
}
The only goal of this method is to define the realm in the sense of the HTTP/1.1:
The "realm" authentication parameter is reserved for use by authentication schemes that wish to indicate a scope of protection. [...] These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database.
See also What is the "realm" in basic authentication
Upvotes: 2
Related Questions
- What is the exact uses of REALM term in security?
- How to override the OAuth2AuthorizationServerSecurity's config?
- What does OAuth 1.0 realm stand for?
- Can't find the role of allowFormAuthenticationForClients parameter in AuthorizationServerSecurityConfigurer - Spring OAuth
- How to use AuthorizationServerSecurityConfigurer?
- What's the meaning of Realm in spring security
- Spring OAuth2 explain Authorization server configuration
- What is the realm token good for?
- Understanding the purpose of "realm" in Basic WWW Authentication
- Java realm and secured request