CODEWITHSUNDEEP
spring-bootspring-security-oauth2
Raster R
Raster R

Reputation: 273

Avoid JDBCTokenStore in spring Oauth2

I was creating a spring oath2 application. It works. I have a doubt.

Based on this URL http://projects.spring.io/spring-security-oauth/docs/oauth2.html there are only 2 real options: JdbcTokenStore, JwtTokenStore.

Is it possible to use JDBCTokenStore but not refer to it in the resourceServers? I mean can we not have it referred directly only in the AuthorizationServer and the resource servers could use an endpoint from AuthorizationServer instead of configuring another direct JDBCTokenStore reference.

Motive: Want to avoid sharing a database between AuthorizationServer and multiple ResourceServers. Is there any other way to achieve this motive.

R

Upvotes: 3

Views: 1935

Answers (1)

Vijay Nandwana
Vijay Nandwana

Reputation: 2634

In your Resource Servers you can use RemoteTokenServices. This class queries the /check_token endpoint present in Authorization Server to verify tokens.

You can have a database only for authentication server and another databases for your resource servers.

<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.RemoteTokenServices">
    <property name="checkTokenEndpointUrl" value="${auth.service.url:https://localhost:8443/auth-service}/oauth/check_token"/>
    <property name="clientId" value="${auth.client.name:TEST_API}"/>
    <property name="clientSecret" value="${auth.client.secret:password}"/>
    <property name="accessTokenConverter" ref="accessTokenConverter"/>
    <property name="restTemplate" ref="oauth2RestTemplate"/>
</bean>

Upvotes: 3

Related Questions