Setting up the resource server

We would need to set up the Todo API application to act as a resource server.

We use the @EnableResourceServer annotation in order to enable the application to be a resource server:

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

We extend ResourceServerConfigurerAdapter in order to configure authorizations on the resource server resources:

@Override
public void configure(HttpSecurity http) throws Exception {
    http.anonymous().disable()
        .authorizeRequests()
        .antMatchers("/users/**").access("hasRole('USER')")
        .and().exceptionHandling()
        .accessDeniedHandler(new OAuth2AccessDeniedHandler());
}

In the previous code, we are configuring that all requests to URIs that match the /users/** pattern should have a role of USER. We are also configuring the error handler, in case access is denied by the OAuth Server.

Next, we need to configure a resource ID, and declare it as stateless, as the REST API does not have any state:

private static final String RESOURCE_ID = "resource_id";

@Override
public void configure(ResourceServerSecurityConfigurer resources) {
    resources.resourceId(RESOURCE_ID).stateless(false);
}
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset