Documented dependencies opaque Resource Server
Extended the documentation for the opaque Resource Server in order to clearly state which dependencies are required in order for the minimal deployment to work. Replaced dead link for Contribute guidelines in README.adoc Closes gh-8391
This commit is contained in:
parent
5cd1ec7bb3
commit
b9b89035f6
|
@ -58,7 +58,7 @@ Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring
|
||||||
https://spring.io/services[Commercial support] is available too.
|
https://spring.io/services[Commercial support] is available too.
|
||||||
|
|
||||||
== Contributing
|
== Contributing
|
||||||
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.
|
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.adoc[contributor guidelines] for details.
|
||||||
|
|
||||||
== License
|
== License
|
||||||
Spring Security is Open Source software released under the
|
Spring Security is Open Source software released under the
|
||||||
|
|
|
@ -14,7 +14,8 @@ This authorization server can be consulted by resource servers to authorize requ
|
||||||
A complete working example for {gh-samples-url}/boot/oauth2resourceserver-webflux[*JWTs*] is available in the {gh-samples-url}[Spring Security repository].
|
A complete working example for {gh-samples-url}/boot/oauth2resourceserver-webflux[*JWTs*] is available in the {gh-samples-url}[Spring Security repository].
|
||||||
====
|
====
|
||||||
|
|
||||||
== Dependencies
|
[[webflux-oauth2resourceserver-jwt-minimaldependencies]]
|
||||||
|
== Minimal Dependencies for JWT
|
||||||
|
|
||||||
Most Resource Server support is collected into `spring-security-oauth2-resource-server`.
|
Most Resource Server support is collected into `spring-security-oauth2-resource-server`.
|
||||||
However, the support for decoding and verifying JWTs is in `spring-security-oauth2-jose`, meaning that both are necessary in order to have a working resource server that supports JWT-encoded Bearer Tokens.
|
However, the support for decoding and verifying JWTs is in `spring-security-oauth2-jose`, meaning that both are necessary in order to have a working resource server that supports JWT-encoded Bearer Tokens.
|
||||||
|
@ -549,6 +550,12 @@ ReactiveJwtDecoder jwtDecoder() {
|
||||||
return jwtDecoder;
|
return jwtDecoder;
|
||||||
}
|
}
|
||||||
----
|
----
|
||||||
|
[[webflux-oauth2resourceserver-opaque-minimaldependencies]]
|
||||||
|
=== Minimal Dependencies for Introspection
|
||||||
|
As described in <<oauth2resourceserver-jwt-minimaldependencies,Minimal Dependencies for JWT>> most of Resource Server support is collected in `spring-security-oauth2-resource-server`.
|
||||||
|
However unless a custom <<webflux-oauth2resourceserver-opaque-introspector-bean,`ReactiveOpaqueTokenIntrospector`>> is provided, the Resource Server will fallback to ReactiveOpaqueTokenIntrospector.
|
||||||
|
Meaning that both `spring-security-oauth2-resource-server` and `oauth2-oidc-sdk` are necessary in order to have a working minimal Resource Server that supports opaque Bearer Tokens.
|
||||||
|
Please refer to `spring-security-oauth2-resource-server` in order to determin the correct version for `oauth2-oidc-sdk`.
|
||||||
|
|
||||||
[[webflux-oauth2resourceserver-opaque-minimalconfiguration]]
|
[[webflux-oauth2resourceserver-opaque-minimalconfiguration]]
|
||||||
=== Minimal Configuration for Introspection
|
=== Minimal Configuration for Introspection
|
||||||
|
|
|
@ -58,7 +58,8 @@ image:{icondir}/number_4.png[] If authentication is successful, then __Success__
|
||||||
* The <<servlet-authentication-authentication>> is set on the <<servlet-authentication-securitycontextholder>>.
|
* The <<servlet-authentication-authentication>> is set on the <<servlet-authentication-securitycontextholder>>.
|
||||||
* The `BearerTokenAuthenticationFilter` invokes `FilterChain.doFilter(request,response)` to continue with the rest of the application logic.
|
* The `BearerTokenAuthenticationFilter` invokes `FilterChain.doFilter(request,response)` to continue with the rest of the application logic.
|
||||||
|
|
||||||
=== Dependencies for JWT
|
[[oauth2resourceserver-jwt-minimaldependencies]]
|
||||||
|
=== Minimal Dependencies for JWT
|
||||||
|
|
||||||
Most Resource Server support is collected into `spring-security-oauth2-resource-server`.
|
Most Resource Server support is collected into `spring-security-oauth2-resource-server`.
|
||||||
However, the support for decoding and verifying JWTs is in `spring-security-oauth2-jose`, meaning that both are necessary in order to have a working resource server that supports JWT-encoded Bearer Tokens.
|
However, the support for decoding and verifying JWTs is in `spring-security-oauth2-jose`, meaning that both are necessary in order to have a working resource server that supports JWT-encoded Bearer Tokens.
|
||||||
|
@ -1052,6 +1053,13 @@ NOTE: Spring isn't a cache provider, so you'll need to make sure to include the
|
||||||
NOTE: Whether it's socket or cache timeouts, you may instead want to work with Nimbus directly.
|
NOTE: Whether it's socket or cache timeouts, you may instead want to work with Nimbus directly.
|
||||||
To do so, remember that `NimbusJwtDecoder` ships with a constructor that takes Nimbus's `JWTProcessor`.
|
To do so, remember that `NimbusJwtDecoder` ships with a constructor that takes Nimbus's `JWTProcessor`.
|
||||||
|
|
||||||
|
[[oauth2resourceserver-opaque-minimaldependencies]]
|
||||||
|
=== Minimal Dependencies for Introspection
|
||||||
|
As described in <<oauth2resourceserver-jwt-minimaldependencies,Minimal Dependencies for JWT>> most of Resource Server support is collected in `spring-security-oauth2-resource-server`.
|
||||||
|
However unless a custom <<oauth2resourceserver-opaque-introspector,`OpaqueTokenIntrospector`>> is provided, the Resource Server will fallback to NimbusOpaqueTokenIntrospector.
|
||||||
|
Meaning that both `spring-security-oauth2-resource-server` and `oauth2-oidc-sdk` are necessary in order to have a working minimal Resource Server that supports opaque Bearer Tokens.
|
||||||
|
Please refer to `spring-security-oauth2-resource-server` in order to determin the correct version for `oauth2-oidc-sdk`.
|
||||||
|
|
||||||
[[oauth2resourceserver-opaque-minimalconfiguration]]
|
[[oauth2resourceserver-opaque-minimalconfiguration]]
|
||||||
=== Minimal Configuration for Introspection
|
=== Minimal Configuration for Introspection
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue