Can I disable my resource server for one scenario and enable it for other scenario in same project
Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?
spring-boot oauth-2.0
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
add a comment |
Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?
spring-boot oauth-2.0
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology
– thopaw
Nov 21 '18 at 6:51
we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login
– Utpala Debnath
Nov 21 '18 at 13:18
add a comment |
Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?
spring-boot oauth-2.0
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?
spring-boot oauth-2.0
spring-boot oauth-2.0
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
asked Nov 21 '18 at 6:46
Utpala DebnathUtpala Debnath
157
157
How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology
– thopaw
Nov 21 '18 at 6:51
we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login
– Utpala Debnath
Nov 21 '18 at 13:18
add a comment |
How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology
– thopaw
Nov 21 '18 at 6:51
we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login
– Utpala Debnath
Nov 21 '18 at 13:18
How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology
– thopaw
Nov 21 '18 at 6:51
How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology
– thopaw
Nov 21 '18 at 6:51
we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login
– Utpala Debnath
Nov 21 '18 at 13:18
we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login
– Utpala Debnath
Nov 21 '18 at 13:18
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53406595%2fcan-i-disable-my-resource-server-for-one-scenario-and-enable-it-for-other-scenar%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53406595%2fcan-i-disable-my-resource-server-for-one-scenario-and-enable-it-for-other-scenar%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology
– thopaw
Nov 21 '18 at 6:51
we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login
– Utpala Debnath
Nov 21 '18 at 13:18