Can I disable my resource server for one scenario and enable it for other scenario in same project












0















Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?










share|improve this question























  • How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology

    – thopaw
    Nov 21 '18 at 6:51











  • we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login

    – Utpala Debnath
    Nov 21 '18 at 13:18
















0















Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?










share|improve this question























  • How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology

    – thopaw
    Nov 21 '18 at 6:51











  • we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login

    – Utpala Debnath
    Nov 21 '18 at 13:18














0












0








0








Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?










share|improve this question














Actually I have a project where we are using our own custom login and there we are checking if the Token generated during login is there in redis and validate and then we allow them to access any url- thats a controller to service based token check and access of any url, we check token in every service class but we also have used oauth2 in our same project for interacting with amazon alexa, now whenever I do normal login a token is generated, but if we go for accessing any of the url that we marked protected in oauth2 , are not accessed as they they need access token for that to be accessed, I want both the way to work, if I have generated access token, oauth2 flow should work and use access token for accessing protected resource and If i have generated normal token using our custom login then we need to check that token in service class and allow to access the url, i present scenario its not allowing and error as "need full authentication to access the resource"---- could any one please suggest me any alternatives or help me in any way?







spring-boot oauth-2.0






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 6:46









Utpala DebnathUtpala Debnath

157




157













  • How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology

    – thopaw
    Nov 21 '18 at 6:51











  • we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login

    – Utpala Debnath
    Nov 21 '18 at 13:18



















  • How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology

    – thopaw
    Nov 21 '18 at 6:51











  • we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login

    – Utpala Debnath
    Nov 21 '18 at 13:18

















How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology

– thopaw
Nov 21 '18 at 6:51





How do you protect your URLs? Normally Spring works with roles and when you "read" the roles from your token and the access token you can do this what you want. I would suggest to make the authorization role based and not by technology

– thopaw
Nov 21 '18 at 6:51













we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login

– Utpala Debnath
Nov 21 '18 at 13:18





we din't use any role in our custom login, we stored the token generated in custom login using RedisTemplate against the userId of User model,we map token against userId in redis and if there is mapping we give user access to the api and we check for the validity of the token inside the service instead of the controller, that's how we are using our api, but recently we also implemented oauth2 which is working fine, but the problem is we can't access the resources as we have protected it and it can only will be accessed using the access token and not the token we have generated in custom login

– Utpala Debnath
Nov 21 '18 at 13:18












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53406595%2fcan-i-disable-my-resource-server-for-one-scenario-and-enable-it-for-other-scenar%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53406595%2fcan-i-disable-my-resource-server-for-one-scenario-and-enable-it-for-other-scenar%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

Xamarin.form Move up view when keyboard appear

Post-Redirect-Get with Spring WebFlux and Thymeleaf

Anylogic : not able to use stopDelay()