Token Introspecting Client Config

The following code sets up a filter to take a token passed in to the web application, and fill in the details as an OAuth2Authentication object by introspecting it with the configured issuer's Introspection Endpoint (configured as the introspectionUrl property). The service authenticates its calls using the clientId and clientSecret properties.

In applicationContext.xml:

    <oauth:resource-server id="resourceServerFilter" token-services-ref="introspectingService" />
    <bean id="introspectingService" class="org.mitre.oauth2.introspectingfilter.IntrospectingTokenService">
        <property name="clientId" value="yourClientId"/>
        <property name="clientSecret" value="yourClientSecret"/>
        <property name="introspectionUrl" value="http://localhost:8080/openid-connect-server/introspect"/>
    </bean>

If the token is valid, the service creates an Authorization with the user in the sub field of the response and the role ROLE_API.

Software is available under the Apache 2.0 license. Documentation available under the Creative Commons 3.0 By-NC license.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Token Introspecting Client Config

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Links

Development

Clients

Protected Resources

Servers

Clone this wiki locally