'Is there a way to enable both authorize server and resource server in a same spring boot application, and support form login
Here's the env.
(account server)I build an account server which is for sign up&&in.
Then I use @EnableAuthorizeServer and configure JDBC Token Store and other JDBC support. Config formLogin with process url "/pub/login" to override default "/login".
(client server)That is a client using @EnableOauth2Sso and configure security.oauth2.client/resource properties, it's now can redirect to account server to login then turn back.
The situation is.
I want to @EnableResourceServer to (account server) then I can use a token that get from client, to access api uri from (account server), for example /api/userInfo .
Q1: HttpSecurity config in aClass extends WebSecurityConfiguerAdapter using BASIC_AUTH_ORDER, I can't login via /pub/login return 404 not found, while api access OK.
HttpSecurity config in normal Order, I can't use token to access /api/userInfo return 401 unauthorized and /pub/login OK.
Q2: Is it the Authorize Server conflict to the Resource Server? Is it that separate them would be the only way? Do I have to develop a client only for UI and a Resource to handle data access every time? Further more, implement Oauth2 flow by myself. LOL
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|