Open sridhar1982 opened 9 years ago
I have not done it, but documentation for Spring Oauth says that "access to protected resources is handled by standard Spring Security request filters" so my guess would be something like this might work http://docs.spring.io/spring-security/site/docs/4.0.3.CI-SNAPSHOT/reference/htmlsingle/#jc-method I am actually curious if it works for authorization specific to oauth and its filter chain. You can also make oauth scopes match with user roles, you should really look it up in docs. http://projects.spring.io/spring-security-oauth/docs/oauth2.html
But this question has nothing to do with the example in this repo.
Thanks, yes this question has nothing to do with the example in this repo. But since you are very knowledgable in spring-oauth2, I asked you! Thanks anyway
how to restrict access to methods based on scopes? For example, in the below curl, we get access token that has only scope of "read". That is, user has authorized the client application with read only acess to resources
Now, imagine this resource server has two endpoints
/users/update
- this endpoint is a POST request. This should be exposed only if "write" scope is approved by the user.users/getInfo
- this endpoint is a GET request. This should be exposed because the user has granted client access with read scopeMy question is how we control these access at method levels
Is it possible to annotate methods with scopes: eg