在Spring OAuth2中,可以将授权服务器和资源服务器分离为单独的应用程序。 如下所述: https:// github / spring-projects / spring-security-oauth / wiki / oAuth2
In Spring OAuth2 it it possible to separate Authorization server and Resource server into separate applications. Like stated in : github/spring-projects/spring-security-oauth/wiki/oAuth2
看似两个Web应用程序都需要这些:
Seemingly both web applications require these:
- AuthorizationServerTokenServices实例
- ClientDetailsService实例
问题:请问授权服务器的AuthorizationServerTokenServices是否必须使用与资源服务器的AuthorizationServerTokenServices相同的数据源?
QUESTION: Is it so that AuthorizationServerTokenServices from Authorization server must use the same data source as the AuthorizationServerTokenServices from Resource server?
同样的问题适用于ClientDetailsService。
The same question goes for ClientDetailsService.
例如当拥有多个资源服务器和授权服务器时,所有这些服务器必须使用相同的数据库进行令牌管理,然后使用相同的数据库进行客户端管理?
E.g. when having multiple resource servers, and an authorization server, all of them must use the same database for token management, and then same database for the client management?
推荐答案答案是肯定的。如果一个人正在编写自己的资源服务器和自己的auth服务器,他们必须共享数据库。
The answer is yes. If one is writing own resource server and own auth server, they have to share the database.
这个问题是的重复oAuth2春季令牌验证/验证
还有另一个类似主题确认答案的主题: 从Spring RESTful资源服务器验证OAuth 2.0访问令牌
There is another thread with similar topic confirming the answer: validate OAuth 2.0 access token from a Spring RESTful resource server
更多推荐
Spring OAuth2资源和授权服务器
发布评论