0

I have created an oauth module for my project. It has the mechanism for authorization server, spring security and the resource server.

I need some of the end-points to be accessible only on authorization, so I configured the security in the resource-server:

@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(new OrRequestMatcher(new AntPathRequestMatcher("/secured/**")))
                .authorizeRequests().anyRequest().authenticated();
}

So far access-token/refresh-token calls are working fine.

Now, I want to create a separate module for all the webservices API - where I would put all the controllers and the logic for processing the requests.

Is it advisable to do it in a different module than oauth? If yes, how can I secure the calls and verify the tokens? How can I use the resource server in another module.

Akeshwar Jha
  • 4,516
  • 8
  • 52
  • 91
  • I think you should create a separate module due to re-usability. – Fady Saad May 08 '17 at 04:28
  • How can I make sure that webservices request are authorized? I have the resource server configured in the oauth module. Is it possible to move the resource server to another module? – Akeshwar Jha May 08 '17 at 04:39
  • 1
    If the oauth module is where your spring boot app is you could add `@ComponentScan("webservices API")` to let it know where your api controllers are. Take a look at this question which may have your answer: http://stackoverflow.com/questions/29257409/maven-configuration-with-spring-boot-multi-modules-run-application-in-intell – Kai May 08 '17 at 04:57
  • @Kai, Thanks! Please post it as an answer, so that people visiting this question later could also get some help. – Akeshwar Jha May 08 '17 at 05:52

1 Answers1

1

If the oauth module is where your spring boot app is you could add @ComponentScan("webservices API") to let it know where your api controllers are. Take a look at this question which may have your answer:

Community
  • 1
  • 1
Kai
  • 1,709
  • 1
  • 23
  • 36