Define different scopes and roles for different resource in Oauth Spring security

Question

How can I define different security policies in Spring Oauth( different scopes for different resources of a client)

I have looked at in the table schema of OAUTH_CLIENT_DETAILS.

We can define a list of RESOURCE_IDS and list of scopes and roles. But I need to more granular control of access for each every resources.

For example 1. client1 has scope [ user] on [resource1], but at the same time client1 has scope [admin, user] on [resource2]. the same idea in IAM AWS.

Any advice how we can configure or implement this in spring security?

score 0 · Answer 1 · answered May 28 '18 at 03:53

How about combining resource id in scope name. Then scopes are like RESOURCE1.user, RESOURCE2.admin,RESOURCE2.user,RESOURCE2.admin. For instance if your resources are say accounts api and loan api, then scopes will be like user-api.user, user-api.admin, loan-api.user, loan-api.admin etc..

Then from your resource server controller side you can use

@PreAuthorize("#oauth2.hasScope('user-api.user')")

Define different scopes and roles for different resource in Oauth Spring security

1 Answers1