Search:

I had the same problem here with F5 and SSL termination. The problem is that the host with "https://" is calculated in the signature by the consumer and the provider checks the signature using...

In the end I could make it work.

It was missing the AOP interceptors:

Here's how it's looking like:



<http auto-config='true' access-denied-page="/login.jsp"...

No it doesn't.

In fact there is already a Voter and a set of annotations that theorically do exaclty what I want. I just cannot find a way to trigger the annotation processing.

Just seems not...

Sorry for bumping this thread...but it looks like with a couple of lines of help it would solve everything here for me.

The Spring OAuth team cannot give a hand?

I could offer to document this...

Hi

Today I discovered the ConsumerSecurityVoter and the @ConsumerKeysAllowed annotation. They seem to do exactly what I need.

I did setup the Voter, but the annotations are never processed.
...

Hi,

I know we can restrict the access to the users using the url matching, but I need to do this to Consumers too.

I need to also restrict which urls a specific consumer has access to.
...

That's sure possible. I just thought there could be a way to do that in a more...spring way :-)

Hi

By the requirements of the project I am work on, for some consumers the authorization step should be by-passed: the user should just authenticate.

There is an easy way to provide that?
...