M4-to-1.0-Release: Caching of access token in OAuth2RestTemplate?

[roshandawrani]

Hi,

I am migrating from spring-security-oauth from M4 to 1.0.0-RELEASE and having difficulty understanding token-acquring logic that has moved into OAuth2RestTemplate.

In M4, for the http request being processed, the access token used to be cached in OAuth2ClientContextHolder.

But now, I see that there is just one copy of "OAuth2ClientContext" that OAuth2RestTemplate uses. So, how does it prevent the mixing-up of access tokens if multiple http requests (belonging to different users) are being processed simultaneously, say?

Is there any sample / reference app that shows how OAuth2RestTemplate should be configured / used now?

Regards,
Roshan

[Dave Syer]

how does it prevent the mixing-up of access tokens if multiple http requests (belonging to different users) are being processed simultaneously, say?

If you use <oauth:rest-template/> the result is session scoped and it has a request scoped context (replacing the old context holder). If you want to create your own bean definition you will have to manage the state yourself, or use session and request scope explcitly.

Is there any sample / reference app that shows how OAuth2RestTemplate should be configured / used now?

The tonr2 sample should show as much as there is to show.

[roshandawrani]

Got it. Thanks.

No, I don't use <oauth:rest-template/>. I configure the bean def myself. I will change its scope to "request" explicitly.