Setup OAuth2
Set up OAuth 2 Resource Server protection using Spring Security for your API. Reuse the
client_id
andclient_secret
for both the client and resource servers, and thetest_*
scopes from Seminar 09. Use different scopes for different methods where it makes sense. (The client is registered for http://localhost:8080 only, the authorization server will not redirect back to other locations. Use the client just to get an access token, no need to implement the UI).
Protect routes:
-
library
-
Author
-
find
,findAll
- public (no auth) -
create
,update
,delete
- librarian
-
-
Book
-
find
,findAll
,getInstance
- public (no auth) -
create
,delete
,update
,addInstance
,removeInstance
- librarian
-
-
Borrowing
-
find
,findAll
- user -
create
,update
,delete
- librarian
-
-
Fine
-
create
,findAll
,update
,delete
- librarian -
find
- user
-
-
Payment
-
create
,paymentGateCallback
,find
- user -
findAll
- librarian
-
-
Reservation
-
find
,create
,update
,delete
,findAll
- user
-
-
Settings
-
getCurrent
- user -
update
- librarian
-
-
User
-
create
- public -
findAll
- librarian -
find
,update
,delete
- user
-
-
Author
- kiosk - all public (uses ids from card as auth)
- report - all librarian
- payment-gate - all public (no auth)
Use at least 2 different scopes.
-
test_user
,test_librarian
Edited by Juraj Marcin