It is my first time developing an application with OAuth2 approach. I started based on certain tutorial and I am moving forward from this (http://websystique.com/spring-security/secure-spring-rest-api-using-oauth2/).
I will deploy the application to clustered WebSpheres so, as far as I understand in-memory will not work (... clients.inMemory().withClient ...).
I want to use Redis (my first use as well) and I am bit confused how to settup it in certain no-xml java config app.
I found certain similar question with xml but I am still with no north for a first try (Redis Token Store). Interesting, here, the question owner talked about about "Spring-Security OAuth i.e. 2.8.0 provides RedisTokenStore" but I found "2.0.12.RELEASE" as latest mvn release version.
That said, my straight question is: how can I adjust the code bellow to rely on Redis instead of in-memory?
Any comment on how to setup RedisTokenStore bellow will be appreciatted.
Additionally, if it is easy to add such additional comment, what is the difference between ".passwordEncoder" and ".secret"? The code bellow relies on ".secret" with hard-coded expression (fixed value) while I see few examples using jdbc with ".passwordEncoder filled in by springframework.security.crypto.bcrypt.BCryptPasswordEncoder" which seems to make more sense. Am I right when I guess either I use ".secret" or ".passwordEncoder"? Am I right when I think secret stands for fixed value and passwordEncoder for dinamic ones?
(example using ".passwordEncoder" and clients.jdbc https://github.com/spring-projects/spring-security-oauth/blob/master/tests/annotation/jdbc/src/main/java/demo/Application.java#L102)
@Configuration@EnableAuthorizationServerpublic class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { private static String REALM="MY_OAUTH_REALM"; @Autowired private TokenStore tokenStore; @Autowired private UserApprovalHandler userApprovalHandler; @Autowired @Qualifier("authenticationManagerBean") private AuthenticationManager authenticationManager; @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("abc-trusted-client") .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit") .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT") .scopes("read", "write", "trust") .secret("abc-secret") .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes. refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes. } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler) .authenticationManager(authenticationManager); } @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.realm(REALM+"/client"); }}