I want to expose my Spring service via two authentication mechanisms. One way is to have people authenticate via OAuth2, which is currently implemented by using Spring Security.
I also want people (beginners) to be able to create a simple key on the website, as themselves, and then access the endpoints using this key.
So a call could look like
http://ift.tt/1E0Ah0C
or
http://ift.tt/1E0AhxH
I'm wondering how to handle this in my Spring configuration. Do i need to make my own AuthenticationProvider, TokenExtractor, or something else? I don't quite know where to start looking for this.
Put another way - where in the spring framework does it get the access token from the request and then, if it's not valid, return errors. I'd like to extend this functionality to also check for a custom key.
Aucun commentaire:
Enregistrer un commentaire