0

I have been following tutorials on how to set up security with Springboot. Can someone explain to me what this line does:

.oauth2ResourceServer((oauth2) -> oauth2
                .jwt(Customizer.withDefaults())
            )

Does it just make sure the Bearer token is in JWT format? Or does it actually contact Google (I use it for log in) to verify the JWT token

It is located in: @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

    http
        .authorizeHttpRequests(request -> request
                .requestMatchers("/api/secure/**")
                .authenticated()
                .anyRequest().permitAll())
        .oauth2ResourceServer((oauth2) -> oauth2
            .jwt(Customizer.withDefaults())
        )
        .sessionManagement((session) ->
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        )
        .cors(Customizer.withDefaults()
        );

    http.csrf(csrf->csrf.disable());
    return http.build();
}
Improve this question

1 Answer 1

Reset to default
0

All that you need to know you can find in documentation about configuration and working way of OAuth 2.0 Resource Server Part

As a short explanation:

There you tell to spring-security that your resource server part support just jwt tokens type using the oauth2ResourceServer() DSL. Also Customizer.withDefaults() mean that all configuration that can have jwt like decoder and so one will be as default one.

More details and deep understanding about how it work and why it work in this way you will find in above references.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.