Securing Server side.


Now that the client side is protected, Its time to protect the server side.

In this case the server side need not generate a token, but all it has to do is validate the token that has been sent by the client side.

To Validate the token, we need to contact the UAA instance

How To ?

  • Checkout this commit to get an idea on what was done.
  • Changes in application.yml. Use the todolist-server client id created here
              client-id: todolist-server
              client-secret: todo_server_secret
              id: service
              userInfoUri: https://<UAA_INSTANCE_ID>
              token-info-uri: https://<UAA_INSTANCE_ID>
  • Since Spring Data Rest project could not protect the PUT Operation (Which meant another user could possibly update another user's resource. I ended up writing the whole Controller -> Service -> Repository Layer. Please check this commit for details

Check this Pull Request For this Feature.