Resource Server Completion

Now that we've covered in the previous section the BFF. We can finish explaining the resource server code.

Configuration

This configures the project as a resource server. It also makes the /me endpoint accessible to all.

src/main/resources/application.yml
scheme: http
hostname: localhost
reverse-proxy-port: 7080
reverse-proxy-uri: ${scheme}://${hostname}:${reverse-proxy-port}
authorization-server-prefix: /auth
issuer: ${reverse-proxy-uri}${authorization-server-prefix}

username-claim-json-path: $.sub
authorities-json-path: $.authorities

resource-server-port: 4003
audience:

server:
  port: ${resource-server-port}

com:
  c4-soft:
    springaddons:
      oidc:
        ops:
          - iss: ${issuer}
            username-claim: ${username-claim-json-path}
            authorities:
              - path: ${authorities-json-path}
            aud: ${audience}
        resourceserver:
          permit-all:
            - /me
            - /actuator/health/readiness
            - /actuator/health/liveness

Thanks to spring-addons-starter-oidc, this is enough to declare a stateless resource server with:

Authorities mapping from a claim of our choice (authorities in this case, in the JWT token payload).

Making /me accessible to anonymous requests.

Configuration​

Configuration