spring oauth Role and Authority and scope

class Grant implements GrantedAuthority{

        @Override
        public String getAuthority() {
            return "ROLE_ADMIN";
        }
    }
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {

        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        authorities.add(new Grant());
        return authorities;
    }

匹配

.antMatchers("/hotel/**").access("hasRole('ADMIN')")

使用hasAnyAuthority

class Grant implements GrantedAuthority{

        @Override
        public String getAuthority() {
            return "ADMIN";
        }
    }
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {

        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        authorities.add(new Grant());
        return authorities;
    }

匹配

.antMatchers("/hotel/**").access("hasAnyAuthority('ADMIN')")

使用scope

{
    "access_token": "3e261513-943c-497e-95b8-703ba96101ed",
    "token_type": "bearer",
    "expires_in": 199,
    "scope": "write resource-server-read"
}

匹配

.antMatchers("/hotel/**").access("#oauth2.hasScope('resource-server-read')")

使用resource id

client中的 resource id信息

匹配

@Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        // @formatter:off
        resources
                .resourceId("resource");
        // @formatter:on
    }

总结 ROLE 和 authority 是用户 自己的属性
scope 是 client的属性

参考
https://stackoverflow.com/questions/19525380/difference-between-role-and-grantedauthority-in-spring-security