2

Looking at the (practically non-existent) documentation for AuthorizationServerSecurityConfigurer I do not see any description for the realm method. What is it's purpose?

https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.html

I have seen it used in an example online in the following way, but without any description so I'm still not sure

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer
        .realm(RESOURCE_ID + "/client")
        .accessDeniedHandler(accessDeniedHandler)
        .authenticationEntryPoint(entryPoint);
}
secondbreakfast
  • 4,194
  • 5
  • 47
  • 101
  • It is the realm for basic authentication. – dur Feb 22 '18 at 16:37
  • Possible duplicate of [What is the "realm" in basic authentication](https://stackoverflow.com/questions/12701085/what-is-the-realm-in-basic-authentication) – mahfuj asif Jun 22 '19 at 17:51

1 Answers1

2

The source code of the realm method of AuthorizationServerSecurityConfigurer is:

public AuthorizationServerSecurityConfigurer realm(String realm) {
    this.realm = realm;
    return this;
}

The only goal of this method is to define the realm in the sense of the HTTP/1.1:

The "realm" authentication parameter is reserved for use by authentication schemes that wish to indicate a scope of protection. [...] These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database.

See also What is the "realm" in basic authentication

Community
  • 1
  • 1
Ortomala Lokni
  • 56,620
  • 24
  • 188
  • 240