Protecting Resource Server with scope validation
At the Authorization Server, we have been declaring the available scopes that the user can approve when authorizing some third-party applications to use resources on her behalf. But actually, until now we aren't protecting resources based on approved scopes. It makes sense to start validating scopes for different features on the Resource Server. This recipe presents you with how you can take advantage of Spring Security OAuth2 and Spring Security to start validating scopes and to add a fine grained protection to the user's resources.
Getting ready
To run this recipe, you will need Java 8, Maven, Spring Web, and Spring Security. To ease the project creation step, use Spring Initializr at http://start.spring.io/ and define the dependencies as Web and Security (that will declare properly all the spring boot starters needed for this recipe). Do not forget to set up the Artifact and Group names.
How to do it...
This recipe creates the project scope...
