Friday 14 July 2017

Spring MVC Java Config : Part 5 Secure RESTful API with Spring Security OAuth2

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.


1. TOOLS AND ENV

 IDE : Spring Tool Suite 3.7.3
JDK :   1.8 Tomcat : 8.0.18
Spring : 4.2.6.RELEASE


2. OAUTH2 FLOW


Basically , resources are protected with access token, client could use refresh token to request an access token if authenticated with its credentials.


3. POM.XML



spring-security-oauth2 added to the dependency.


4. OAUTH2 CONFIG



1. Technically authorization server and resource server can be hosted separately.
2. OAuth2 authentication manager is define in Spring Web Security in class SecurityConfig
3. You may refer to Spring documents for all possible values and use cases for grant types and scopes



5. JS AND JSP




1. Get OAUTH2 token before consuming api restful web service
2. csrf is disabled just to make example simple



6. TEST











7. SOURCE CODE

https://github.com/junjun-dachi/spring-tutorials/tree/master/05-spring-mvc-oauth2


8. Reference

 https://spring.io/guides/tutorials/spring-boot-oauth2/
https://github.com/spring-projects/spring-security-oauth
https://github.com/spring-projects/spring-security-oauth/blob/master/docs/oauth2.md
https://raymondhlee.wordpress.com/2014/12/21/implementing-oauth2-with-spring-security/








at
Labels: , , , , , ,

1 comment:

  1. apollonialucy26 February 2021 at 23:32

    Anyone can take the 5-minute java test in the US as it is targeted to coders who want to test their Java knowledge.

    ReplyDelete

Subscribe to: Post Comments (Atom)
Flag Counter