Friday, 14 July 2017

Spring MVC Java Config : Part 5 Secure RESTful API with Spring Security OAuth2

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.


1. TOOLS AND ENV

IDE : Spring Tool Suite 3.7.3
JDK :   1.8 Tomcat : 8.0.18
Spring : 4.2.6.RELEASE




2. OAUTH2 FLOW




Basically , resources are protected with access token, client could use refresh token to request an access token if authenticated with its credentials.




3. POM.XML





spring-security-oauth2 added to the dependency.




4. OAUTH2 CONFIG





1. Technically authorization server and resource server can be hosted separately.
2. OAuth2 authentication manager is define in Spring Web Security in class SecurityConfig
3. You may refer to Spring documents for all possible values and use cases for grant types and scopes





5. JS AND JSP






1. Get OAUTH2 token before consuming api restful web service
2. csrf is disabled just to make example simple





6. TEST











7. SOURCE CODE



https://github.com/junjun-dachi/spring-tutorials/tree/master/05-spring-mvc-oauth2


8. Reference


https://spring.io/guides/tutorials/spring-boot-oauth2/
https://github.com/spring-projects/spring-security-oauth
https://github.com/spring-projects/spring-security-oauth/blob/master/docs/oauth2.md
https://raymondhlee.wordpress.com/2014/12/21/implementing-oauth2-with-spring-security/








1 comment:

  1. Anyone can take the 5-minute java test in the US as it is targeted to coders who want to test their Java knowledge.

    ReplyDelete

Flag Counter