Spring Security with OAuth2

 

Spring Security provides comprehensive security services for J2EE – based enterprise software applications. It is powerful, flexible and pluggable.
It is not Proxy server, firewall, OS level Security, Intrusion Detection System,  and JVM Security.

OAuth is open authorization protocol, which allows accessing resources of the resource owner by enabling the client applications on HTTP services such as Gmail, GitHub, etc.

The OAuth 2.0 framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between resource owner and HTTP service, or by allowing the third-party application to obtain access on its own behalf.

OAuth2 Roles : There are four roles which can applied on OAuth2.

  1. Resource Owner : The owner of the resource – this is pretty self-explanatory 🙂
  2. Resource Server : It serves resources that are protected by the OAuth2 token.
  3. Client : The application accessing the resource server.
  4. Authorization Server :  The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

OAuth2 Tokens : Tokens are implementation specific random strings, generated by the authorization server.

  • Access Token : Sent with each request, usually valid for about an hour only.
  • Refresh Token : It is used to get new access token, not sent with each request, usually lives longer than access token.

Now, let’s implement the project for Spring Security with OAuth2 :

First create a maven project here.,in eclipse IDE which will looks like :

Resource Server

 

Authorization Server

Security Configuration

 

Method Security Configuration

Controller

 

Running the application :

  • You can either run the application by hitting the REST API by Postman.
  • You can also run this application by SpringRestClient class present in src/test/java, which is internally hitting the REST API by RestTemplateclass.

You can also download this example :       

 

Leave a Reply