Powered by Blogger.

OAuth2 Security with Spring Boot

1 comment :
Introduction
OAuth2 is a token-based security authentication and authorization framework that breaks security down into four components. These four components are 
  1.  A protected resource—This is the resource (in our case, a microservice) you want to protect and ensure that only authenticated users who have the proper authorization can access 
  2.  A resource owner—A resource owner defines what applications can call their service, which users are allowed to access the service, and what they can do with the service. Each application registered by the resource owner will be given an application name that identifies the application along with an application secret key. The combination of the application name and the secret key are part of the credentials that are passed when authenticating an OAuth2 token. 
  3.  An application—This is the application that’s going to call the service on a behalf of a user. After all, users rarely invoke a service directly. Instead, they rely on an application to do the work for them. 
  4.  OAuth2 authentication server—The OAuth2 authentication server is the intermediary between the application and the services being consumed. The OAuth2 server allows the user to authenticate themselves without having to pass their user credentials down to every service the application is going to call on behalf of the user. 


OAuth2 is a token-based security framework. A user authenticates against the OAuth2 server by providing their credentials along with the application that they’re using to access the resource. If the user’s credentials are valid, the OAuth2 server provides a token that can be presented every time a service being used by the user’s application tries to access a protected resource (the microservice). The OAuth2 specification has four types of grants: 
  •  Password 
  • Client credential 
  • Authorization code 
  • Implicit

To set up an OAuth2 authentication server, you need the following Spring Cloud dependencies in the authentication-service/pom.xml file


For Example: You have to Create Project Node Name is: "a143mk-Oauth2-Security" on STS4 Tools.

 

Pom.xml file.

Create AuthServer.java class for use Authorization Server Configuration.



The first thing to note in this listing is the @EnableAuthorizationServer annotation. This annotation tells Spring Cloud that this service will be used as an OAuth2 service and to add several REST-based endpoints that will be used in the OAuth2 authentication and authorization processes.

Like other pieces of the Spring Security framework, to set up users (and their roles), start by extending the WebSecurityConfigurerAdapter class and mark it with the @Configuration annotation.
As such, you need to provide the OAuth2 server a mechanism to authenticate users and return the user information about the authenticating user. This is done by defining two beans in your Spring WebSecurityConfigurerAdapter implementation: authenticationManagerBean() and userDetailsServiceBean(). These two beans are exposed by using the default authentication authenticationManagerBean() and userDetailsServiceBean() methods from the parent WebSecurityConfigurerAdapter class.
you have to Create ConfigWeb.java class.

Run As-> Spring Boot App for Output:


For step by step development working watch the video and learn yourself.

1 comment :

Please Write a Message for Programming or something Related issues.