Wednesday 13 July 2022
Social Client Login with OAuth2 Spring Boot Application
First of all you have to take auth2 access to the social web site, we see it in the video, then we will create a services and test it and see some services we learned in the previous post, we will give their link below which includes Eureka (client-1, client-2), ApiGetway, services.
Add client and secret Id in ApiGetway application.properties file:
spring.security.oauth2.client.registration.Oauth2_Security.client-id = Write your Client ID
spring.security.oauth2.client.registration.Oauth2_Security.client-secret = Write your Secret ID
Add use Dependency in ApiGetway pom.xml file:
Add New Package in ApiGetway-> com.javatechie.spring.zulu.api.cofig and create SecurityConfiguration.java file.
See the video step by step to run/learn past post video and current configuration post.
How to Develop Some Other Rest API
How to Develop Eureka Server and Eureka Client Configuration
How to Develop GateWayAPI
How to get Google Token
Wednesday 6 July 2022
OAuth2 Security with Spring Boot
Introduction
OAuth2 is a token-based security authentication and authorization framework that breaks security down into four components. These four components are
OAuth2 is a token-based security authentication and authorization framework that breaks security down into four components. These four components are
- A protected resource—This is the resource (in our case, a microservice) you want to protect and ensure that only authenticated users who have the proper authorization can access
- A resource owner—A resource owner defines what applications can call their service, which users are allowed to access the service, and what they can do with the service. Each application registered by the resource owner will be given an application name that identifies the application along with an application secret key. The combination of the application name and the secret key are part of the credentials that are passed when authenticating an OAuth2 token.
- An application—This is the application that’s going to call the service on a behalf of a user. After all, users rarely invoke a service directly. Instead, they rely on an application to do the work for them.
- OAuth2 authentication server—The OAuth2 authentication server is the intermediary between the application and the services being consumed. The OAuth2 server allows the user to authenticate themselves without having to pass their user credentials down to every service the application is going to call on behalf of the user.
OAuth2 is a token-based security framework. A user authenticates against the OAuth2 server by providing their credentials along with the application that they’re using to access the resource. If the
user’s credentials are valid, the OAuth2 server provides a token that can be presented every time a service being used by the user’s application tries to access a protected resource (the microservice).
The OAuth2 specification has four types of grants:
- Password
- Client credential
- Authorization code
- Implicit
To set up an OAuth2 authentication server, you need the following Spring Cloud dependencies in the authentication-service/pom.xml file
For Example: You have to Create Project Node Name is: "a143mk-Oauth2-Security" on STS4 Tools.
Pom.xml file.
Create AuthServer.java class for use Authorization Server Configuration.
The first thing to note in this listing is the @EnableAuthorizationServer annotation. This annotation tells Spring Cloud that this service will be used as an OAuth2 service and to add several REST-based endpoints that will be used in the OAuth2 authentication and authorization processes.
Like other pieces of the Spring Security framework, to set up users (and their roles), start by extending the WebSecurityConfigurerAdapter class and mark it with the @Configuration annotation.
As such, you need to provide the OAuth2 server a mechanism to authenticate users and return the user information about the authenticating user. This is done by defining two beans in your Spring WebSecurityConfigurerAdapter implementation: authenticationManagerBean() and userDetailsServiceBean(). These two beans are exposed by using the default authentication authenticationManagerBean() and userDetailsServiceBean() methods from the parent WebSecurityConfigurerAdapter class.
you have to Create ConfigWeb.java class.
Run As-> Spring Boot App for Output:
For step by step development working watch the video and learn yourself.
Subscribe to:
Posts
(
Atom
)
