Open in app

Sign in

Write

Sign in

Spring Boot integrated oauth2 Quick start demo

HBLOG
4 min readApr 25, 2024

--

1.oauth2 introduce

1,what is OAuth 2?

  • OAuth is an open standard that allows users to let third-party applications access the user’s private resources (such as avatars, photos, videos, etc.) stored on a website without providing the username and password to the third party in the process. application. This is achieved by providing a token rather than a username and password to access their data stored with a specific service provider.
  • Each token authorizes a specific website to access specific resources for a specific period of time. In this way, OAuth gives users the flexibility to authorize third-party websites to access specific information stored on other resource servers, rather than all content. The current mainstream third-party authorized login methods such as QQ and WeChat are all based on OAuth2.
  • OAuth 2 yes The next version of the OAuth protocol, but not backward compatible with OAuth 1.0. OAuth 2 focuses on simplicity for client developers while providing specialized authentication flows for web apps, desktop apps, mobile devices, and living room devices.
  • Traditional web development login authentication is generally based on Session, but continuing to use Session in a front-end and back-end separated architecture will cause many inconveniences, because mobile terminals (Android, iOS, WeChat applet, etc.) either do not support cookies (WeChat applet) ), or it is very inconvenient to use. For these problems, using OAuth 2 authentication can solve them.

2,OAuth 2 Roles

The following roles are defined in the OAuth 2 standard:

  • Resource Owner: represents the user who authorizes the client to access its own resource information. The client’s permission to access the user account is limited to the “scope” authorized by the user.
  • Client: represents a third-party application that intends to access restricted resources. Before accessing an implementation, it must be authorized by the user, and the obtained authorization credentials will be further verified by the authorization server.
  • Authorization Server: The authorization server is used to verify whether the information provided by the user is correct and return a token to the third-party application.
  • Resource Server: The resource server is a server that provides resources to users, such as avatars, photos, videos, etc.

Note: Generally speaking, the authorization server and resource server can be the same server.

2.Environmental preparation

docker run -itd --name redis-6379 -p 6379:6379 redis --requirepass 123456

3.code engineering

Experiment purpose: Use oauth2 method access_token to control interface permissions

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>springboot-demo</artifactId>
        <groupId>com.et</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <artifactId>oatuth2</artifactId>
    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-autoconfigure</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth</groupId>
            <artifactId>spring-security-oauth2</artifactId>
            <version>2.3.3.RELEASE</version>
        </dependency>
        <!-- redis  -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>io.lettuce</groupId>
                    <artifactId>lettuce-core</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>redis.clients</groupId>
            <artifactId>jedis</artifactId>
        </dependency>
    </dependencies>
</project>

application.properties

server.port=8088
# basic configuration
spring.redis.database=0
spring.redis.host=127.0.0.1
spring.redis.port=6379
spring.redis.password=123456
# pools configuration
spring.redis.jedis.pool.max-active=8
spring.redis.jedis.pool.max-idle=8
spring.redis.jedis.pool.max-wait=-1ms
spring.redis.jedis.pool.min-idle=0

Authorization server configuration

package com.et.oauth2.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    AuthenticationManager authenticationManager;
 
  /*  @Autowired(required = false)
    TokenStore inMemoryTokenStore;*/
    @Autowired
    RedisConnectionFactory redisConnectionFactory;
    @Autowired
    UserDetailsService userDetailsService;
 
    @Bean
    PasswordEncoder passwordEncoder() {
        
        return new BCryptPasswordEncoder();
    }
 
    @Override
    public void configure(ClientDetailsServiceConfigurer clients)
            throws Exception {
        clients.inMemory()
            .withClient("password")
            .authorizedGrantTypes("password", "refresh_token") 
            .accessTokenValiditySeconds(1800) 
            .resourceIds("rid") 
            .scopes("all")
            .secret("$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq"); 
    }
 
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
      
        endpoints.tokenStore(new RedisTokenStore(redisConnectionFactory))
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }
 
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
        
        security.allowFormAuthenticationForClients();
    }
}

Resource Configuration

package com.et.oauth2.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
 
        resources.resourceId("rid") 
                .stateless(true); 
    }
 
   
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/**").hasRole("admin")
                .antMatchers("/user/**").hasRole("user")
                .anyRequest().authenticated();
    }
}

Security Configuration

package com.et.oauth2.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
 
    @Bean
    @Override
    protected UserDetailsService userDetailsService() {
 
        return super.userDetailsService();
    }
 
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("admin")
                .password("$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq") //123
                .roles("admin")
                .and()
                .withUser("sang")
                .password("$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq") //123
                .roles("user");
    }
     
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/oauth/**").authorizeRequests()
                .antMatchers("/oauth/**").permitAll()
                .and().csrf().disable();
    }
}

controller

package com.et.oauth2.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.Map;
@RestController
public class HelloWorldController {
    @GetMapping("/admin/hello")
    public String admin() {
        return "hello admin";
    }
    @GetMapping("/user/hello")
    public String user() {
        return "hello user";
    }
    @GetMapping("/hello")
    public String hello() {
        return "hello";
    }
}

The above are just some key codes. For all codes, please see the code repository below.

code repository

4.test

start up Spring boot application

Obtain access_token

open postman, input http://127.0.0.1:8088/oauth/token Obtain

Access resources (with admin role)

open postman,input

http://127.0.0.1:8088/admin/hello?access_token=f57880ae-15d1-49dd-a63a-299827c8d341

No access (no user role)

open postman, input

http://127.0.0.1:8088/user/hello?access_token=f57880ae-15d1-49dd-a63a-299827c8d341

5.References

Springboot 2
Java
Backend
Oauth2

--

--

HBLOG
HBLOG

Written by HBLOG

119 Followers
31 Following

talk is cheap ,show me your code

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams