Role Based Authentication using oAuth2 and JWT
To secure your Restfull web services, there are many ways available, you can secure by using stateless or statefull. Each one has its own pros and cons. In case if you are going to follow microservices architecture and you want to run your services as multiple instances means stateless approach is best one to choose, You can communicate with client side application using token.If you are going to follow satefull means you need to initiate JSession Id as well as sticky session.
This repo will demonstate how to secure your API's based on user Role by using oAuth2 as well as JSON web token.
Dependecies used for this repo is spring-security-oauth2
and spring-security-jwt
Used annotation @Secured
annotation to enable role basis access to each API, ex: @Secured({ ROLE_ADMIN })
Enabled Authorization server, Resources server, Web security by using annotation @EnableAuthorizationServer
, @EnableResourceServer
, @EnableWebSecurity
.
You can then access application by using Url here: http://localhost:8090/
Our issue tracker is available here: link
The following items should be installed in your system:
- STS - 3.0 Plus
- MySQL
- Postman or Any Rest API Testing tool
- Download this Project and do maven import.
git clone https://github.com/https://github.com/Sudarshan-Gowda/Spring-Boot-Security-Role-Based-oAuth2.git
- To Import the Praject Using STS or Eclipse
File -> Import -> Maven -> Existing Maven project
Spring Boot Configuration | Class or Java property files |
---|---|
Main Controller Class | UserController |
AuthorizationServerConfig Class | AuthorizationServerConfig |
ResourceServerConfig Class | ResourceServerConfig |
WebSecurityConfig Class | WebSecurityConfig |
User Service | UserServiceImpl |
Property File | application.properties |
- Run the Application by using CLI,
mvn spring-boot:run
or build jar file and execute by using below commands.mvn clean install
,java -jar jar.name
- Test the API by using Rest API Testing tool.
Place the below urls and select appropicate Http Methods to test the APIs
a. To generate the token
http://localhost:8090/oauth/token
b. To fetch the users by using token
http://localhost:8090/users?access-token=xyz
c. In case if you try to access the API with other user which dont have access user will get response as Access denied
http://localhost:8090/users?access-token=xyz
The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests.
For pull requests, editor preferences are available in the editor config for easy use in common text editors.