Skip to content

Sudarshan-Gowda/Spring-Boot-Security-Role-Based-oAuth2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Spring-Boot-Security-Role-Based-oAuth2

Role Based Authentication using oAuth2 and JWT

To secure your Restfull web services, there are many ways available, you can secure by using stateless or statefull. Each one has its own pros and cons. In case if you are going to follow microservices architecture and you want to run your services as multiple instances means stateless approach is best one to choose, You can communicate with client side application using token.If you are going to follow satefull means you need to initiate JSession Id as well as sticky session.

This repo will demonstate how to secure your API's based on user Role by using oAuth2 as well as JSON web token.

Dependecies used for this repo is spring-security-oauth2 and spring-security-jwt

Used annotation @Secured annotation to enable role basis access to each API, ex: @Secured({ ROLE_ADMIN })

Enabled Authorization server, Resources server, Web security by using annotation @EnableAuthorizationServer, @EnableResourceServer, @EnableWebSecurity.

You can then access application by using Url here: http://localhost:8090/

In case you find a bug/suggested improvement for Spring Restfull Webservices

Our issue tracker is available here: link

Working with this project in Spring Tool Suite or Eclipse

prerequisites

The following items should be installed in your system:

  • STS - 3.0 Plus
  • MySQL
  • Postman or Any Rest API Testing tool

Steps:

  1. Download this Project and do maven import.
git clone https://github.com/https://github.com/Sudarshan-Gowda/Spring-Boot-Security-Role-Based-oAuth2.git
  1. To Import the Praject Using STS or Eclipse
File -> Import -> Maven -> Existing Maven project

Looking for something in particular?

Spring Boot Configuration Class or Java property files
Main Controller Class UserController
AuthorizationServerConfig Class AuthorizationServerConfig
ResourceServerConfig Class ResourceServerConfig
WebSecurityConfig Class WebSecurityConfig
User Service UserServiceImpl
Property File application.properties

Steps to test the application:

  1. Run the Application by using CLI,
    mvn spring-boot:run or build jar file and execute by using below commands. mvn clean install, java -jar jar.name
  2. Test the API by using Rest API Testing tool.

Find the exposed restfull APIS as below

Place the below urls and select appropicate Http Methods to test the APIs

a. To generate the token
http://localhost:8090/oauth/token

b. To fetch the users by using token
http://localhost:8090/users?access-token=xyz

c. In case if you try to access the API with other user which dont have access user will get response as Access denied
http://localhost:8090/users?access-token=xyz

Contributing

The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests.

For pull requests, editor preferences are available in the editor config for easy use in common text editors.

Releases

No releases published

Packages

No packages published