Oauth2 Stateless Authentication with Spring and JWT Token
This project uses Spring Security to authenticate and protect some Rest resources.
It uses withAuthorizationServerConfigurerAdapter
, ResourceServerConfigurerAdapter
and WebSecurityConfigurerAdapter
combined with @PreAuthorize
to configure the security.
It also uses an H2 embeded database to authenticate the users.
Article on the projectUSING SPRING OAUTH2 TO SECURE REST
This project was inspired by all these references. External references
Go to the cloned directory and run To Build and Run
mvn spring-boot:run
or build with your chosen IDE.
You should install Curl Commands./JQ before running these Curl commands.
curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq
To get a refresh token
curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=access_token&access_tokem=[ACCESS_TOKEN]" | jq
To access a protected resource
curl -H "Authorization: Bearer [ACCESS_TOKEN]" localhost:8080/api/hello
Register new Account
curl -H "Authorization: Bearer $(curl register-app:secret@localhost:8080/oauth/token -d "grant_type=client_credentials&client_id=register-app" | jq --raw-output ."access_token")" localhost:8080/api/register -H "Content-Type: application/json" -d '{"username":"new-user","password":"password","firstName":"First","lastName":"Last","email":"email@email.com"}' | jq
Curl sample commands
api/me
curl -H "Authorization: Bearer $(curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq --raw-output ."access_token")" localhost:8080/api/me | jq