A sample OAuth provider using spring security See http://porterhead.blogspot.co.uk/2014/05/securing-rest-services-with-spring.html
to build and run tests: gradle clean build integrationTest
to run: gradle tomcatRun
To register a new user:
curl -X POST -H "Content-Type: application/json"
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM="
-d '{"user":{"emailAddress":"test@example.com"}, "password":"password"}'
'http://localhost:8080/oauth2-provider/v1.0/users'
Login:
curl -v -X POST
-H "Content-Type: application/json"
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM="
--data-urlencode 'username=test@example.com' --data-urlencode 'password=password' --data-urlencode 'grant_type=password'
'http://localhost:8080/oauth2-provider/oauth/token \
to retrieve a user details:
curl -v -X GET
-H "Content-Type: application/json"
-H "Authorization: Bearer [your access token]"
'http://localhost:8080/oauth2-provider/v1.0/me'
To set up for production:
- Create a properties file in src/main/resources/properties called app-production.properties
- Override all relevant properties from src/main/resources/properties/application.properties
- Configure Mail Server by overriding values for mail server in app-production.properties
- Build and deploy war. Add System variable to start up command -Dspring.profiles.active=production
- Add MongoDB args to start up command- -DMONGODB_HOST=localhost -DMONGODB_PORT=27017 Example command line args for using built-in tomcat instance: ./gradlew tomcatRun -Dspring.profiles.active=production -DMONGODB_HOST=localhost -DMONGODB_PORT=27017
- Restrict access to all protected URLs via SSL only
- The velocity templates and html pages provided are basic and should be customised to your needs