/oauth-gateway-exploration

Spring Security OAuth 2.0 Gateway Exploration Example

Primary LanguageJava

Spring Security OAuth 2.0 Gateway Exploration Example

This is the full source-code for the following blog post series.

No license is provided as it is only meant for learning purposes.

Set-up

The basic set-up we are going for is:

  • gateway at localhost:8080

  • dummy service at localhost:8081

  • keycloak at localhost:9090

run docker-compose up -d inside the keycloak directory to start a local keycloak server mapped to host port 9090

One-time Keycloak set-up

  • login with admin / admin

  • create a realm called service

  • a client called gateway

    • use valid redirect url: http://localhost:8080/*

    • select Access Type: confidential

    • save and click on the newly visible tab Credentials

  • Copy the Secret to the client-secret in the oauth-gateway application.yml

  • create a user for yourself to login with

  • create a role called dummy and assign it to your user

Running the services

run GatewayApplication to start the gateway

run DummyApplication to start the dummy backend service

Manual verification

Browse incognito to http://localhost:8080

  • login with the user you created

  • checkout the result (in case of a silent 401/403 failure, check for a WWW-Authenticate header in the response for a clue)

Note
In order to see one of the powers of OAuth-based AuthN/AuthZ, restart the Gateway and/or Dummy service and/or remove you Session Cookie stored in your browser (F12, Application, Cookies, http://localhost:8080, Clear All in Chrome) and refresh the page.
Note
If you just want to look at how the request with the token to the backend looks like, you could also just run netcat instead of the dummy-service using: nc -l localhost 8081