Spring-Boot-Security-Role-Based-oAuth2

Role Based Authentication using oAuth2 and JWT

To secure your Restfull web services, there are many ways available, you can secure by using stateless or statefull. Each one has its own pros and cons. In case if you are going to follow microservices architecture and you want to run your services as multiple instances means stateless approach is best one to choose, You can communicate with client side application using token.If you are going to follow satefull means you need to initiate JSession Id as well as sticky session.

This repo will demonstate how to secure your API's based on user Role by using oAuth2 as well as JSON web token.

Dependecies used for this repo is spring-security-oauth2 and spring-security-jwt

Used annotation @Secured annotation to enable role basis access to each API, ex: @Secured({ ROLE_ADMIN })

Enabled Authorization server, Resources server, Web security by using annotation @EnableAuthorizationServer, @EnableResourceServer, @EnableWebSecurity.

You can then access application by using Url here: http://localhost:8090/

In case you find a bug/suggested improvement for Spring Restfull Webservices

Our issue tracker is available here: link

Working with this project in Spring Tool Suite or Eclipse

prerequisites

The following items should be installed in your system:

STS - 3.0 Plus
MySQL
Postman or Any Rest API Testing tool

Steps:

Download this Project and do maven import.

git clone https://github.com/https://github.com/Sudarshan-Gowda/Spring-Boot-Security-Role-Based-oAuth2.git

To Import the Praject Using STS or Eclipse

File -> Import -> Maven -> Existing Maven project

Looking for something in particular?

Spring Boot Configuration	Class or Java property files
Main Controller Class	UserController
AuthorizationServerConfig Class	AuthorizationServerConfig
ResourceServerConfig Class	ResourceServerConfig
WebSecurityConfig Class	WebSecurityConfig
User Service	UserServiceImpl
Property File	application.properties

Steps to test the application:

Run the Application by using CLI,
mvn spring-boot:run or build jar file and execute by using below commands. mvn clean install, java -jar jar.name
Test the API by using Rest API Testing tool.

Find the exposed restfull APIS as below

Place the below urls and select appropicate Http Methods to test the APIs

a. To generate the token
http://localhost:8090/oauth/token

b. To fetch the users by using token
http://localhost:8090/users?access-token=xyz

c. In case if you try to access the API with other user which dont have access user will get response as Access denied
http://localhost:8090/users?access-token=xyz

Contributing

The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests.

For pull requests, editor preferences are available in the editor config for easy use in common text editors.

khangnick14 / spring-boot-security-role-based-oauth2 Goto Github PK