How To Create a Secured OAuth2 RESTful Service on Spring Boot

Photo by bsdrouin from Pixabay

Prerequisites

Part 1. Project setup

Part 2. Security and roles

  • Spring security allows you to extend WebSecurityConfigurerAdapter in order to get access to the HttpSecurity class which contains all the required configuration.
  • In the configure method we are using antMatchers to allow (or later reject) access to certain endpoints. Like in the snippet above, “/”, “/login**”, “/oauth2/authorization/**” are allowed without any authentication. It is essential to give access to the “oauth2” path, otherwise your app will run into an endless loop of security checks.
  • ClientRegistrationRepository bean has all the required configuration to be able to connect to oauth2 provider.
  • Usually, secrets are stored in a secure place. In order to achieve exactly that, clientId and clientSecret are extracted into application.yml so they can be configured outside and accessed at runtime.
  • ClientRegistration scope has been extended with “groups” scope which means our App will be reading and processing that field from the oauth2 provider response
  • Endpoints have been secured with HttpSecurity configuration. Now, in order to access an endpoint, a proper access role is required
  • GrantedAuthoritiesMapper bean has been set up to process the response from oauth2 provider and convert them into Roles that our App can handle

Part 3. Deployments

  • docker
  • aws-cli
  • kustomize
  • kubectl
Production version
Test version

Afterwards

--

--

--

Serious software engineer with everlasting passion for GameDev. Dreaming of next big project. https://pudding.pro

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

12 Essential Docker Commands You Should Know

Going from Zero to Sixty: Building Lyft’s Self-Driving Software Team

How to run SoapUI tests from Jenkins

Code Reviews: Hints, tips & principles

Serving TensorFlow Models. Serverless

How to master a project’s architecture and not base your decisions on assumptions

You don’t need to stop shipping features to fix technical debt

How to Deploy Multiple ASP.Net Core Microservices From a Monorepository

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Pudding Entertainment

Pudding Entertainment

Serious software engineer with everlasting passion for GameDev. Dreaming of next big project. https://pudding.pro

More from Medium

Top Reasons Why Java Development is still Relevant in 2022

Why Java is Relevant in 2022

Visitor Design Pattern in Java

REST API using Quarkus and Panache

Quarkus REST API

nodef found org.apache.kafka.common.serialization.stringserializer