Saturday, August 30, 2014

Creating your own OAuth2 server and clients using spring security - part 1

In this series of posts, I'll try to put together a simple working example on how to create your own OAuth2 server.

if you want to know more on OAuth2 and when to use it as authentication and authorization protocol then you can search about it on google and i'll put some URLs later.

Now I assume you are familiar with java web applications using Spring and maven.

to get started we need to create the server side with all dependencies required and i'll list them here, i'll use maven 2 to ease downloading dependencies for us.


Steps:

1- Create new maven project with arch type webapp:



2- Add the required depenedencies for spring, spring security, spring-oauth2, hibernate & other libraries (required for this tutorial only you can use other libraries if you like)

https://gist.github.com/anonymous/d33a31ddc3ba84375cf3

3- I used hibernate to automate the creation of the schema required by spring OAuth2 to manage tokens (it's required to have schema created in db if you are using jdbc token store).
I use wamp server and phpmyadmin to create my database

4- Setup hibernate mapping [I used xml file, but I think annotations will work too]

https://gist.github.com/anonymous/f713fd84a1618b04c04a https://gist.github.com/anonymous/71fd66dc9e58956fb3bf
https://gist.github.com/anonymous/8d00471f278ae17b0792
5- Create login service interface and stub implementation
https://gist.github.com/anonymous/bbd8eaa9dcc096c148e7
https://gist.github.com/anonymous/eea11cbd2ced2d927515


6- Create custom authentication provider
https://gist.github.com/anonymous/b73cf93b3d0c2534813e


7-Create the properties file required for db conneciton
jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/testoauth
jdbc.username=root
jdbc.password=

8-Create spring-security.xml  (we will go over the contents in the next part)

https://gist.github.com/anonymous/1fb8ccb3b8e70b4ffa36

9-Create security-beans.xml to gather spring configurations related to security in one place
https://gist.github.com/anonymous/cbc0dfd0b37a9b10ffd7

10-Create spring-beans.xml to gather all configurations in one file
https://gist.github.com/anonymous/f23913f0d24c7c1f6ac8
11-Configure web.xml, and add mvc-dispatcher-servlet.xml
https://gist.github.com/anonymous/10ddabcdc86ec512de0a https://gist.github.com/anonymous/290eb03d05cc7e7a4776


after all this if I didn't forget anything you will have the following (click on the image to see it in original size):

2 comments:

  1. HI can you share the Database table structure which you have used with sample data and request URL for authorization, refresh token and authorization token.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete

Note: Only a member of this blog may post a comment.

Istio —simple fast way to start

istio archeticture (source istio.io) I would like to share with you a sample repo to start and help you continue your jou...