Skip to main content

Creating your own OAuth2 server and clients using spring security - part 3

So now it's time to test our configuration live!

we will need an apache tomcat server and mysql db server, I'll use tomcat 7 and wamp for db

but before that there is a few things to add to make our test meaningful, we will add an mvc-rest controller that will be protected by our security implementation:

then modify the mvc-dispatcher-servlet.xml to see this new controller by adding:

<context:component-scan base-package="com.blabadi">
    <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
which basically tells spring to scan for controller annotation under the base package

important points here:
- spring mvc requires to have a context for its servlets that is different than the context of the application, that's why we have a different configuration files : spring-beans and mvc-dispatcher-servlet.xml

- we don't scan controllers in the root context because that will create duplicated instances for them
- the dispatcher servlet is required for both : spring security web and rest services

run the command maven package to our application and deploy the war
if you get this after deployment in tomcat console then you're good to continue :
Now use your favorite rest client to try to access the protected service, here I used postman chrome app :

so our configurations are working, we were able to prevent unauthenticated access to this service, lets try to get authenticated by getting a token:

now we have the token, lets use it:

Awesome! we have fully tested a simple password grant type OAuth2 scenario from end to end!

happy coding..

In the future we will implement another grants and add more scenarios on this project


Post a Comment

Popular posts from this blog

Android RecyclerView - Adding Empty View

So RecyclerView was introduced to replace List view and it's optimized to reuse existing views and so it's faster and more efficient as stated in the documentation:

While using it, I faced the issue of missing a useful functionality that is implemented in ListView.
that feature is setting an empty view in case there was no records.

In ListView it was as simple as this

View emptyView = findViewById(;
ListView  myList = ....

but this method doesn't exist for recycler view so we need a work around until android team fixes this.

and here are the screen shots of both list view and recycler view fix

List view :

Recycler view :

here is how I fixed it:

here is the content of empty_view, it can be anything.


Android - Multiple themes for one application

Sometimes you want to have multiple themes for your app
one strong example is having the ability to switch between dark and light themes because during night, a white bright screen can really be annoying for users eyes

Android will do most of the work for you but it may be required to change icons between themes to fit colors
In this blog I'll show a simple app with both dark and light themes and how to change icons without having to do that from code and keep things clean and centralized.
first of all let's create our activity, it will look something like this :

In /rest/values/styles.xml, we inherit Theme.AppCompat
        Base application theme, dependent on API level. This theme is replaced
        by AppBaseTheme from res/values-vXX/styles.xml on newer devices.
    <style name="AppBaseTheme" parent="Theme.AppCompat">
            Theme customizations available in newer API levels can go in

Creating your own OAuth2 server and clients using spring security - part 1

In this series of posts, I'll try to put together a simple working example on how to create your own OAuth2 server.

if you want to know more on OAuth2 and when to use it as authentication and authorization protocol then you can search about it on google and i'll put some URLs later.

Now I assume you are familiar with java web applications using Spring and maven.

to get started we need to create the server side with all dependencies required and i'll list them here, i'll use maven 2 to ease downloading dependencies for us.


1- Create new maven project with arch type webapp:

2- Add the required depenedencies for spring, spring security, spring-oauth2, hibernate & other libraries (required for this tutorial only you can use other libraries if you like)

3- I used hibernate to automate the creation of the schema required by spring OAuth2 to manage tokens (it's required to have schema created in db if you a…