Skip to main content

Creating your own OAuth2 server and clients using spring security - part 1

In this series of posts, I'll try to put together a simple working example on how to create your own OAuth2 server.

if you want to know more on OAuth2 and when to use it as authentication and authorization protocol then you can search about it on google and i'll put some URLs later.

Now I assume you are familiar with java web applications using Spring and maven.

to get started we need to create the server side with all dependencies required and i'll list them here, i'll use maven 2 to ease downloading dependencies for us.


Steps:

1- Create new maven project with arch type webapp:



2- Add the required depenedencies for spring, spring security, spring-oauth2, hibernate & other libraries (required for this tutorial only you can use other libraries if you like)

https://gist.github.com/anonymous/d33a31ddc3ba84375cf3

3- I used hibernate to automate the creation of the schema required by spring OAuth2 to manage tokens (it's required to have schema created in db if you are using jdbc token store).
I use wamp server and phpmyadmin to create my database

4- Setup hibernate mapping [I used xml file, but I think annotations will work too]

https://gist.github.com/anonymous/f713fd84a1618b04c04a https://gist.github.com/anonymous/71fd66dc9e58956fb3bf
https://gist.github.com/anonymous/8d00471f278ae17b0792
5- Create login service interface and stub implementation
https://gist.github.com/anonymous/bbd8eaa9dcc096c148e7
https://gist.github.com/anonymous/eea11cbd2ced2d927515


6- Create custom authentication provider
https://gist.github.com/anonymous/b73cf93b3d0c2534813e


7-Create the properties file required for db conneciton
jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/testoauth
jdbc.username=root
jdbc.password=

8-Create spring-security.xml  (we will go over the contents in the next part)

https://gist.github.com/anonymous/1fb8ccb3b8e70b4ffa36

9-Create security-beans.xml to gather spring configurations related to security in one place
https://gist.github.com/anonymous/cbc0dfd0b37a9b10ffd7

10-Create spring-beans.xml to gather all configurations in one file
https://gist.github.com/anonymous/f23913f0d24c7c1f6ac8
11-Configure web.xml, and add mvc-dispatcher-servlet.xml
https://gist.github.com/anonymous/10ddabcdc86ec512de0a https://gist.github.com/anonymous/290eb03d05cc7e7a4776


after all this if I didn't forget anything you will have the following (click on the image to see it in original size):

Comments

  1. HI can you share the Database table structure which you have used with sample data and request URL for authorization, refresh token and authorization token.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

Android RecyclerView - Adding Empty View

So RecyclerView was introduced to replace List view and it's optimized to reuse existing views and so it's faster and more efficient as stated in the documentation: https://developer.android.com/training/material/lists-cards.html While using it, I faced the issue of missing a useful functionality that is implemented in ListView. that feature is setting an empty view in case there was no records. In ListView it was as simple as this View emptyView = findViewById(R.id.mylist_empty_view); ListView  myList = .... myList.setEmptyView(emptyView); but this method doesn't exist for recycler view so we need a work around until android team fixes this. and here are the screen shots of both list view and recycler view fix List view : Recycler view : here is how I fixed it: here is the content of empty_view, it can be anything. Enjoy.

Microservices 101, Docker & spring boot sample [Windows 10, home]

This is a very simplistic article :) if you are looking for a deep dive in microservices, see my state-of-the-art microservices full archeticture here: http://dev.basharallabadi.com/2019/03/part-1-spring-state-of-art.html   What are micro services? It's an architectural model for web services that basically requires each service** to be completely independent and loosely coupled from other consumer services, or services that it depends on. and it's not a new idea but it's catching pace in today large scale web applications. ** (by service we mean a component that controls and implements the business logic in a self contained manner, like orders service, products catalog service, accounts management service, all of these have their domain and can be clearly separated)   Why micro services emerged ? 1- Easy to scale services: if you have a single application and all the services share the same code base and war (package) then if you receive high demand on one

[PART 5] NuTracker ReactJS app - Add Login & Profile using Router

In the previous part we finished the dashboard read functionality, now we want to add the skeleton for other pages: - Login   In this page the user will be able to login to their account and the dashboard won't show unless the user is logged in. - Profile In this page the user will be able to update their daily nutrition goals that they can track in the dashboard. to be able to have multiple 'pages' in react and navigate from one to one, we need something that can switch the rendered content based on what we want, we can do that with if statements in the App components and store some location state, but why invent the wheel. React Router every major single page app web framework has the routing concept and functionality to interact with the usual browser urls and switch the content based what user should see. for example on the profile page I want the url path to be /profile, and for login to be /login and so on. in more advanced cases you want the users