Sunday, August 31, 2014

Creating your own OAuth2 server and clients using spring security - part 3

So now it's time to test our configuration live!

we will need an apache tomcat server and mysql db server, I'll use tomcat 7 and wamp for db

but before that there is a few things to add to make our test meaningful, we will add an mvc-rest controller that will be protected by our security implementation:

then modify the mvc-dispatcher-servlet.xml to see this new controller by adding:

<context:component-scan base-package="com.blabadi">
    <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
which basically tells spring to scan for controller annotation under the base package

important points here:
- spring mvc requires to have a context for its servlets that is different than the context of the application, that's why we have a different configuration files : spring-beans and mvc-dispatcher-servlet.xml

- we don't scan controllers in the root context because that will create duplicated instances for them
- the dispatcher servlet is required for both : spring security web and rest services

run the command maven package to our application and deploy the war
if you get this after deployment in tomcat console then you're good to continue :
Now use your favorite rest client to try to access the protected service, here I used postman chrome app :

so our configurations are working, we were able to prevent unauthenticated access to this service, lets try to get authenticated by getting a token:

now we have the token, lets use it:

Awesome! we have fully tested a simple password grant type OAuth2 scenario from end to end!

happy coding..

In the future we will implement another grants and add more scenarios on this project


Note: Only a member of this blog may post a comment.

Istio —simple fast way to start

istio archeticture (source I would like to share with you a sample repo to start and help you continue your jou...