Spring WebClient and OAuth2 Support 1. Overview Spring Security 5 provides OAuth2 support for Spring Webflux’s non-blocking WebClient class. In this tutorial, we’ll analyze different approaches to access secured resources using this class. Also, we’ll have a look under the hood to understand how Spring handles the OAuth2 authorization process. 2.… Continue Reading spring-webclient-oauth2

Handle Security in Zuul, with OAuth2 and JWT 1. Introduction Simply put, a microservice architecture allows us to break up our system and our API into a set of self-contained services, which can be deployed fully independently. While this is great from a continuous deployment and management point of view,… Continue Reading spring-security-zuul-oauth-jwt

Spring Security OAuth2 – Simple Token Revocation 1. Overview In this quick tutorial, we’ll illustrate how we can revoke tokens granted by an OAuth Authorization Server implemented with Spring Security. When a user logs out, their token is not immediately removed from the token store, instead it remains valid until… Continue Reading spring-security-oauth-revoke-tokens

Spring REST API + OAuth2 + Angular Spring Security OAuth 1. Overview In this tutorial, we’ll secure a REST API with OAuth and consume it from a simple Angular client. The application we’re going to build out will consist of four separate modules: Authorization Server Resource Server UI implicit –… Continue Reading rest-api-spring-oauth2-angularjs

Extracting Principal and Authorities using Spring Security OAuth 1. Overview In this tutorial, we’ll illustrate how to create an application that delegates user authentication to a third party, as well as to a custom authorization server, using Spring Boot and Spring Security OAuth. Also, we’ll demonstrate how to extract both Principal and Authorities using Spring’s PrincipalExtractor… Continue Reading spring-security-oauth-principal-authorities-extractor

OAuth2 – @EnableResourceServer vs @EnableOAuth2Sso 1. Overview In this tutorial, we’re going to talk about the @EnableResourceServer and @EnableOAuth2Sso annotations in Spring Security. We’ll begin by explaining the differences between an OAuth2 Client and an OAuth2 Resource Server. Afterwards, we’ll talk a little about what these annotations can do for us and… Continue Reading spring-security-oauth2-enable-resource-server-vs-enable-oauth2-sso

OAuth2 Remember Me with Refresh Token 1. Overview In this article, we will add a “Remember Me” functionality to an OAuth 2 secured application, by leveraging the OAuth 2 Refresh Token. This article is a continuation of our series on using OAuth 2 to secure a Spring REST API, which… Continue Reading spring-security-oauth2-remember-me

Front-End App with Spring Security OAuth – Authorization Code Flow 1. Overview In this tutorial, we’ll continue our Spring Security OAuth series by building a simple front end for Authorization Code flow. Keep in mind that the focus here is the client-side; have a look at the Spring REST API + OAuth2… Continue Reading spring-security-oauth-authorization-code-flow