spring-security/samples/boot/oauth2resourceserver-static/README.adoc

= OAuth 2.0 Resource Server Sample

This sample demonstrates integrating Resource Server with a pre-configured key.

With it, you can run the integration tests or run the application as a stand-alone service to explore how you can
secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.

== 1. Running the tests

To run the tests, do:

```bash
./gradlew integrationTest
```

Or import the project into your IDE and run `OAuth2ResourceServerApplicationITests` from there.

=== What is it doing?

By default, the application is configured with an RSA public key that is available in the sample.

The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key.
Each test makes a query to the Resource Server with their corresponding token.

The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase

```bash
Hello, subject!
```

where "subject" is the value of the `sub` field in the token.

== 2. Running the app

To run as a stand-alone application, do:

```bash
./gradlew bootRun
```

Or import the project into your IDE and run `OAuth2ResourceServerApplication` from there.

Once it is up, you can use the following token:

```bash
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9go
```

And then make this request:

```bash
curl -H "Authorization: Bearer $TOKEN" localhost:8080
```

Which will respond with the phrase:

```bash
Hello, subject!
```

where `subject` is the value of the `sub` field in the token.

Or this:

```bash
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ

curl -H "Authorization: Bearer $TOKEN" localhost:8080/message
```

Will respond with:

```bash
secret message
```

== 3. Testing with Other Tokens

You can create your own tokens. Simply edit the public key in `OAuth2ResourceServerSecurityConfiguration` to match the private key you use.

To use the `/` endpoint, any valid token will do.
To use the `/message` endpoint, the token should have the `message:read` scope.
Resource Server Static Key Sample Fixes: gh-5486 2018-12-05 10:49:19 -07:00			`= OAuth 2.0 Resource Server Sample`

			`This sample demonstrates integrating Resource Server with a pre-configured key.`

			`With it, you can run the integration tests or run the application as a stand-alone service to explore how you can`
			`secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.`

			`== 1. Running the tests`

			`To run the tests, do:`

			```bash
			`./gradlew integrationTest`
			```

			Or import the project into your IDE and run `OAuth2ResourceServerApplicationITests` from there.

			`=== What is it doing?`

			`By default, the application is configured with an RSA public key that is available in the sample.`

			`The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key.`
			`Each test makes a query to the Resource Server with their corresponding token.`

			`The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase`

			```bash
			`Hello, subject!`
			```

			where "subject" is the value of the `sub` field in the token.

			`== 2. Running the app`

			`To run as a stand-alone application, do:`

			```bash
			`./gradlew bootRun`
			```

			Or import the project into your IDE and run `OAuth2ResourceServerApplication` from there.

			`Once it is up, you can use the following token:`

			```bash
			`export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9go`
			```

			`And then make this request:`

			```bash
			`curl -H "Authorization: Bearer $TOKEN" localhost:8080`
			```

			`Which will respond with the phrase:`

			```bash
			`Hello, subject!`
			```

			where `subject` is the value of the `sub` field in the token.

			`Or this:`

			```bash
			`export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ`

			`curl -H "Authorization: Bearer $TOKEN" localhost:8080/message`
			```

			`Will respond with:`

			```bash
			`secret message`
			```

			`== 3. Testing with Other Tokens`

			You can create your own tokens. Simply edit the public key in `OAuth2ResourceServerSecurityConfiguration` to match the private key you use.

			To use the `/` endpoint, any valid token will do.
			To use the `/message` endpoint, the token should have the `message:read` scope.