83 lines
2.4 KiB
Plaintext
83 lines
2.4 KiB
Plaintext
= OAuth 2.0 Resource Server Sample
|
|
|
|
This sample demonstrates integrating Resource Server with a pre-configured key.
|
|
|
|
With it, you can run the integration tests or run the application as a stand-alone service to explore how you can
|
|
secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.
|
|
|
|
== 1. Running the tests
|
|
|
|
To run the tests, do:
|
|
|
|
```bash
|
|
./gradlew integrationTest
|
|
```
|
|
|
|
Or import the project into your IDE and run `OAuth2ResourceServerApplicationITests` from there.
|
|
|
|
=== What is it doing?
|
|
|
|
By default, the application is configured with an RSA public key that is available in the sample.
|
|
|
|
The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key.
|
|
Each test makes a query to the Resource Server with their corresponding token.
|
|
|
|
The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase
|
|
|
|
```bash
|
|
Hello, subject!
|
|
```
|
|
|
|
where "subject" is the value of the `sub` field in the token.
|
|
|
|
== 2. Running the app
|
|
|
|
To run as a stand-alone application, do:
|
|
|
|
```bash
|
|
./gradlew bootRun
|
|
```
|
|
|
|
Or import the project into your IDE and run `OAuth2ResourceServerApplication` from there.
|
|
|
|
Once it is up, you can use the following token:
|
|
|
|
```bash
|
|
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9go
|
|
```
|
|
|
|
And then make this request:
|
|
|
|
```bash
|
|
curl -H "Authorization: Bearer $TOKEN" localhost:8080
|
|
```
|
|
|
|
Which will respond with the phrase:
|
|
|
|
```bash
|
|
Hello, subject!
|
|
```
|
|
|
|
where `subject` is the value of the `sub` field in the token.
|
|
|
|
Or this:
|
|
|
|
```bash
|
|
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ
|
|
|
|
curl -H "Authorization: Bearer $TOKEN" localhost:8080/message
|
|
```
|
|
|
|
Will respond with:
|
|
|
|
```bash
|
|
secret message
|
|
```
|
|
|
|
== 3. Testing with Other Tokens
|
|
|
|
You can create your own tokens. Simply edit the public key in `OAuth2ResourceServerSecurityConfiguration` to match the private key you use.
|
|
|
|
To use the `/` endpoint, any valid token will do.
|
|
To use the `/message` endpoint, the token should have the `message:read` scope.
|