more and more
Spring Security – Attacking OAuth 1. Introduction OAuth is the industry standard framework for delegated authorization. A lot of thought and care has gone into creating the various flows that make up the standard. Even then, it’s not without vulnerability. In this series of articles, we’ll discuss attacks against OAuth… Continue Reading spring-security-oauth-attack-redirect
Spring WebClient and OAuth2 Support 1. Overview Spring Security 5 provides OAuth2 support for Spring Webflux’s non-blocking WebClient class. In this tutorial, we’ll analyze different approaches to access secured resources using this class. Also, we’ll have a look under the hood to understand how Spring handles the OAuth2 authorization process. 2.… Continue Reading spring-webclient-oauth2
getdocs
Handle Security in Zuul, with OAuth2 and JWT 1. Introduction Simply put, a microservice architecture allows us to break up our system and our API into a set of self-contained services, which can be deployed fully independently. While this is great from a continuous deployment and management point of view,… Continue Reading spring-security-zuul-oauth-jwt
getdocs
Spring Security OAuth2 – Simple Token Revocation 1. Overview In this quick tutorial, we’ll illustrate how we can revoke tokens granted by an OAuth Authorization Server implemented with Spring Security. When a user logs out, their token is not immediately removed from the token store, instead it remains valid until… Continue Reading spring-security-oauth-revoke-tokens
getdocs
Spring Security OAuth 2 Guides OAuth2 Basics + Spring REST API + OAuth2 + AngularJS + Using JWT with Spring Security OAuth + Testing an OAuth Secured API with Spring MVC Advanced Scenarios with OAuth2 + Spring Security and OpenID Connect + Simple Single Sign-On with Spring Security OAuth2 + OAuth2.0… Continue Reading spring-security-oauth
getdocs
Spring REST API + OAuth2 + Angular Spring Security OAuth 1. Overview In this tutorial, we’ll secure a REST API with OAuth and consume it from a simple Angular client. The application we’re going to build out will consist of four separate modules: Authorization Server Resource Server UI implicit –… Continue Reading rest-api-spring-oauth2-angularjs
getdocs
Extracting Principal and Authorities using Spring Security OAuth 1. Overview In this tutorial, we’ll illustrate how to create an application that delegates user authentication to a third party, as well as to a custom authorization server, using Spring Boot and Spring Security OAuth. Also, we’ll demonstrate how to extract both Principal and Authorities using Spring’s PrincipalExtractor… Continue Reading spring-security-oauth-principal-authorities-extractor
getdocs
OAuth2 – @EnableResourceServer vs @EnableOAuth2Sso 1. Overview In this tutorial, we’re going to talk about the @EnableResourceServer and @EnableOAuth2Sso annotations in Spring Security. We’ll begin by explaining the differences between an OAuth2 Client and an OAuth2 Resource Server. Afterwards, we’ll talk a little about what these annotations can do for us and… Continue Reading spring-security-oauth2-enable-resource-server-vs-enable-oauth2-sso
getdocs
OAuth2 Remember Me with Refresh Token 1. Overview In this article, we will add a “Remember Me” functionality to an OAuth 2 secured application, by leveraging the OAuth 2 Refresh Token. This article is a continuation of our series on using OAuth 2 to secure a Spring REST API, which… Continue Reading spring-security-oauth2-remember-me
getdocs
Front-End App with Spring Security OAuth – Authorization Code Flow 1. Overview In this tutorial, we’ll continue our Spring Security OAuth series by building a simple front end for Authorization Code flow. Keep in mind that the focus here is the client-side; have a look at the Spring REST API + OAuth2… Continue Reading spring-security-oauth-authorization-code-flow
getdocs