Wednesday, 8 March 2017

Oauth2 Spring Security - In Memory (JWT Tokenstore ) and JDBCTokenStore - Oracle DB



SOURCE  : https://github.com/sanalsamuel/tuts

Oauth2 is the standard for protecting your resources , this  example we learn how to use the InMemory Store also the JDBCToken store to decline access easily for a particular resource.

Here we demonstrate to protect REST api using - Spring OAUTH2

SCHEMA REQUIRED : -



    CREATE TABLE "OAUTH_CLIENT_DETAILS"
  (    "CLIENT_ID" VARCHAR2(4000 BYTE),
   "RESOURCE_IDS" VARCHAR2(4000 BYTE),
   "CLIENT_SECRET" VARCHAR2(4000 BYTE),
   "SCOPE" VARCHAR2(4000 BYTE),
   "AUTHORIZED_GRANT_TYPES" VARCHAR2(4000 BYTE),
   "WEB_SERVER_REDIRECT_URI" VARCHAR2(4000 BYTE),
   "AUTHORITIES" VARCHAR2(4000 BYTE),
   "ACCESS_TOKEN_VALIDITY" NUMBER(*,0),
   "REFRESH_TOKEN_VALIDITY" NUMBER(*,0),
   "ADDITIONAL_INFORMATION" VARCHAR2(4000 BYTE),
   "AUTOAPPROVE" VARCHAR2(4000 BYTE),
    PRIMARY KEY ("CLIENT_ID"))

CREATE TABLE "OAUTH_ACCESS_TOKEN"
  (    "TOKEN_ID" VARCHAR2(255 BYTE),
   "TOKEN" BLOB,
   "AUTHENTICATION_ID" VARCHAR2(255 BYTE) NOT NULL ENABLE,
   "USER_NAME" VARCHAR2(255 BYTE),
   "CLIENT_ID" VARCHAR2(255 BYTE),
   "AUTHENTICATION" BLOB,
   "REFRESH_TOKEN" VARCHAR2(255 BYTE),
    CONSTRAINT "OAUTH_ACCESS_TOKEN_PK" PRIMARY KEY ("AUTHENTICATION_ID"))


Example insert

Insert into APIDEV.OAUTH_CLIENT_DETAILS (CLIENT_ID,RESOURCE_IDS,CLIENT_SECRET,SCOPE,AUTHORIZED_GRANT_TYPES,WEB_SERVER_REDIRECT_URI,AUTHORITIES,ACCESS_TOKEN_VALIDITY,REFRESH_TOKEN_VALIDITY,ADDITIONAL_INFORMATION,AUTOAPPROVE) values ('f728f3d76f7f4c88a9b0880504e9fe95','oauth2-resource','$2a$10$CiJhIo78K21cAsftlEBBFe24gwNY1fZCnEoiKALck3b0LkpkYwQ2G','trust','client_credentials','NA','ROLE_CLIENT',300,null,'{"ios":"1.0.2"}','trust');

U = f728f3d76f7f4c88a9b0880504e9fe95
P = 45408dce9b444cabb0c8d2b7b3c2b58f
hashed P = $2a$10$CiJhIo78K21cAsftlEBBFe24gwNY1fZCnEoiKALck3b0LkpkYwQ2G
U = b74dd71e48464efc997442de404b4670
P = 5ba9bb55594e4bdfb68d8f161ded110f

hashed P = $2a$10$x/hbo9LAkHLfD8mrTjQWguglg8zlusLcG591lVNdowSIL12bPQNAe



   

API :  http://localhost:7001/ssOauth/oauth/ 
Authorization : Basic - Username : Password
Grant Type :  client_credentials
Success Response : HTTP 200
Declined Client :-  HTTP 403

 



 

 


API :  http://localhost:7001/ssOauth/api/test
Authorization : Bearer TOKEN eg Bearer 116be482-d40e-48ba-a92a-dc3e012c77b8
Success Response : HTTP 200
Invalid Token : HTTP 401

-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS Certificate Manager - Import Certificate

How to import a certificate. Use Key Store Explorer to open the cert and export keypair in PEM format  This will save a file cert.pem. Make ...