Friday, July 7, 2023

Springboot 3.1 - Spring security - Create Basic Oauth2 client

 Let's try to see what is new and what is the default behavior for spring security with oauth2 client.

Let's create sample springboot web application using https://start.spring.io/

 you can give chose basic configuration as your wish. 

Here I use, Maven - Java 17,pAckaging : jar

dependencies: Web, Oauth2 client

<dependency>

      <groupId>org.springframework.boot</groupId>

      <artifactId>spring-boot-starter-oauth2-client</artifactId>

    </dependency>

    <dependency>

      <groupId>org.springframework.boot</groupId>

      <artifactId>spring-boot-starter-web</artifactId>

    </dependency>


Sample POM file would like this


<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>3.1.1</version>
      <relativePath/> <!-- lookup parent from repository -->
   </parent>
   <groupId>com.example.danwega</groupId>
   <artifactId>outh2</artifactId>
   <version>0.0.1-SNAPSHOT</version>
   <name>outh2</name>
   <description>Spring security- Oauth2</description>
   <properties>
      <java.version>17</java.version>
   </properties>
   <dependencies>
      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter</artifactId>
      </dependency>

      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-oauth2-client</artifactId>
      </dependency>
      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-web</artifactId>
      </dependency>

      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-test</artifactId>
         <scope>test</scope>
      </dependency>
   </dependencies>

   <build>
      <plugins>
         <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
         </plugin>
      </plugins>
   </build>

</project>

After that you can download the project and I use Idea to open the project.

let's create sample controller name "HelloController" to see the basic features

Below is the sample code

package com.example.danwega.outh2.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HomeController {

    @GetMapping("/")
    public String home(){
        return "Hello - Home";
    }

    @GetMapping("secured")
    public String secured(){
        return "Hello - Secured";
    }
}

Now you can run the application

we have set the port and name for the application , not needed . if not go with default.

spring:
  application:
    name: oauth2-client
server:
  port: 8210

When you run, application will up in port 8210 as suggested and will have default generated password from spring security, as we have not configured.

Default user name : user

Default password( what ever generated password) : b584e3b2-5840-48a8-a412-f1fbe3dd4b04 

you can test the application with url

http://localhost:8210/secured

http://localhost:8210/

this will pop up for login page with user name and password.

So that's done, basic simple spring security application with oauth2-client


Below is the sample output when you run the main spring boot application class, output may differ

output

"C:\Program Files\Zulu\zulu-18\bin\java.exe" "-javaagent:C:\Program Files (x86)\JetBrains\IntelliJ IDEA Community Edition 2022.3.2\lib\idea_rt.jar=60521:C:\Program Files (x86)\JetBrains\IntelliJ IDEA Community Edition 2022.3.2\bin" -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.stderr.encoding=UTF-8 -classpath C:\Project\Tutorial\MicroService\Code\outh2\target\classes;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-starter\3.1.1\spring-boot-starter-3.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot\3.1.1\spring-boot-3.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-context\6.0.10\spring-context-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-autoconfigure\3.1.1\spring-boot-autoconfigure-3.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-starter-logging\3.1.1\spring-boot-starter-logging-3.1.1.jar;C:\Users\USERNAME\.m2\repository\ch\qos\logback\logback-classic\1.4.8\logback-classic-1.4.8.jar;C:\Users\USERNAME\.m2\repository\ch\qos\logback\logback-core\1.4.8\logback-core-1.4.8.jar;C:\Users\USERNAME\.m2\repository\org\apache\logging\log4j\log4j-to-slf4j\2.20.0\log4j-to-slf4j-2.20.0.jar;C:\Users\USERNAME\.m2\repository\org\apache\logging\log4j\log4j-api\2.20.0\log4j-api-2.20.0.jar;C:\Users\USERNAME\.m2\repository\org\slf4j\jul-to-slf4j\2.0.7\jul-to-slf4j-2.0.7.jar;C:\Users\USERNAME\.m2\repository\jakarta\annotation\jakarta.annotation-api\2.1.1\jakarta.annotation-api-2.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-core\6.0.10\spring-core-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-jcl\6.0.10\spring-jcl-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\yaml\snakeyaml\1.33\snakeyaml-1.33.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-starter-oauth2-client\3.1.1\spring-boot-starter-oauth2-client-3.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-config\6.1.1\spring-security-config-6.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-aop\6.0.10\spring-aop-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-beans\6.0.10\spring-beans-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-core\6.1.1\spring-security-core-6.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-crypto\6.1.1\spring-security-crypto-6.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-expression\6.0.10\spring-expression-6.0.10.jar;C:\Users\USERNAME\.m2\repository\io\micrometer\micrometer-observation\1.11.1\micrometer-observation-1.11.1.jar;C:\Users\USERNAME\.m2\repository\io\micrometer\micrometer-commons\1.11.1\micrometer-commons-1.11.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-oauth2-client\6.1.1\spring-security-oauth2-client-6.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-oauth2-core\6.1.1\spring-security-oauth2-core-6.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-web\6.1.1\spring-security-web-6.1.1.jar;C:\Users\USERNAME\.m2\repository\com\nimbusds\oauth2-oidc-sdk\9.43.3\oauth2-oidc-sdk-9.43.3.jar;C:\Users\USERNAME\.m2\repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;C:\Users\USERNAME\.m2\repository\com\nimbusds\content-type\2.2\content-type-2.2.jar;C:\Users\USERNAME\.m2\repository\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;C:\Users\USERNAME\.m2\repository\org\springframework\security\spring-security-oauth2-jose\6.1.1\spring-security-oauth2-jose-6.1.1.jar;C:\Users\USERNAME\.m2\repository\com\nimbusds\nimbus-jose-jwt\9.31\nimbus-jose-jwt-9.31.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-starter-web\3.1.1\spring-boot-starter-web-3.1.1.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-starter-json\3.1.1\spring-boot-starter-json-3.1.1.jar;C:\Users\USERNAME\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.15.2\jackson-databind-2.15.2.jar;C:\Users\USERNAME\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.15.2\jackson-annotations-2.15.2.jar;C:\Users\USERNAME\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.15.2\jackson-core-2.15.2.jar;C:\Users\USERNAME\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.15.2\jackson-datatype-jdk8-2.15.2.jar;C:\Users\USERNAME\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.15.2\jackson-datatype-jsr310-2.15.2.jar;C:\Users\USERNAME\.m2\repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.15.2\jackson-module-parameter-names-2.15.2.jar;C:\Users\USERNAME\.m2\repository\org\springframework\boot\spring-boot-starter-tomcat\3.1.1\spring-boot-starter-tomcat-3.1.1.jar;C:\Users\USERNAME\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\10.1.10\tomcat-embed-core-10.1.10.jar;C:\Users\USERNAME\.m2\repository\org\apache\tomcat\embed\tomcat-embed-el\10.1.10\tomcat-embed-el-10.1.10.jar;C:\Users\USERNAME\.m2\repository\org\apache\tomcat\embed\tomcat-embed-websocket\10.1.10\tomcat-embed-websocket-10.1.10.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-web\6.0.10\spring-web-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\springframework\spring-webmvc\6.0.10\spring-webmvc-6.0.10.jar;C:\Users\USERNAME\.m2\repository\org\slf4j\slf4j-api\2.0.7\slf4j-api-2.0.7.jar;C:\Users\USERNAME\.m2\repository\net\minidev\json-smart\2.4.11\json-smart-2.4.11.jar;C:\Users\USERNAME\.m2\repository\net\minidev\accessors-smart\2.4.11\accessors-smart-2.4.11.jar;C:\Users\USERNAME\.m2\repository\org\ow2\asm\asm\9.3\asm-9.3.jar com.example.danwega.outh2.Outh2Application




  .   ____          _            __ _ _


 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \


( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \


 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )


  '  |____| .__|_| |_|_| |_\__, | / / / /


 =========|_|==============|___/=/_/_/_/


 :: Spring Boot ::                (v3.1.1)


2023-07-08T11:30:14.134+05:30  INFO 23896 --- [           main] c.e.danwega.outh2.Outh2Application       : Starting Outh2Application using Java 18.0.1 with PID 23896 (C:\Project\Tutorial\MicroService\Code\outh2\target\classes started by {yourmachineName}in C:\Project\Tutorial\MicroService\Code\outh2)


2023-07-08T11:30:14.137+05:30  INFO 23896 --- [           main] c.e.danwega.outh2.Outh2Application       : No active profile set, falling back to 1 default profile: "default"


2023-07-08T11:30:15.330+05:30  INFO 23896 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8210 (http)


2023-07-08T11:30:15.342+05:30  INFO 23896 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]


2023-07-08T11:30:15.342+05:30  INFO 23896 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.10]


2023-07-08T11:30:15.458+05:30  INFO 23896 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext

2023-07-08T11:30:15.460+05:30  INFO 23896 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1246 ms

2023-07-08T11:30:15.916+05:30  WARN 23896 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 

Using generated security password: b584e3b2-5840-48a8-a412-f1fbe3dd4b04

This generated password is for development use only. Your security configuration must be updated before running your application in production.

2023-07-08T11:30:16.045+05:30  INFO 23896 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@163042ea, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@11d045b4, org.springframework.security.web.context.SecurityContextHolderFilter@3252747e, org.springframework.security.web.header.HeaderWriterFilter@3234474, org.springframework.security.web.csrf.CsrfFilter@1e692555, org.springframework.security.web.authentication.logout.LogoutFilter@d3f4505, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@73aeef7d, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@2c7db926, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1fbf088b, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@67022ea, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2dd8ff1d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2bfaba70, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1943c1f2, org.springframework.security.web.access.ExceptionTranslationFilter@6ef60295, org.springframework.security.web.access.intercept.AuthorizationFilter@7ddd84b5]


2023-07-08T11:30:16.100+05:30  INFO 23896 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8210 (http) with context path ''


2023-07-08T11:30:16.107+05:30  INFO 23896 --- [           main] c.e.danwega.outh2.Outh2Application       : Started Outh2Application in 2.479 seconds (process running for 2.901)


2023-07-08T11:31:08.174+05:30  INFO 23896 --- [nio-8210-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'


2023-07-08T11:31:08.174+05:30  INFO 23896 --- [nio-8210-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'


2023-07-08T11:31:08.175+05:30  INFO 23896 --- [nio-8210-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms



Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)