Josh Cummings 7dac99f157 Update to Gradle 8.14.3 1 місяць тому
..
gradle 7dac99f157 Update to Gradle 8.14.3 1 місяць тому
src 8059fb84ce Update :servlet:spring-boot:java:oauth2:resource-server:static to 7 3 місяців тому
README.adoc 8059fb84ce Update :servlet:spring-boot:java:oauth2:resource-server:static to 7 3 місяців тому
build.gradle 7dcf2989e4 Update Resource Server Samples 3 місяців тому
gradle.properties 8059fb84ce Update :servlet:spring-boot:java:oauth2:resource-server:static to 7 3 місяців тому
gradlew 3f8e2c204a Upgrade to Gradle 8.3 2 роки тому
gradlew.bat 3f8e2c204a Upgrade to Gradle 8.3 2 роки тому
settings.gradle 50ffc04d54 Make Projects Individually Runnable 1 рік тому

README.adoc

= OAuth 2.0 Resource Server Sample

This sample demonstrates integrating Resource Server with a pre-configured key.

With it, you can run the integration tests or run the application as a stand-alone service to explore how you can
secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.

== 1. Running the tests

To run the tests, do:

```bash
./gradlew integrationTest
```

Or import the project into your IDE and run `OAuth2StaticResourceServerApplicationITests` from there.

=== What is it doing?

By default, the application is configured with an RSA public key that is available in the sample.

The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key.
Each test makes a query to the Resource Server with their corresponding token.

The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase

```bash
Hello, subject!
```

where "subject" is the value of the `sub` field in the token.

== 2. Running the app

To run as a stand-alone application, do:

```bash
./gradlew bootRun
```

Or import the project into your IDE and run `OAuth2StaticResourceServerApplication` from there.

Once it is up, you can use the following token:

```bash
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9go
```

And then make this request:

```bash
curl -H "Authorization: Bearer $TOKEN" localhost:8080
```

Which will respond with the phrase:

```bash
Hello, subject!
```

where `subject` is the value of the `sub` field in the token.

Or this:

```bash
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ

curl -H "Authorization: Bearer $TOKEN" localhost:8080/message
```

Will respond with:

```bash
secret message
```

== 3. Testing with Other Tokens

You can create your own tokens. Simply edit the public key in `OAuth2ResourceServerSecurityConfiguration` to match the private key you use.

To use the `/` endpoint, any valid token will do.
To use the `/message` endpoint, the token should have the `message:read` scope.