Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
github
/
spring-security
-ын хуулбар https://github.com/spring-projects/spring-security
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Салаа: 5.4.x
Салаанууд Тагууд
spring-security
/
samples
/
boot
/
oauth2resourceserver
/
README.adoc

README.adoc 4.7 KB
Байнгын холболт Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. = OAuth 2.0 Resource Server Sample
    2. 

  2. 

  3. This sample demonstrates integrating Resource Server with a mock Authorization Server, though it can be modified to integrate
    4. 

  4. with your favorite Authorization Server.
    5. 

  5. 

  6. With it, you can run the integration tests or run the application as a stand-alone service to explore how you can
    7. 

  7. secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.
    8. 

  8. 

  9. == 1. Running the tests
    10. 

  10. 

  11. To run the tests, do:
    12. 

  12. 

  13. ```bash
    14. 

  14. ./gradlew integrationTest
    15. 

  15. ```
    16. 

  16. 

  17. Or import the project into your IDE and run `OAuth2ResourceServerApplicationTests` from there.
    18. 

  18. 

  19. === What is it doing?
    20. 

  20. 

  21. By default, the tests are pointing at a mock Authorization Server instance.
    22. 

  22. 

  23. The tests are configured with a set of hard-coded tokens originally obtained from the mock Authorization Server,
    24. 

  24. and each makes a query to the Resource Server with their corresponding token.
    25. 

  25. 

  26. The Resource Server subsquently verifies with the Authorization Server and authorizes the request, returning the phrase
    27. 

  27. 

  28. ```bash
    29. 

  29. Hello, subject!
    30. 

  30. ```
    31. 

  31. 

  32. where "subject" is the value of the `sub` field in the JWT returned by the Authorization Server.
    33. 

  33. 

  34. == 2. Running the app
    35. 

  35. 

  36. To run as a stand-alone application, do:
    37. 

  37. 

  38. ```bash
    39. 

  39. ./gradlew bootRun
    40. 

  40. ```
    41. 

  41. 

  42. Or import the project into your IDE and run `OAuth2ResourceServerApplication` from there.
    43. 

  43. 

  44. Once it is up, you can use the following token:
    45. 

  45. 

  46. ```bash
    47. 

  47. export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiZXhwIjoyMTY0MjQ1ODgwLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiMDFkOThlZWEtNjc0MC00OGRlLTk4ODAtYzM5ZjgyMGZiNzVlIiwiY2xpZW50X2lkIjoibm9zY29wZXMiLCJzY29wZSI6WyJub25lIl19.VOzgGLOUuQ_R2Ur1Ke41VaobddhKgUZgto7Y3AGxst7SuxLQ4LgWwdSSDRx-jRvypjsCgYPbjAYLhn9nCbfwtCitkymUKUNKdebvVAI0y8YvliWTL5S-GiJD9dN8SSsXUla9A4xB_9Mt5JAlRpQotQSCLojVSKQmjhMpQWmYAlKVjnlImoRwQFPI4w3Ijn4G4EMTKWUYRfrD0-WNT9ZYWBeza6QgV6sraP7ToRB3eQLy2p04cU40X-RHLeYCsMBfxsMMh89CJff-9tn7VDKi1hAGc_Lp9yS9ZaItJuFJTjf8S_vsjVB1nBhvdS_6IED_m_fOU52KiGSO2qL6shxHvg
    48. 

  48. ```
    49. 

  49. 

  50. And then make this request:
    51. 

  51. 

  52. ```bash
    53. 

  53. curl -H "Authorization: Bearer $TOKEN" localhost:8080
    54. 

  54. ```
    55. 

  55. 

  56. Which will respond with the phrase:
    57. 

  57. 

  58. ```bash
    59. 

  59. Hello, subject!
    60. 

  60. ```
    61. 

  61. 

  62. where `subject` is the value of the `sub` field in the JWT returned by the Authorization Server.
    63. 

  63. 

  64. Or this to make a GET request to /messages:
    65. 

  65. 

  66. ```bash
    67. 

  67. export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiZXhwIjoyMTY0MjQ1NjQ4LCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiY2I1ZGMwNDYtMDkyMi00ZGJmLWE5MzAtOGI2M2FhZTYzZjk2IiwiY2xpZW50X2lkIjoicmVhZGVyIiwic2NvcGUiOlsibWVzc2FnZTpyZWFkIl19.Pre2ksnMiOGYWQtuIgHB0i3uTnNzD0SMFM34iyQJHK5RLlSjge08s9qHdx6uv5cZ4gZm_cB1D6f4-fLx76bCblK6mVcabbR74w_eCdSBXNXuqG-HNrOYYmmx5iJtdwx5fXPmF8TyVzsq_LvRm_LN4lWNYquT4y36Tox6ZD3feYxXvHQ3XyZn9mVKnlzv-GCwkBohCR3yPow5uVmr04qh_al52VIwKMrvJBr44igr4fTZmzwRAZmQw5rZeyep0b4nsCjadNcndHtMtYKNVuG5zbDLsB7GGvilcI9TDDnUXtwthB_3iq32DAd9x8wJmJ5K8gmX6GjZFtYzKk_zEboXoQ
    68. 

  68. 

  69. curl -H "Authorization: Bearer $TOKEN" localhost:8080/message
    70. 

  70. ```
    71. 

  71. 

  72. Will respond with:
    73. 

  73. 

  74. ```bash
    75. 

  75. secret message
    76. 

  76. ```
    77. 

  77. 

  78. In order to make a POST request to /message, you can use the following request:
    79. 

  79. 

  80. ```bash
    81. 

  81. export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiZXhwIjoyMTY0MjQzOTA0LCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiZGI4ZjgwMzQtM2VlNy00NjBjLTk3NTEtMDJiMDA1OWI5NzA4IiwiY2xpZW50X2lkIjoid3JpdGVyIiwic2NvcGUiOlsibWVzc2FnZTp3cml0ZSJdfQ.USvpx_ntKXtchLmc93auJq0qSav6vLm4B7ItPzhrDH2xmogBP35eKeklwXK5GCb7ck1aKJV5SpguBlTCz0bZC1zAWKB6gyFIqedALPAran5QR-8WpGfl0wFqds7d8Jw3xmpUUBduRLab9hkeAhgoVgxevc8d6ITM7kRnHo5wT3VzvBU8DquedVXm5fbBnRPgG4_jOWJKbqYpqaR2z2TnZRWh3CqL82Orh1Ww1dJYF_fae1dTVV4tvN5iSndYcGxMoBaiw3kRRi6EyNxnXnt1pFtZqc1f6D9x4AHiri8_vpBp2vwG5OfQD5-rrleP_XlIB3rNQT7tu3fiqu4vUzQaEg
    82. 

  82. 

  83. curl -H "Authorization: Bearer $TOKEN" -d "my message" localhost:8080/message
    84. 

  84. ```
    85. 

  85. 

  86. Will respond this:
    87. 

  87. 

  88. ```bash
    89. 

  89. Message was created. Content: my message
    90. 

  90. ```
    91. 

  91. 

  92. == 2. Testing against other Authorization Servers
    93. 

  93. 

  94. _In order to use this sample, your Authorization Server must support JWTs that either use the "scope" or "scp" attribute._
    95. 

  95. 

  96. To change the sample to point at your Authorization Server, simply find this property in the `application.yml`:
    97. 

  97. 

  98. ```yaml
    99. 

  99. spring:
    100. 

  100.   security:
    101. 

  101.     oauth2:
    102. 

  102.       resourceserver:
    103. 

  103.         jwt:
    104. 

  104.           jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
    105. 

  105. ```
    106. 

  106. 

  107. And change the property to your Authorization Server's JWK set endpoint:
    108. 

  108. 

  109. ```yaml
    110. 

  110. spring:
    111. 

  111.   security:
    112. 

  112.     oauth2:
    113. 

  113.       resourceserver:
    114. 

  114.         jwt:
    115. 

  115.           jwk-set-uri: https://dev-123456.oktapreview.com/oauth2/default/v1/keys
    116. 

  116. ```
    117. 

  117. 

  118. And then you can run the app the same as before:
    119. 

  119. 

  120. ```bash
    121. 

  121. ./gradlew bootRun
    122. 

  122. ```
    123. 

  123. 

  124. Make sure to obtain valid tokens from your Authorization Server in order to play with the sample Resource Server.
    125. 

  125. To use the `/` endpoint, any valid token from your Authorization Server will do.
    126. 

  126. To use the `/message` endpoint, the token should have the `message:read` scope.
    127.