OAuth 2.0 Swagger-UI

How to Run ?

mvn clean
mvn spring-boot:run

Swagger-UI

• After starting the application Click on Swagger-home

Configuration

I used H2 DB Embedded Databases to get information about user, you can add user in data.sql

to secure methods, you can add the mapping in (ResourceServerConfiguration.java)

 public void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .anonymous().disable()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers("/oauth/**").authenticated();

    }

• Type of authorization : L’autorisation via mot de passe (Resource Owner Password Credentials Grant)

• La sécurisation et l'autorisation est pris en charge au niveau de la méthode par les annotations, en définissant les rôles globales une seule fois dans la classe de configuration (ResourceServerConfiguration).

oauth configurations : applications properties

config.oauth2.tokenTimeout=3600
config.oauth2.resource.id=*****
config.oauth2.clientID=*****
config.oauth2.clientSecret=*****
security.oauth2.client.grantType=*****
config.oauth2.accessTokenUri=*******

User Data (data.sql)

   badr@hive.com  | password
   ayoub@hive.com | password
   nidal@hive.com | password

Authorize

• Use above given user details to login and generate the authorization token.

• Before : Unauthorized

• After : you can now see information about user

Postman

• Test requests .

• get the authorization token from swagger-UI after login.

Useful links

http://www.bubblecode.net/fr/2016/01/22/comprendre-oauth2/

https://dzone.com/articles/hashing-passwords-in-java-with-bcrypt

https://swagger.io/docs/specification/authentication/oauth2/

https://github.com/spring-projects/spring-security-oauth

https://github.com/Baeldung/spring-security-oauth