This repository is for the DevNexus 2023 presentation titled "Next Up, Spring Security 6". It contains the following four applications:

• spa - An Angular-based Single Page Application
• flights-web - A Spring-powered OAuth 2.0 client application
• flights-api - A REST API secured with Spring Security OAuth 2.0 Resource Server
• sso - A Spring-powered OAuth 2.0 Authorization Server

The final state is a single-page application that authenticates the user with OpenID Connect 1.0 and collaborates with a REST API using OAuth 2.0 bearer tokens.

First, start the authorization server, with the following command:

./gradlew :sso:bootRun

Next, start the REST API like so:

./gradlew :flights-api:bootRun

You will need the Angular CLI installed. Then, start the SPA and OAuth 2.0 Client application using the following command:

./gradlew :flights-web:bootRun

Finally, navigate to http://127.0.0.1:8000

To follow along with the presentation, start with the main branch:

git checkout main

Each checkpoint along the way contains a specific commit message you can use to quickly hop around in the presentation. For example, to switch to Step 1 - Secure by default, do the following:

./look-at 'Step 1'

This will safely attempt to switch to a particular commit, but you will be in 'detached HEAD' state. To reset to a particular point such as Step 11 - Secure BFF application ,git checkout main again, and do the following:

./jump-to 'Step 11'

This will hard-reset to the specified commit and discard changes in your working directory.