18 Hands-on: An OAuth 2 application

 

This chapter covers

  • Configuring Keycloak as an authorization server for OAuth 2
  • Using global method security in an OAuth 2 resource server

In chapters 12 through 15, we discussed in detail how an OAuth 2 system works and how you implement one with Spring Security. We then changed the subject and in chapters 16 and 17, you learned how to apply authorization rules at any layer of your application using global method security. In this chapter, we’ll combine these two essential subjects and apply global method security within an OAuth 2 resource server.

Besides defining authorization rules at different layers of our resource server implementation, you’ll also learn how to use a tool named Keycloak as the authorization server for your system. The example we’ll work on this chapter is helpful for the following reasons:

18.1 The application scenario

 
 
 
 

18.2 Configuring Keycloak as an authorization server

 
 
 
 

18.2.1 Registering a client for our system

 
 

18.2.2 Specifying client scopes

 

18.2.3 Adding users and obtaining access tokens

 
 

18.2.4 Defining the user roles

 
 

18.3 Implementing the resource server

 
 

18.4 Testing the application

 
 
 

18.4.1 Proving an authenticated user can only add a record for themself

 
 

18.4.2 Proving that a user can only retrieve their own records

 
 
 

18.4.3 Proving that only admins can delete records

 

Summary

 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest