18 Hands-on: An OAuth 2 application

 

This chapter covers

  • Configuring Keycloak as an Authorization Server in your OAuth 2 system.
  • Using Global Method Security in an OAuth 2 Resource Server.

In chapters 12 to 15, we discussed in detail how an OAuth 2 system works and how you implement it with Spring Security. We then changed the subject, and in chapters 16 and 17, you learned how to apply authorization rules at any layer of your application using Global Method Security. In this chapter, we’ll combine these two essential subjects, and we’ll apply Global Method Security within an OAuth 2 Resource Server.

Besides defining authorization rules at different layers of our Resource Server implementation, you’ll also learn how to use a tool named Keycloak as the Authorization Server for your system. The example we’ll work on this chapter will be helpful for you for the following reasons:

18.1  The application’s scenario

18.2  Configuring Keycloak as an Authorization Server

18.2.1    Registering a client for our system

18.2.2    Specifying the client scopes

18.2.3    Adding the users and obtaining access tokens

18.2.4    Defining the users’ roles

18.3  Implementing the application’s Resource Server

18.4  Testing the application

18.4.1    Prove that the authenticated user can only add a record for themselves

18.4.2    Prove that a user can only retrieve their records

18.4.3    Prove that only admins can delete records

18.5  Summary

sitemap