concept Authorization Server in category spring

appears as: Authorization Server, The Authorization Server, n Authorization Server, Authorization Server

Spring Security in Action MEAP V07

Spring Security in Action MEAP V07

This is an excerpt from Manning's book Spring Security in Action MEAP V07.

It would be better if we isolated the responsibility for the credentials management in one component of our system – let’s call it, for now, the Authorization Server (figure 12.3).

to see more go to 12 How does OAuth 2 work?

In this chapter, we discuss using JWT as token implementation. You learned in chapter 14 that the Resource Server needs to validate the tokens issued by the Authorization Server. And I told you about three ways to do this:

  • Using direct calls between the Resource Server and the Authorization Server, which we implemented in section 14.2.
    • to see more go to 15 OAuth 2 – Using JWT and cryptographic signatures

    In this example, we’ll implement signing with a symmetric key. This approach implies that both the Authorization Server and the Resource Server know and use the same key. The Authorization Server signs the token with the key, and the Resource Server validates the signature using the same key (figure 15.3).

    Figure 15.3 Using symmetric keys: Both the Authorization Server and the Resource Server share the same key. The Authorization Server uses the key to sign the issues tokens, and the Resource Server uses the key to validate the signature.

    Let’s create the project and add the needed dependencies. In my case, the name of the project is ssia-ch15-ex1-as. The next code snippet presents the dependencies we need to add. They are the same we also used in chapters 13 and 14 for the Authorization Server.

    <dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>
  <dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
    copy

    We configure a JwtTokenStore in the same way we did in chapter 14 for the JdbcTokenStore. Additionally, we’ll have to define an object of type JwtAccessTokenConverter. With the JwtAccessTokenConverter, we configure how the Authorization Server validates the token—in our case, using a symmetric key. Listing 15.1 shows you how to configure the JwtTokenStore in the configuration class.

    to see more go to 15 OAuth 2 – Using JWT and cryptographic signatures
    sitemap

    Unable to load book!

    The book could not be loaded.

    (try again in a couple of minutes)

    manning.com homepage
    test yourself with a liveTest