This project uses Spring Security to authenticate and protect some Rest resources.
It uses withAuthorizationServerConfigurerAdapter
, ResourceServerConfigurerAdapter
and WebSecurityConfigurerAdapter
combined with @PreAuthorize
to configure the security.
It also uses an H2 embeded database to authenticate the users.
mvn spring-boot:run
or build with your chosen IDE.
You should install ./JQ before running these Curl commands.
curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq
To get a refresh token
curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=access_token&access_tokem=[ACCESS_TOKEN]" | jq
To access a protected resource
curl -H "Authorization: Bearer [ACCESS_TOKEN]" localhost:8080/api/hello
Register new Account
curl -H "Authorization: Bearer $(curl register-app:secret@localhost:8080/oauth/token -d "grant_type=client_credentials&client_id=register-app" | jq --raw-output ."access_token")" localhost:8080/api/register -H "Content-Type: application/json" -d '{"username":"new-user","password":"password","firstName":"First","lastName":"Last","email":"[email protected]"}' | jq
Curl sample commands
api/me
curl -H "Authorization: Bearer $(curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq --raw-output ."access_token")" localhost:8080/api/me | jq