Menu

Subscribe

Spring Boot oAuth Authentication Server

I needed small server to have a easy way to test oAuth integration.

Recently Spring Boot 1.3 was released with simplified oAuth support, so I decided to build one and dockenize it.

Spring boot details can be found here

Authentication Server

So to create simple authentication server we need (imports removed from code) 

package me.wielgolaski.auth;

@SpringBootApplication
@RestController
public class AuthServerApplication extends WebSecurityConfigurerAdapter {

    @RequestMapping({"/user", "/me"})
    public Map<String, String> user(Principal principal) {
        return Collections.singletonMap("name", principal.getName());
    }

    @Configuration
    @EnableAuthorizationServer
    protected static class MyOAuth2AuthorizationServerConfiguration extends OAuth2AuthorizationServerConfiguration {
        @Override
        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
            super.configure(security);
            security.allowFormAuthenticationForClients();
        }
    }

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration
            extends ResourceServerConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
        }
    }

    public static void main(String[] args) {
        SpringApplication.run(AuthServerApplication.class, args);
    }
}

and configuration 

security:  
  user:
    password: secret
  oauth2:
    client:
      clientId: myclient
      clientSecret: mysecret
      scope: access
      auto-approve-scopes: '.*'
    authorization:
      checkTokenAccess: permitAll()

What we get out of it, is server that supports all four grant flows for

  • user (user:password)
  • client (myclient:mysecret)

For example password grant type can be tested 

$ curl myclient:mysecret@localhost:8080/oauth/token -d grant_type=password -d username=user -d password=secret
{"access_token":"5a4e2f2e-ab73-443e-ab4c-58da9c5cef76","token_type":"bearer","refresh_token":"49caec7d-8835-42b5-8d60-e93e8e77597f","expires_in":43199,"scope":"access"}

On top of that we have endpoint /me that can be used by authentication party to get information about currently logged user.

$ curl "localhost:8080/me?access_token=5a4e2f2e-ab73-443e-ab4c-58da9c5cef76"
{"name":"user"}

Dockenize it

So we have server, but it could be cool to use it in docker.
Let's push image to docker hub for others to use.

Dockerfile 

FROM anapsix/alpine-java:8

WORKDIR /code

ADD target/auth-server-0.0.1-SNAPSHOT.jar /code/auth-server.jar

EXPOSE 8080

ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom", "-jar", "auth-server.jar"]

and helpful Makefile to simplify commands

PROJECT = spring-boot-auth-server  
REGISTRY = pwielgolaski

build: target  
    docker build -t $(REGISTRY)/$(PROJECT) .
target:  
    mvn package -DskipTests
run:  
    docker run -p 8080:8080 $(REGISTRY)/$(PROJECT)
push:  
    docker push $(REGISTRY)/$(PROJECT)

So now if you want to use it, just run 

docker run -p 8080:8080 pwielgolaski/spring-boot-auth-server

Project can be found on github

Piotr Wielgolaski

Software enthusiast