Skip to main content

Securing Server-to-Server Communication with "Spring Boot" & "OAuth 2"

In this article we will see how to Secure a Server-to-Server Communication with Spring Boot & OAuth 2's "client_credentials" grant_type.

In a "client_credentials" grant_type there is no need for a "user" interaction and no browser is involved; it makes it a perfect fit to secure Server-to-Server Communication.

We will first create a "resource-server" containing secured REST endpoints for "Products", next we will create an "authorization-server" using spring-authorization-server, lastly we will create a "client-server" to access "Products" REST APIs with the help of "authorization-server".

Let's get started !!!

1) Authorization Server

The primary goal of an "Authorization Server" is to issue "OAuth 2.0 tokens" requested by the client and verify those tokens on request of the "Resource Server". It also provides mechanism for "Client" & "User" registration and "Role" & "Authority" management.

1.1) Dependencies

Lets create a project with Spring Initializr, make sure to add required dependencies as shown in the picture below:

Dependencies

Also add "spring-security-oauth2-authorization-server" dependency to the project; the final "pom.xml" should look something like this:

1.2) Configuration

In the configuration below, we are adding an in-memory client, providing a bean to generate a 2048-byte RSA key and configuring a unique issuer URL as required by an authorization server.

Next, we can also configure "@EnableWebSecurity" to manage the security of this "Authorization Server" server itself, lets keep this blank, for now,

1.3) Host Entry

To make the "ProviderSettings" bean work, we need to add the below entry in the server's hostfile (/etc/hosts).

127.0.0.1 auth-server

1.4) Properties file

Let's add "logging" related properties and "server port" to "application.yml".

2) Resource Server

A resource server is the one hosting REST APIs; these secured APIs will be accessed by the client with the help of an "OAuth 2.0 token" obtained from the "Authorization Server".

2.1) Dependencies

Lets create a project with Spring Initializr, make sure to add required dependencies as shown in the picture below:

Dependencies

The final "pom.xml" should look something like this:


2.2) Model

We will create a simple REST endpoint to return a list of "Product", here is the model to represent it:

2.3) Controller

This is the place to define the rest end-point for getting Employee's list:

2.4) Configuration

In the configuration below, we are securing "/products/**" endpoint with "HttpSecurity", this can only be accessed by clients having "products.read" authority.

2.5) Properties file

Let's add "logging" related properties, "server port" and "issuer-uri" to "application.yml".

3) Client Server

This is another server; it will act as a client for "Resource Server" and will access "Product" APIs with the help of an "OAuth 2.0 token" obtained from "Authorization Server."

3.1) Dependencies

Lets create a project with Spring Initializr, make sure to add required dependencies as shown in the picture below:

Dependencies

The final "pom.xml" should look something like this:


3.2) Model

We will retrieve a list of "Product" from "Resource Server", here is the model to de-serialize it:

3.3) Configuration

In the configuration below, we are configuring a "WebClient" to send requests to "Resource Server" and a ClientProvider to authorize client-credentials with "Authorization Server".

Next, we can also configure "@EnableWebSecurity" to manage the security of this "Client Server" itself, let's use "HttpSecurity" to secure all the URLs except "/products-view/**".

3.4) Controller

We have configured a "@GetMapping" for "/products-view", we will use this to retrieve the list of "Product" from "Resource Server" and show the same as a JSON in the browser.

3.5) Properties file

Let's add "client" credentials, "debug" related properties, "server port" and "issuer-uri" to "application.yml".

These client credentials will be used to get a "OAuth 2.0 tokens" from "Authorization Server".

4) Testing

We can now test our Server-to-Server Communication flow, lets run "authorization-server", "resource-server" and "client-server" in order and navigate to http://localhost:8080/products-view.

Source Code

Labels:

Comments

Post a Comment

Popular posts from this blog

Deploying Spring Boot microservices on Kubernetes Cluster

This article guides you through the deployment of two Spring Boot microservices, namely "order-service" and "inventory-service," on Kubernetes using "MiniKube" . We will establish communication between them, with "order-service" making calls to an endpoint in "inventory-service." Additionally, we will configure "order-service" to be accessible from the local machine's browser . 1) Create Spring Boot microservices The Spring Boot microservices, "order-service" and "inventory-service," have been developed and can be found in this GitHub repository. If you are interested in learning more about creating Spring Boot REST microservices, please refer to this or this (Reactive) link. 2) Build Docker Images The Docker images for both "order-service" and "inventory-service" have already been generated and deployed on DockerHub, as shown below. codeburps/order-service cod...
Post a Comment
Read more

Circuit Breaker Pattern with Resilience4J in a Spring Boot Application

Read Also: Spring Cloud Circuit Breaker + Resilience4j Resilience4j is a lightweight fault tolerance library that draws inspiration from Netflix Hystrix but is specifically crafted for functional programming. The library offers higher-order functions, known as decorators , designed to augment any functional interface, lambda expression, or method reference with features such as Circuit Breaker, Rate Limiter, Retry, or Bulkhead . These functionalities can be seamlessly integrated within a project, class, or even applied to a single method. It's possible to layer multiple decorators on any functional interface, lambda expression, or method reference, allowing for versatile and customizable fault tolerance. While numerous annotation-based implementations exist online, this article focuses solely on the reactive approach using router predicates and router functions . How Circuit Breaker Pattern works? In general, a circuit breaker functions as an automatic electrical s...
Post a Comment
Read more

How to create a basic Spring 6 project using Maven

Below is a step-by-step guide to creating a basic Spring project using Maven. 1) Create a Maven Project Use the following Maven command to create a new Maven project. mvn archetype:generate -DgroupId=com.tb -DartifactId=spring-demo -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false 2) Import in IntelliJ IDEA If you haven't already, open IntelliJ IDEA on your system. Go to "File" > "New" > "Project from Existing Sources..." . In the file dialog, navigate to the directory where your Maven project is located. Select the pom.xml file within the project directory and click "Open." 3) Update pom.xml In total, the application requires the below-mentioned dependencies: 4) Create Spring Configuration Create a Java configuration class that uses annotations to define your Spring beans and their dependencies. This class should be annotated with @Configuration . 5) Create the Main Application C...
Post a Comment
Read more