Java
Need help with jwt-oauth2-example?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
absolutegalaber

Description

Demo for OAuth2 JWT based authorziation / authentication for MicroServices

132 Stars 82 Forks 17 Commits 5 Opened issues

Services available

Need anything else?

Spring security based test project for Micro services using JWT

Build Status

This test project contains following setup:

  1. Authorization Server: An OAuth2 server which acts as an OAuth2 Authorization Server
  2. Resource Server: An MicroService which acts as OAuth2 Client and serves Secure Resources
  3. Aggregation Server: An MicroService, which acts as a proxy for the Resource Server and reuses OAuth2 Tokens for calls to underlining MicroServices

How to start

  1. Make sure you have maven installed
  2. Make sure you have java 1.8 installed
  3. Checkout the source code
  4. Run "mvn clean install"

Start the auth server

  1. Inside "auth-server" execute "mvn spring-boot:run"

Start the resource server

  1. Inside "resource-server" execute "mvn spring-boot:run"

Start the aggregation server

  1. Inside "aggregation-server" execute "mvn spring-boot:run"

Playing with the setup

API documentation

The resource server and the aggregation server expose their APIs via Swagger. Testing the calls is currently not possible because of missing OAuth integration in the Swagger UI

  1. Resource Server: Open http://localhost:8088/ and change the API URL to http://localhost:8088/api-docs
  2. Aggregation Server: Open http://localhost:8888/ and change the API URL to http://localhost:8888/api-docs

Get an Access Token

All access tokens can be decoded via http://jwt.io Just copy and insert the "access_token" content

Getting access token via GrantType password

Execute

curl -u my-trusted-client: http://localhost:8080/oauth/token -d "grant_type=password&username=user&password=testpass"

Getting access token via Client Credentials

Execute

curl -u my-trusted-client-with-secret:somesecret http://localhost:8080/oauth/token -d "grant_type=client_credentials"

Getting access token via authorization code

  1. Open browser with URL
    http://localhost:8080/oauth/authorize?client_id=my-client-with-registered-redirect&response_type=code
  2. Use username
    user
    , password
    testpass
    for login
  3. Click on
    Authorize
  4. Copy the code parameter from the URL
  5. Execute
    curl -u my-client-with-registered-redirect: http://localhost:8080/oauth/token -d "grant_type=authorization_code&code="

Execute Requests to the resource server

Loading protected resource from resource server

Direct Rest GET call to a protected resource on the resource server

  1. Get an access token via authorization code or password
  2. Execute
    curl -H "Content-Type: application/json" -H "Authorization: Bearer " http://localhost:8088/api/me

Loading protected resource from aggregation server

Rest GET call to the aggregation server, which uses the presented OAuth2 Token to make a call to a protected resource on the resource server

  1. Get an access token via authorization code or password
  2. Execute
    curl -H "Content-Type: application/json" -H "Authorization: Bearer " http://localhost:8888/api/me

How to create own key store and corresponding public key file

generate keystore

keytool -genkeypair -alias jwt-test -keyalg RSA \
-dname "CN=jwt,OU=jtw,O=jtw,L=zurich,S=zurich,C=CH" \
-keypass TODOchange \ 
-keystore jwt-test.jks \ 
-storepass TODOchange

or in one step: export public key

keytool -list -rfc --keystore jwt-test.jks | openssl x509 -inform pem -pubkey

copy paste public key part into public key file: public.cert

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.