时空索引>> oAuth2.0WithSwaggerUI2.0>> 返回
项目作者: BADRKAC

项目描述 :
Securing a Swagger API with OAuth2 JWT
高级语言: Java
项目地址: git://github.com/BADRKAC/oAuth2.0WithSwaggerUI2.0.git
创建时间: 2018-04-22T13:35:05Z
项目社区:https://github.com/BADRKAC/oAuth2.0WithSwaggerUI2.0
开源协议:
下载


Securing a Swagger API with OAuth2 JWT

How to Run ?

  1. mvn clean
  2. mvn spring-boot:run

Swagger-UI

Swagger-UI-Home

Configuration

I used H2 DB Embedded Databases
to get information about user, you can add user in data.sql

to secure methods, you can add the mapping in (ResourceServerConfiguration.java)

  1.  public void configure(HttpSecurity http) throws Exception {
  2.         http
  3.                 .csrf().disable()
  4.                 .anonymous().disable()
  5.                 .authorizeRequests()
  6.                 .antMatchers(HttpMethod.OPTIONS).permitAll()
  7.                 .antMatchers("/oauth/**").authenticated();
  9.     }

  • Type of authorization : L’autorisation via mot de passe (Resource Owner Password Credentials Grant)

  • La sécurisation et l’autorisation est pris en charge au niveau de la méthode par les annotations, en définissant les rôles globales une seule fois dans la classe de configuration (ResourceServerConfiguration).

oauth configurations : applications properties

  1. config.oauth2.tokenTimeout=3600
  2. config.oauth2.resource.id=*****
  3. config.oauth2.clientID=*****
  4. config.oauth2.clientSecret=*****
  5. security.oauth2.client.grantType=*****
  6. config.oauth2.accessTokenUri=*******

User Data (data.sql)

  1.    badr@hive.com  | password
  2.    ayoub@hive.com | password
  3.    nidal@hive.com | password

Authorize

  • Use above given user details to login and generate the authorization token.

login fill

Swagger-UI-login

  • Before : Unauthorized
    before
  • After : you can now see information about user
    after

Postman

  • Test requests .
    Swagger-UI-login

  • get the authorization token from swagger-UI after login.
    Swagger-UI-login

Useful links

http://www.bubblecode.net/fr/2016/01/22/comprendre-oauth2/

https://dzone.com/articles/hashing-passwords-in-java-with-bcrypt

https://swagger.io/docs/specification/authentication/oauth2/

https://github.com/spring-projects/spring-security-oauth

https://github.com/Baeldung/spring-security-oauth