├── README.md
└── SpringRestSecurityOauth
    ├── .classpath
    ├── .project
    ├── .settings
        ├── org.eclipse.jdt.core.prefs
        ├── org.eclipse.wst.common.component
        └── org.eclipse.wst.common.project.facet.core.xml
    ├── pom.xml
    ├── src
        └── main
        │   ├── java
        │       └── com
        │       │   └── beingjavaguys
        │       │       ├── controllers
        │       │           └── RestController.java
        │       │       ├── models
        │       │           └── User.java
        │       │       └── services
        │       │           ├── DataService.java
        │       │           └── DataServiceImpl.java
        │   └── webapp
        │       ├── WEB-INF
        │           ├── mvc-dispatcher-servlet.xml
        │           ├── spring-security.xml
        │           └── web.xml
        │       └── index.jsp
    └── target
        └── classes
            └── com
                └── beingjavaguys
                    ├── controllers
                        └── RestController.class
                    ├── models
                        └── User.class
                    └── services
                        ├── DataService.class
                        └── DataServiceImpl.class


/README.md:
--------------------------------------------------------------------------------
 1 | ## Updated Version avilable here: https://www.codeburps.com/post/spring-boot-oauth2-for-server-to-server-security
 2 | 
 3 | 
 4 | 
 5 | #### Securing Restful Web Services with Spring Security and OAuth2 
 6 | 
 7 | The flow of application will go something like this:
 8 | 
 9 | ##### 1) User sends a GET request to server with five parameters: grant_type,  username, password, client_id, client_secret;  something like this
10 | 
11 | <a href="http://localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=beingjavaguys&password=spring@java">http://localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=beingjavaguys&password=spring@java</a>
12 | 
13 | ##### 2) Server validates the user with help of spring security, and if the user is authenticated, OAuth generates a access token and send sends back to user in following format.
14 | ```
15 | {
16 | "access_token": "22cb0d50-5bb9-463d-8c4a-8ddd680f553f",
17 | "token_type": "bearer",
18 | "refresh_token": "7ac7940a-d29d-4a4c-9a47-25a2167c8c49",
19 | "expires_in": 119
20 | }
21 | ```
22 | Here we got access_token for further communication with server or to get some protected resourses(API’s), it mentioned a expires_in time that indicates the validation time of the token and a refresh_token that is being used to get a new token when token is expired.
23 | 
24 | ##### 3) We access protected resources by passing this access token as a parameter, the request goes something like this:
25 | 
26 | <a href="http://localhost:8080/SpringRestSecurityOauth/api/users/?access_token=8c191a0f-ebe8-42cb-bc18-8e80f2c4238e">http://localhost:8080/SpringRestSecurityOauth/api/users/?access_token=8c191a0f-ebe8-42cb-bc18-8e80f2c4238e</a>
27 | 
28 | Here http://localhost:8080/SpringRestSecurityOauth is the server path, and  /api/users/ Is an API  URL that returns a list of users and is being protected to be accessed.
29 | 
30 | ##### 4) If the token is not expired and is a valid token, the requested resources will be returned.
31 | 
32 | ##### 5) In case the token is expired, user needs to get a new token using its refreshing token that was accepted in step(2). A new access token request after expiration looks something like this:
33 | 
34 | <a href="http://localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=refresh_token&client_id=restapp&client_secret=restapp&refresh_token=7ac7940a-d29d-4a4c-9a47-25a2167c8c49">http://localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=refresh_token&client_id=restapp&client_secret=restapp&refresh_token=7ac7940a-d29d-4a4c-9a47-25a2167c8c49</a>
35 | 
36 | And you will get a new access token along with a new refresh token.
37 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 |   <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
 4 |   <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
 5 |   <classpathentry kind="output" path="target/classes"/>
 6 |   <classpathentry kind="var" path="M2_REPO/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar"/>
 7 |   <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 8 |   <classpathentry kind="var" path="M2_REPO/commons-io/commons-io/1.3.2/commons-io-1.3.2.jar"/>
 9 |   <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.17/log4j-1.2.17.jar" sourcepath="M2_REPO/log4j/log4j/1.2.17/log4j-1.2.17-sources.jar"/>
10 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/4.0.7.RELEASE/spring-web-4.0.7.RELEASE.jar"/>
11 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/4.0.7.RELEASE/spring-aop-4.0.7.RELEASE.jar"/>
12 |   <classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
13 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/4.0.7.RELEASE/spring-beans-4.0.7.RELEASE.jar"/>
14 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/4.0.7.RELEASE/spring-core-4.0.7.RELEASE.jar"/>
15 |   <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar"/>
16 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/4.0.7.RELEASE/spring-context-4.0.7.RELEASE.jar"/>
17 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-expression/4.0.7.RELEASE/spring-expression-4.0.7.RELEASE.jar"/>
18 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-webmvc/4.0.7.RELEASE/spring-webmvc-4.0.7.RELEASE.jar"/>
19 |   <classpathentry kind="var" path="M2_REPO/org/springframework/security/spring-security-web/3.2.5.RELEASE/spring-security-web-3.2.5.RELEASE.jar"/>
20 |   <classpathentry kind="var" path="M2_REPO/org/springframework/security/spring-security-core/3.2.5.RELEASE/spring-security-core-3.2.5.RELEASE.jar"/>
21 |   <classpathentry kind="var" path="M2_REPO/org/springframework/security/spring-security-config/3.2.5.RELEASE/spring-security-config-3.2.5.RELEASE.jar"/>
22 |   <classpathentry kind="var" path="M2_REPO/org/springframework/security/oauth/spring-security-oauth2/1.0.0.RELEASE/spring-security-oauth2-1.0.0.RELEASE.jar"/>
23 |   <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar"/>
24 |   <classpathentry kind="var" path="M2_REPO/org/codehaus/jackson/jackson-mapper-asl/1.9.10/jackson-mapper-asl-1.9.10.jar" sourcepath="M2_REPO/org/codehaus/jackson/jackson-mapper-asl/1.9.10/jackson-mapper-asl-1.9.10-sources.jar"/>
25 |   <classpathentry kind="var" path="M2_REPO/org/codehaus/jackson/jackson-core-asl/1.9.10/jackson-core-asl-1.9.10.jar" sourcepath="M2_REPO/org/codehaus/jackson/jackson-core-asl/1.9.10/jackson-core-asl-1.9.10-sources.jar"/>
26 |   <classpathentry kind="var" path="M2_REPO/com/google/code/gson/gson/2.2.2/gson-2.2.2.jar"/>
27 |   <classpathentry kind="var" path="M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar"/>
28 |   <classpathentry kind="var" path="M2_REPO/org/springframework/spring-context-support/4.0.7.RELEASE/spring-context-support-4.0.7.RELEASE.jar"/>
29 | </classpath>


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/.project:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <projectDescription>
 3 |   <name>SpringRestSecurityOauth</name>
 4 |   <comment>NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
 5 |   <projects/>
 6 |   <buildSpec>
 7 |     <buildCommand>
 8 |       <name>org.eclipse.jdt.core.javabuilder</name>
 9 |     </buildCommand>
10 |     <buildCommand>
11 |       <name>org.eclipse.wst.common.project.facet.core.builder</name>
12 |     </buildCommand>
13 |     <buildCommand>
14 |       <name>org.eclipse.wst.validation.validationbuilder</name>
15 |     </buildCommand>
16 |   </buildSpec>
17 |   <natures>
18 |     <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
19 |     <nature>org.eclipse.jdt.core.javanature</nature>
20 |     <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
21 |     <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
22 |   </natures>
23 | </projectDescription>


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/.settings/org.eclipse.jdt.core.prefs:
--------------------------------------------------------------------------------
1 | #Wed Oct 15 13:56:41 IST 2014
2 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
3 | eclipse.preferences.version=1
4 | org.eclipse.jdt.core.compiler.source=1.7
5 | org.eclipse.jdt.core.compiler.compliance=1.7
6 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/.settings/org.eclipse.wst.common.component:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
 2 |   <wb-module deploy-name="SpringRestSecurityOauth">
 3 |     <property name="context-root" value="SpringRestSecurityOauth"/>
 4 |     <wb-resource deploy-path="/" source-path="src/main/webapp"/>
 5 |     <property name="java-output-path" value="/target/classes"/>
 6 |     <dependent-module archiveName="commons-io-1.3.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-io/commons-io/1.3.2/commons-io-1.3.2.jar">
 7 |       <dependency-type>uses</dependency-type>
 8 |     </dependent-module>
 9 |     <dependent-module archiveName="log4j-1.2.17.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/log4j/log4j/1.2.17/log4j-1.2.17.jar">
10 |       <dependency-type>uses</dependency-type>
11 |     </dependent-module>
12 |     <dependent-module archiveName="spring-web-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-web/4.0.7.RELEASE/spring-web-4.0.7.RELEASE.jar">
13 |       <dependency-type>uses</dependency-type>
14 |     </dependent-module>
15 |     <dependent-module archiveName="spring-aop-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-aop/4.0.7.RELEASE/spring-aop-4.0.7.RELEASE.jar">
16 |       <dependency-type>uses</dependency-type>
17 |     </dependent-module>
18 |     <dependent-module archiveName="aopalliance-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar">
19 |       <dependency-type>uses</dependency-type>
20 |     </dependent-module>
21 |     <dependent-module archiveName="spring-beans-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-beans/4.0.7.RELEASE/spring-beans-4.0.7.RELEASE.jar">
22 |       <dependency-type>uses</dependency-type>
23 |     </dependent-module>
24 |     <dependent-module archiveName="spring-core-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-core/4.0.7.RELEASE/spring-core-4.0.7.RELEASE.jar">
25 |       <dependency-type>uses</dependency-type>
26 |     </dependent-module>
27 |     <dependent-module archiveName="commons-logging-1.0.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
28 |       <dependency-type>uses</dependency-type>
29 |     </dependent-module>
30 |     <dependent-module archiveName="spring-context-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-context/4.0.7.RELEASE/spring-context-4.0.7.RELEASE.jar">
31 |       <dependency-type>uses</dependency-type>
32 |     </dependent-module>
33 |     <dependent-module archiveName="spring-expression-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-expression/4.0.7.RELEASE/spring-expression-4.0.7.RELEASE.jar">
34 |       <dependency-type>uses</dependency-type>
35 |     </dependent-module>
36 |     <dependent-module archiveName="spring-webmvc-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-webmvc/4.0.7.RELEASE/spring-webmvc-4.0.7.RELEASE.jar">
37 |       <dependency-type>uses</dependency-type>
38 |     </dependent-module>
39 |     <dependent-module archiveName="spring-security-web-3.2.5.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/security/spring-security-web/3.2.5.RELEASE/spring-security-web-3.2.5.RELEASE.jar">
40 |       <dependency-type>uses</dependency-type>
41 |     </dependent-module>
42 |     <dependent-module archiveName="spring-security-core-3.2.5.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/security/spring-security-core/3.2.5.RELEASE/spring-security-core-3.2.5.RELEASE.jar">
43 |       <dependency-type>uses</dependency-type>
44 |     </dependent-module>
45 |     <dependent-module archiveName="spring-security-config-3.2.5.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/security/spring-security-config/3.2.5.RELEASE/spring-security-config-3.2.5.RELEASE.jar">
46 |       <dependency-type>uses</dependency-type>
47 |     </dependent-module>
48 |     <dependent-module archiveName="spring-security-oauth2-1.0.0.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/security/oauth/spring-security-oauth2/1.0.0.RELEASE/spring-security-oauth2-1.0.0.RELEASE.jar">
49 |       <dependency-type>uses</dependency-type>
50 |     </dependent-module>
51 |     <dependent-module archiveName="commons-codec-1.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar">
52 |       <dependency-type>uses</dependency-type>
53 |     </dependent-module>
54 |     <dependent-module archiveName="jackson-mapper-asl-1.9.10.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/codehaus/jackson/jackson-mapper-asl/1.9.10/jackson-mapper-asl-1.9.10.jar">
55 |       <dependency-type>uses</dependency-type>
56 |     </dependent-module>
57 |     <dependent-module archiveName="jackson-core-asl-1.9.10.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/codehaus/jackson/jackson-core-asl/1.9.10/jackson-core-asl-1.9.10.jar">
58 |       <dependency-type>uses</dependency-type>
59 |     </dependent-module>
60 |     <dependent-module archiveName="gson-2.2.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/com/google/code/gson/gson/2.2.2/gson-2.2.2.jar">
61 |       <dependency-type>uses</dependency-type>
62 |     </dependent-module>
63 |     <dependent-module archiveName="commons-httpclient-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar">
64 |       <dependency-type>uses</dependency-type>
65 |     </dependent-module>
66 |     <dependent-module archiveName="spring-context-support-4.0.7.RELEASE.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-context-support/4.0.7.RELEASE/spring-context-support-4.0.7.RELEASE.jar">
67 |       <dependency-type>uses</dependency-type>
68 |     </dependent-module>
69 |     <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/java"/>
70 |     <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/>
71 |         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
72 |   </wb-module>
73 | </project-modules>
74 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/.settings/org.eclipse.wst.common.project.facet.core.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <faceted-project>
3 |   <fixed facet="jst.java"/>
4 |   <fixed facet="jst.web"/>
5 |   <installed facet="jst.web" version="2.4"/>
6 |   <installed facet="jst.java" version="1.7"/>
7 | </faceted-project>


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/pom.xml:
--------------------------------------------------------------------------------
  1 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  2 | 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  3 | 	<modelVersion>4.0.0</modelVersion>
  4 | 	<groupId>com.beingjavaguys.sample</groupId>
  5 | 	<artifactId>SpringRestSecurityOauth</artifactId>
  6 | 	<packaging>war</packaging>
  7 | 	<version>1.0-SNAPSHOT</version>
  8 | 	<name>SpringRestSecurityOauth Maven Webapp</name>
  9 | 	<url>http://maven.apache.org</url>
 10 | 	<!-- @author Nagesh.Chauhan(neel4soft@gmail.com) -->
 11 | 	<properties>
 12 | 		<spring.version>4.0.7.RELEASE</spring.version>
 13 | 		<log4j.version>1.2.17</log4j.version>
 14 | 		<jdk.version>1.7</jdk.version>
 15 | 		<context.path>SpringRestSecurityOauth</context.path>
 16 | 		<spring.security.version>3.2.5.RELEASE</spring.security.version>
 17 | 	</properties>
 18 | 	<build>
 19 | 		<finalName>${pom.artifactId}</finalName>
 20 | 		<plugins>
 21 | 			<plugin>
 22 | 				<artifactId>maven-compiler-plugin</artifactId>
 23 | 				<configuration>
 24 | 					<source>${jdk.version}</source>
 25 | 					<target>${jdk.version}</target>
 26 | 				</configuration>
 27 | 			</plugin>
 28 | 		</plugins>
 29 | 	</build>
 30 | 	<dependencies>
 31 | 
 32 | 		<dependency>
 33 | 			<groupId>org.apache.commons</groupId>
 34 | 			<artifactId>commons-io</artifactId>
 35 | 			<version>1.3.2</version>
 36 | 		</dependency>
 37 | 
 38 | 		<!-- log4j -->
 39 | 		<dependency>
 40 | 			<groupId>log4j</groupId>
 41 | 			<artifactId>log4j</artifactId>
 42 | 			<version>${log4j.version}</version>
 43 | 		</dependency>
 44 | 
 45 | 
 46 | 		<dependency>
 47 | 			<groupId>org.springframework</groupId>
 48 | 			<artifactId>spring-web</artifactId>
 49 | 			<version>${spring.version}</version>
 50 | 		</dependency>
 51 | 		<dependency>
 52 | 			<groupId>org.springframework</groupId>
 53 | 			<artifactId>spring-webmvc</artifactId>
 54 | 			<version>${spring.version}</version>
 55 | 		</dependency>
 56 | 
 57 | 		<!-- Spring Security -->
 58 | 		<dependency>
 59 | 			<groupId>org.springframework.security</groupId>
 60 | 			<artifactId>spring-security-web</artifactId>
 61 | 			<version>${spring.security.version}</version>
 62 | 		</dependency>
 63 | 		<dependency>
 64 | 			<groupId>org.springframework.security</groupId>
 65 | 			<artifactId>spring-security-config</artifactId>
 66 | 			<version>${spring.security.version}</version>
 67 | 		</dependency>
 68 | 		<dependency>
 69 | 			<groupId>org.springframework.security.oauth</groupId>
 70 | 			<artifactId>spring-security-oauth2</artifactId>
 71 | 			<version>1.0.0.RELEASE</version>
 72 | 		</dependency>
 73 | 		<dependency>
 74 | 			<groupId>com.google.code.gson</groupId>
 75 | 			<artifactId>gson</artifactId>
 76 | 			<version>2.2.2</version>
 77 | 		</dependency>
 78 | 		<dependency>
 79 | 			<groupId>org.codehaus.jackson</groupId>
 80 | 			<artifactId>jackson-mapper-asl</artifactId>
 81 | 			<version>1.9.10</version>
 82 | 		</dependency>
 83 | 		<dependency>
 84 | 			<groupId>commons-httpclient</groupId>
 85 | 			<artifactId>commons-httpclient</artifactId>
 86 | 			<version>3.1</version>
 87 | 		</dependency>
 88 | 		<dependency>
 89 | 			<groupId>org.springframework</groupId>
 90 | 			<artifactId>spring-context-support</artifactId>
 91 | 			<version>${spring.version}</version>
 92 | 		</dependency>
 93 | 		<dependency>
 94 | 			<groupId>javax.servlet</groupId>
 95 | 			<artifactId>javax.servlet-api</artifactId>
 96 | 			<version>3.0.1</version>
 97 | 			<scope>provided</scope>
 98 | 		</dependency>
 99 | 	</dependencies>
100 | </project>
101 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/java/com/beingjavaguys/controllers/RestController.java:
--------------------------------------------------------------------------------
 1 | package com.beingjavaguys.controllers;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | import org.springframework.stereotype.Controller;
 7 | import org.springframework.web.bind.annotation.RequestMapping;
 8 | import org.springframework.web.bind.annotation.RequestMethod;
 9 | import org.springframework.web.bind.annotation.ResponseBody;
10 | 
11 | import com.beingjavaguys.models.User;
12 | import com.beingjavaguys.services.DataService;
13 | 
14 | /**
15 |  * @author Nagesh.Chauhan
16 |  *
17 |  */
18 | @Controller
19 | @RequestMapping("/api/users")
20 | public class RestController {
21 | 
22 | 	@Autowired
23 | 	DataService dataService;
24 | 
25 | 	@RequestMapping(value = "/", method = RequestMethod.GET)
26 | 	@ResponseBody
27 | 	public List<User> list() {
28 | 		return dataService.getUserList();
29 | 
30 | 	}
31 | }
32 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/java/com/beingjavaguys/models/User.java:
--------------------------------------------------------------------------------
 1 | package com.beingjavaguys.models;
 2 | /**
 3 |  * @author Nagesh.Chauhan
 4 |  *
 5 |  */
 6 | public class User {
 7 | 	private int id;
 8 | 	private String name;
 9 | 	private String email;
10 | 	private String phone;
11 | 
12 | 	public User() {
13 | 		super();
14 | 		// TODO Auto-generated constructor stub
15 | 	}
16 | 
17 | 	public User(int id, String name, String email, String phone) {
18 | 		super();
19 | 		this.id = id;
20 | 		this.name = name;
21 | 		this.email = email;
22 | 		this.phone = phone;
23 | 	}
24 | 
25 | 	public int getId() {
26 | 		return id;
27 | 	}
28 | 
29 | 	public void setId(int id) {
30 | 		this.id = id;
31 | 	}
32 | 
33 | 	public String getName() {
34 | 		return name;
35 | 	}
36 | 
37 | 	public void setName(String name) {
38 | 		this.name = name;
39 | 	}
40 | 
41 | 	public String getEmail() {
42 | 		return email;
43 | 	}
44 | 
45 | 	public void setEmail(String email) {
46 | 		this.email = email;
47 | 	}
48 | 
49 | 	public String getPhone() {
50 | 		return phone;
51 | 	}
52 | 
53 | 	public void setPhone(String phone) {
54 | 		this.phone = phone;
55 | 	}
56 | 
57 | }
58 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/java/com/beingjavaguys/services/DataService.java:
--------------------------------------------------------------------------------
 1 | package com.beingjavaguys.services;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import com.beingjavaguys.models.User;
 6 | /**
 7 |  * @author Nagesh.Chauhan
 8 |  *
 9 |  */
10 | public interface DataService {
11 | 	public List<User> getUserList();
12 | }
13 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/java/com/beingjavaguys/services/DataServiceImpl.java:
--------------------------------------------------------------------------------
 1 | package com.beingjavaguys.services;
 2 | 
 3 | import java.util.ArrayList;
 4 | import java.util.List;
 5 | 
 6 | import org.springframework.stereotype.Service;
 7 | 
 8 | import com.beingjavaguys.models.User;
 9 | /**
10 |  * @author Nagesh.Chauhan
11 |  *
12 |  */
13 | @Service
14 | public class DataServiceImpl implements DataService {
15 | 
16 | 	@Override
17 | 	public List<User> getUserList() {
18 | 		
19 | 		// preparing user list with few hard coded values
20 | 		List<User> userList = new ArrayList<User>();
21 | 		
22 | 		userList.add(new User(1, "user_a", "user_a@example.com", "9898989898"));
23 | 		userList.add(new User(2, "user_b", "user_b@example.com", "9767989898"));
24 | 		userList.add(new User(3, "user_c", "user_c@example.com", "9898459898"));
25 | 		
26 | 		return userList;
27 | 	}
28 | 
29 | }
30 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/webapp/WEB-INF/mvc-dispatcher-servlet.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
 4 | 	xmlns:util="http://www.springframework.org/schema/util" xmlns:mvc="http://www.springframework.org/schema/mvc"
 5 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
 6 |   http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 7 |   http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd
 8 |   http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
 9 | 	<!-- @author Nagesh.Chauhan(neel4soft@gmail.com) -->
10 | 	<context:component-scan base-package="com.beingjavaguys" />
11 | 	<mvc:annotation-driven />
12 | </beans>


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/webapp/WEB-INF/spring-security.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" ?>
  2 | <beans xmlns="http://www.springframework.org/schema/beans"
  3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
  4 | 	xmlns:context="http://www.springframework.org/schema/context"
  5 | 	xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc"
  6 | 	xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
  7 | 		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
  8 | 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd 
  9 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
 10 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd ">
 11 | 
 12 | 	<!-- @author Nagesh.Chauhan(neel4soft@gmail.com) -->
 13 | 	<!-- This is default url to get a token from OAuth -->
 14 | 	<http pattern="/oauth/token" create-session="stateless"
 15 | 		authentication-manager-ref="clientAuthenticationManager"
 16 | 		xmlns="http://www.springframework.org/schema/security">
 17 | 		<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
 18 | 		<anonymous enabled="false" />
 19 | 		<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
 20 | 		<!-- include this only if you need to authenticate clients via request 
 21 | 			parameters -->
 22 | 		<custom-filter ref="clientCredentialsTokenEndpointFilter"
 23 | 			after="BASIC_AUTH_FILTER" />
 24 | 		<access-denied-handler ref="oauthAccessDeniedHandler" />
 25 | 	</http>
 26 | 
 27 | 	<!-- This is where we tells spring security what URL should be protected 
 28 | 		and what roles have access to them -->
 29 | 	<http pattern="/api/**" create-session="never"
 30 | 		entry-point-ref="oauthAuthenticationEntryPoint"
 31 | 		access-decision-manager-ref="accessDecisionManager"
 32 | 		xmlns="http://www.springframework.org/schema/security">
 33 | 		<anonymous enabled="false" />
 34 | 		<intercept-url pattern="/api/**" access="ROLE_APP" />
 35 | 		<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 36 | 		<access-denied-handler ref="oauthAccessDeniedHandler" />
 37 | 	</http>
 38 | 
 39 | 
 40 | 	<bean id="oauthAuthenticationEntryPoint"
 41 | 		class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
 42 | 		<property name="realmName" value="test" />
 43 | 	</bean>
 44 | 
 45 | 	<bean id="clientAuthenticationEntryPoint"
 46 | 		class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
 47 | 		<property name="realmName" value="test/client" />
 48 | 		<property name="typeName" value="Basic" />
 49 | 	</bean>
 50 | 
 51 | 	<bean id="oauthAccessDeniedHandler"
 52 | 		class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
 53 | 
 54 | 	<bean id="clientCredentialsTokenEndpointFilter"
 55 | 		class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
 56 | 		<property name="authenticationManager" ref="clientAuthenticationManager" />
 57 | 	</bean>
 58 | 
 59 | 	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
 60 | 		xmlns="http://www.springframework.org/schema/beans">
 61 | 		<constructor-arg>
 62 | 			<list>
 63 | 				<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
 64 | 				<bean class="org.springframework.security.access.vote.RoleVoter" />
 65 | 				<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
 66 | 			</list>
 67 | 		</constructor-arg>
 68 | 	</bean>
 69 | 
 70 | 	<authentication-manager id="clientAuthenticationManager"
 71 | 		xmlns="http://www.springframework.org/schema/security">
 72 | 		<authentication-provider user-service-ref="clientDetailsUserService" />
 73 | 	</authentication-manager>
 74 | 
 75 | 
 76 | 	<!-- This is simple authentication manager, with a hardcoded user/password 
 77 | 		combination. We can replace this with a user defined service to get few users 
 78 | 		credentials from DB -->
 79 | 	<authentication-manager alias="authenticationManager"
 80 | 		xmlns="http://www.springframework.org/schema/security">
 81 | 		<authentication-provider>
 82 | 			<user-service>
 83 | 				<user name="beingjavaguys" password="spring@java" authorities="ROLE_APP" />
 84 | 			</user-service>
 85 | 		</authentication-provider>
 86 | 	</authentication-manager>
 87 | 
 88 | 	<bean id="clientDetailsUserService"
 89 | 		class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
 90 | 		<constructor-arg ref="clientDetails" />
 91 | 	</bean>
 92 | 
 93 | 
 94 | 	<!-- This defined token store, we have used inmemory tokenstore for now 
 95 | 		but this can be changed to a user defined one -->
 96 | 	<bean id="tokenStore"
 97 | 		class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
 98 | 
 99 | 	<!-- This is where we defined token based configurations, token validity 
100 | 		and other things -->
101 | 	<bean id="tokenServices"
102 | 		class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
103 | 		<property name="tokenStore" ref="tokenStore" />
104 | 		<property name="supportRefreshToken" value="true" />
105 | 		<property name="accessTokenValiditySeconds" value="120" />
106 | 		<property name="clientDetailsService" ref="clientDetails" />
107 | 	</bean>
108 | 
109 | 	<bean id="userApprovalHandler"
110 | 		class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
111 | 		<property name="tokenServices" ref="tokenServices" />
112 | 	</bean>
113 | 
114 | 	<oauth:authorization-server
115 | 		client-details-service-ref="clientDetails" token-services-ref="tokenServices"
116 | 		user-approval-handler-ref="userApprovalHandler">
117 | 		<oauth:authorization-code />
118 | 		<oauth:implicit />
119 | 		<oauth:refresh-token />
120 | 		<oauth:client-credentials />
121 | 		<oauth:password />
122 | 	</oauth:authorization-server>
123 | 
124 | 	<oauth:resource-server id="resourceServerFilter"
125 | 		resource-id="test" token-services-ref="tokenServices" />
126 | 
127 | 	<oauth:client-details-service id="clientDetails">
128 | 		<!-- client -->
129 | 		<oauth:client client-id="restapp"
130 | 			authorized-grant-types="authorization_code,client_credentials"
131 | 			authorities="ROLE_APP" scope="read,write,trust" secret="secret" />
132 | 
133 | 		<oauth:client client-id="restapp"
134 | 			authorized-grant-types="password,authorization_code,refresh_token,implicit"
135 | 			secret="restapp" authorities="ROLE_APP" />
136 | 
137 | 	</oauth:client-details-service>
138 | 
139 | 	<sec:global-method-security
140 | 		pre-post-annotations="enabled" proxy-target-class="true">
141 | 		<!--you could also wire in the expression handler up at the layer of the 
142 | 			http filters. See https://jira.springsource.org/browse/SEC-1452 -->
143 | 		<sec:expression-handler ref="oauthExpressionHandler" />
144 | 	</sec:global-method-security>
145 | 
146 | 	<oauth:expression-handler id="oauthExpressionHandler" />
147 | 	<oauth:web-expression-handler id="oauthWebExpressionHandler" />
148 | </beans>
149 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 2 | 	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
 3 | 	      http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 4 | 	version="2.5">
 5 | 
 6 | 	<display-name>Sample Spring Maven Project</display-name>
 7 | 	<!-- @author Nagesh.Chauhan(neel4soft@gmail.com) -->
 8 | 
 9 | 	<servlet>
10 | 		<servlet-name>mvc-dispatcher</servlet-name>
11 | 		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
12 | 		<load-on-startup>1</load-on-startup>
13 | 	</servlet>
14 | 	<servlet-mapping>
15 | 		<servlet-name>mvc-dispatcher</servlet-name>
16 | 		<url-pattern>/</url-pattern>
17 | 	</servlet-mapping>
18 | 	<listener>
19 | 		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
20 | 	</listener>
21 | 
22 | 	<context-param>
23 | 		<param-name>contextConfigLocation</param-name>
24 | 		<param-value>  
25 |             /WEB-INF/mvc-dispatcher-servlet.xml,  
26 |             /WEB-INF/spring-security.xml
27 |         </param-value>
28 | 	</context-param>
29 | 
30 | 	<!-- Spring Security -->
31 | 
32 | 	<filter>
33 | 		<filter-name>springSecurityFilterChain</filter-name>
34 | 		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
35 | 	</filter>
36 | 
37 | 	<filter-mapping>
38 | 		<filter-name>springSecurityFilterChain</filter-name>
39 | 		<url-pattern>/*</url-pattern>
40 | 	</filter-mapping>
41 | 
42 | </web-app>


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
1 | <html>
2 | <body>
3 | <h2>Hello World!</h2>
4 | </body>
5 | </html>
6 | 


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/target/classes/com/beingjavaguys/controllers/RestController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nkchauhan003/SpringSecurityOAuth2/e79961734b03c453516b1c8c12cc8a5a7a035abb/SpringRestSecurityOauth/target/classes/com/beingjavaguys/controllers/RestController.class


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/target/classes/com/beingjavaguys/models/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nkchauhan003/SpringSecurityOAuth2/e79961734b03c453516b1c8c12cc8a5a7a035abb/SpringRestSecurityOauth/target/classes/com/beingjavaguys/models/User.class


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/target/classes/com/beingjavaguys/services/DataService.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nkchauhan003/SpringSecurityOAuth2/e79961734b03c453516b1c8c12cc8a5a7a035abb/SpringRestSecurityOauth/target/classes/com/beingjavaguys/services/DataService.class


--------------------------------------------------------------------------------
/SpringRestSecurityOauth/target/classes/com/beingjavaguys/services/DataServiceImpl.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nkchauhan003/SpringSecurityOAuth2/e79961734b03c453516b1c8c12cc8a5a7a035abb/SpringRestSecurityOauth/target/classes/com/beingjavaguys/services/DataServiceImpl.class


--------------------------------------------------------------------------------