This sample demonstrates integrating Resource Server with a pre-configured key.
With it, you can run the integration tests or run the application as a stand-alone service to explore how you can secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.
To run the tests, do:
./gradlew integrationTestOr import the project into your IDE and run OAuth2ResourceServerApplicationITests from there.
By default, the application is configured with an RSA public key that is available in the sample.
The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key. Each test makes a query to the Resource Server with their corresponding token.
The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase
Hello, subject!where "subject" is the value of the sub field in the token.
To run as a stand-alone application, do:
./gradlew bootRunOr import the project into your IDE and run OAuth2ResourceServerApplication from there.
Once it is up, you can use the following token:
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9goAnd then make this request:
curl -H "Authorization: Bearer $TOKEN" localhost:8080Which will respond with the phrase:
Hello, subject!where subject is the value of the sub field in the token.
Or this:
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ
curl -H "Authorization: Bearer $TOKEN" localhost:8080/messageWill respond with:
secret message