This sample demonstrates integrating Resource Server with a pre-configured key.
With it, you can run the integration tests or run the application as a stand-alone service to explore how you can secure your own service with OAuth 2.0 Bearer Tokens using Spring Security.
To run the tests, do:
./gradlew integrationTest
Or import the project into your IDE and run OAuth2ResourceServerApplicationITests
from there.
By default, the application is configured with an RSA public key that is available in the sample.
The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key. Each test makes a query to the Resource Server with their corresponding token.
The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase
Hello, subject!
where "subject" is the value of the sub
field in the token.
To run as a stand-alone application, do:
./gradlew bootRun
Or import the project into your IDE and run OAuth2ResourceServerApplication
from there.
Once it is up, you can use the following token:
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9go
And then make this request:
curl -H "Authorization: Bearer $TOKEN" localhost:8080
Which will respond with the phrase:
Hello, subject!
where subject
is the value of the sub
field in the token.
Or this:
export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ
curl -H "Authorization: Bearer $TOKEN" localhost:8080/message
Will respond with:
secret message