• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Spring Framework OAuth 2 support  RSS feed

 
Ranch Hand
Posts: 90
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am considering developing a RESTful application that provides an API for mobile apps, but which is not intended to be accessed directly in a web browser (at least for the first version of the service). In order to secure the API endpoints, I would like to use OAuth 2.

Does Spring Framework support server-side OAuth 2 directly, or is there an existing stable library that can add OAuth 2 support to a Spring Application? I was considering using Jersey Framework, but currently Jersey Framework only supports OAuth 2 "client". See: https://jersey.java.net/documentation/latest/security.html#d0e11342

Does Spring in Action cover integrating OAuth?

Daniel
 
Ranch Hand
Posts: 672
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Spring has it:
http://projects.spring.io/spring-security-oauth/
 
Daniel Trebbien
Ranch Hand
Posts: 90
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh wow! That seems to be what I am looking for. Thanks!

Does Spring in Action have a section on Spring Security OAuth? Is there another recommendation for securing a RESTful API service?
 
author
Posts: 396
8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

SiA4 does not cover Spring Security for OAuth. It was my intent to include such coverage, but Spring Security for OAuth was undergoing some changes configuration-wise while I was writing the book and the book was getting *WAY* too big, so we decided to leave it out. I'll think about where you can find a good S2OAuth example and reply again here later.

Daniel Trebbien wrote:Oh wow! That seems to be what I am looking for. Thanks!

Does Spring in Action have a section on Spring Security OAuth? Is there another recommendation for securing a RESTful API service?

 
Bruce Jin
Ranch Hand
Posts: 672
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Craig.
I look forward your S2OAuth example.
Bruce
 
Craig Walls
author
Posts: 396
8
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Take a look at https://github.com/habuma/SpringREST. Specifically, the trips-secured example which shows how to secure a Spring MVC-based REST API with Spring Security for OAuth 2. Be sure to also take a look at the client_authorization.txt file, which gives you a few clues about how a client might use this API. (Note that there is no client code written here.)

Bruce Jin wrote:Thanks Craig.
I look forward your S2OAuth example.
Bruce

 
Bruce Jin
Ranch Hand
Posts: 672
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Craig.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!