• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Spring Framework OAuth 2 support

 
Ranch Hand
Posts: 90
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am considering developing a RESTful application that provides an API for mobile apps, but which is not intended to be accessed directly in a web browser (at least for the first version of the service). In order to secure the API endpoints, I would like to use OAuth 2.

Does Spring Framework support server-side OAuth 2 directly, or is there an existing stable library that can add OAuth 2 support to a Spring Application? I was considering using Jersey Framework, but currently Jersey Framework only supports OAuth 2 "client". See: https://jersey.java.net/documentation/latest/security.html#d0e11342

Does Spring in Action cover integrating OAuth?

Daniel
 
Ranch Hand
Posts: 672
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Spring has it:
http://projects.spring.io/spring-security-oauth/
 
Daniel Trebbien
Ranch Hand
Posts: 90
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh wow! That seems to be what I am looking for. Thanks!

Does Spring in Action have a section on Spring Security OAuth? Is there another recommendation for securing a RESTful API service?
 
author
Posts: 422
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

SiA4 does not cover Spring Security for OAuth. It was my intent to include such coverage, but Spring Security for OAuth was undergoing some changes configuration-wise while I was writing the book and the book was getting *WAY* too big, so we decided to leave it out. I'll think about where you can find a good S2OAuth example and reply again here later.

Daniel Trebbien wrote:Oh wow! That seems to be what I am looking for. Thanks!

Does Spring in Action have a section on Spring Security OAuth? Is there another recommendation for securing a RESTful API service?

 
Bruce Jin
Ranch Hand
Posts: 672
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Craig.
I look forward your S2OAuth example.
Bruce
 
Craig Walls
author
Posts: 422
13
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Take a look at https://github.com/habuma/SpringREST. Specifically, the trips-secured example which shows how to secure a Spring MVC-based REST API with Spring Security for OAuth 2. Be sure to also take a look at the client_authorization.txt file, which gives you a few clues about how a client might use this API. (Note that there is no client code written here.)

Bruce Jin wrote:Thanks Craig.
I look forward your S2OAuth example.
Bruce

 
Bruce Jin
Ranch Hand
Posts: 672
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Craig.
reply
    Bookmark Topic Watch Topic
  • New Topic