To access the api in this example, first we have to procure the Auth Token (using one of the OAuth2 Flows) containing a scope "canGreet".
Assumption is that the Authorization Server supports OpenId Connect 1.0 specifications.
################################################################################## | |
################################################################################## | |
######### IF YOU FOUND THIS GIST USEFUL, PLEASE LEAVE A STAR. THANKS. ############ | |
################################################################################## | |
################################################################################## | |
spring: | |
security: | |
oauth2: | |
resourceserver: | |
jwt: | |
issuer-uri: <ISSUER URI of the OIDC supported IAM Provider> | |
OR | |
spring: | |
security: | |
oauth2: | |
resourceserver: | |
jwt: | |
jwk-set-uri: <JWK SET URI of the OIDC supported IAM Provider> |
plugins { | |
id 'org.springframework.boot' version '2.3.1.RELEASE' | |
id 'io.spring.dependency-management' version '1.0.9.RELEASE' | |
id 'java' | |
} | |
//Relevant dependencies | |
dependencies { | |
implementation 'org.springframework.boot:spring-boot-starter-webflux' | |
implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server' | |
} |
@RestController | |
public class DemoController { | |
@GetMapping(value = "/greet") | |
public Mono<String> greet() { | |
return Mono.just("Hello from Demo Project"); | |
} | |
} |
To access the api in this example, first we have to procure the Auth Token (using one of the OAuth2 Flows) containing a scope "canGreet".
Assumption is that the Authorization Server supports OpenId Connect 1.0 specifications.
@EnableWebFluxSecurity | |
public class WebSecurityConfiguration { | |
private static final String ACTUATOR_ENDPOINT_PATTERN = "/actuator/*"; | |
@Bean | |
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { | |
http | |
.csrf().disable() | |
.authorizeExchange() | |
.pathMatchers(ACTUATOR_ENDPOINT_PATTERN) | |
.permitAll() | |
.pathMatchers("/greet") | |
.hasAuthority("SCOPE_canGreet") | |
.anyExchange().authenticated() | |
.and() | |
.oauth2ResourceServer() | |
.jwt(); | |
return http.build(); | |
} | |
} |