This time I will show you how to build a basic Spring Boot application with Google authentication using Oauth2.
NOTE: If you need to know what tools you need to have installed in yout computer in order to create a Spring Boot basic project, please refer my previous post: Spring Boot
Then execute this command in your terminal:
spring init --dependencies=web,security,thymeleaf --language=groovy --build=gradle spring-boot-oauth2
This is the build.gradle generated file:
buildscript {
ext {
springBootVersion = '1.5.12.RELEASE'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
}
}
apply plugin: 'groovy'
apply plugin: 'org.springframework.boot'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8
repositories {
mavenCentral()
}
dependencies {
compile 'org.springframework.boot:spring-boot-starter-web'
compile 'org.springframework.boot:spring-boot-starter-security'
compile 'org.springframework.boot:spring-boot-starter-thymeleaf'
compile 'org.codehaus.groovy:groovy'
testCompile'org.springframework.boot:spring-boot-starter-test'
}
Next, we are going to add security-oauth2 dependency:
compile 'org.springframework.security.oauth:spring-security-oauth2'
Since we need to pass some options such as cliendId, clientSecret, etc. to the application the common way is to use bootRun task to specify them as system properties.
bootRun {
systemProperties = System.properties
}
Not is time to create a configuration file, in this case we are going to use a yaml format. In your computer’s home directory: ${home}, please create a directory called: .oauth2 then inside create a file called application-development.yml with this content:
security:
oauth2:
client:
clientId: clientId
clientSecret: clientSecret
accessTokenUri: https://www.googleapis.com/oauth2/v4/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
clientAuthenticationScheme: form
scope:
- email
resource:
userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
In order to get an clientId and clientSecret you need to go to https://console.developers.google.com and login with your Google account, then in Credentials section create new Oauth client ID.
This is our DemoApplication
package com.jos.dem.oauth2
import org.springframework.boot.SpringApplication
import org.springframework.boot.autoconfigure.SpringBootApplication
@SpringBootApplication
class DemoApplication {
static void main(String[] args) {
SpringApplication.run DemoApplication, args
}
}
And this is the SecurityConfiguration
package com.jos.dem.oauth2.config
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
@Configuration
@EnableOAuth2Sso
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/")
.permitAll()
.anyRequest()
.authenticated();
}
}
@EnableOAuth2Sso Manages Oauth2 client and authentication. All we need to do to make our home page visible is to explicitly authorizeRequests(). All other requests (e.g. to the /user endpoint) require authentication.
This is our default controller
package com.jos.dem.oauth2.controller
import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation.RequestMapping
@Controller
class DemoController {
@RequestMapping('/')
String index(){
'index'
}
}
And this our index.html
<html>
<body>
<a th:href="@{/user/show}">Login using Google</a>
</body>
</html>
All have access to this page, but as you can see we are redirecting to a secured web page. This is when the application asks to Google for authentication. Google reponse includes a Principal object with user’s data information.
package com.jos.dem.oauth2.controller
import java.security.Principal
import org.springframework.stereotype.Controller
import org.springframework.web.servlet.ModelAndView
import org.springframework.web.bind.annotation.RequestMapping
@Controller
@RequestMapping("/user")
class UserController {
@RequestMapping('/show')
ModelAndView show(Principal principal){
Map details = [:]
details.name = principal.name
details.email = principal.userAuthentication?.details?.email
ModelAndView modelAndView = new ModelAndView('user/show')
modelAndView.addObject('details', details)
modelAndView
}
}
This is the user web page showing data retieved by Google:
<html>
<body>
<h3 th:text="${details.name}" />
<p th:text="${details.email}" />
</body>
</html>
To browse the project go here, to download the project:
git clone https://github.com/josdem/spring-boot-oauth2.git
To run the project:
gradle -Dspring.config.location=$HOME/.oauth2/application-development.yml bootRun