Spring Boot @EnableOAuth2Sso
January 16, 2020
@EnableOAuth2Sso annotation example. The @EnableOAuth2Sso annotation enables OAuth2 Single Sign On (SSO). By default all the paths are secured. We can customize it using WebSecurityConfigurerAdapter in our Spring Security Java Configuration. We can configure Spring Security OAuth2 using application.properties or application.yml or as command line.
Here we will create Spring Boot OAuth2 application using GitHub.
Contents
Technologies Used
Find the technologies being used in our example.1. Java 11
2. Spring 5.1.7.RELEASE
3. Spring Boot 2.1.5.RELEASE
4. Maven 3.5.2
Maven Dependency
Find the Maven Dependency for OAuth2.<dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> <version>2.1.5.RELEASE</version> </dependency>
Using @EnableOAuth2Sso
To use@EnableOAuth2Sso in our application, annotate it in Spring Security Configuration with @Configuration.
@Configuration
@EnableOAuth2Sso
public class SecurityConfiguration {
}
WebSecurityConfigurerAdapter. Suppose we want to use some URLs to be unsecured such as home page and error page etc.
SecurityConfiguration.java
package com.concretepage;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableOAuth2Sso
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/error**").permitAll()
.anyRequest().authenticated()
.and().logout().logoutUrl("/logout")
.logoutSuccessUrl("/");
}
}
OAuth2 Configuration
In Spring Boot application, We can configure Security OAuth2 client, resources and sso properties usingapplication.properties or application.yml or as command line. Here in our example we are using GitHub OAuth.
application.yml
security:
oauth2:
client:
clientId: <your_github_clientId>
clientSecret: <your_github_clientSecret>
accessTokenUri: https://github.com/login/oauth/access_token
userAuthorizationUri: https://github.com/login/oauth/authorize
clientAuthenticationScheme: form
resource:
userInfoUri: https://api.github.com/user
sso:
login-path: /login
clientId and clientSecret in above YML file.
clientId: This is the OAuth client id by which OAuth provider identifies the client.
clientSecret: The client secret associated with the resource.
To get GitHub OAuth2 client id and client secret, go through the link.
Logout
To logout Spring Security application, configure logout URL in Spring Security Java Configuration file, the default is/logout, and then create a form and submit to logout URL as POST method. Find the sample form with Thymeleaf.
<form th:action="@{/logout}" method="POST">
<input type="submit" value="Logout"/>
</form>
Complete Example
Here we will provide complete code of our demo application. The filesSecurityConfiguration.java and application.yml have already been given above in the article. Find the rest of the code.
pom.xml
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.5.RELEASE</version> <relativePath /> </parent> <properties> <context.path>spring-app</context.path> <java.version>11</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> <version>2.1.5.RELEASE</version> </dependency> </dependencies>
package com.concretepage;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class AppController {
@GetMapping("hello")
public ModelAndView welcome() {
ModelAndView mav = new ModelAndView();
mav.setViewName("welcome");
return mav;
}
@GetMapping("error")
public ModelAndView error() {
ModelAndView mav = new ModelAndView();
return mav;
}
}
<!doctype html> <html> <head> <title>Spring Security</title> </head> <body> <h3>Login with <a href="/hello">GitHub</a></h3> </body> </html>
<!doctype html>
<html lang="en">
<head>
<title>Welcome</title>
</head>
<body>
Welcome <b th:inline="text" > [[${#httpServletRequest.remoteUser}]] </b> <br/><br/>
<form th:action="@{/logout}" method="POST">
<input type="submit" value="Logout"/>
</form>
</body>
</html>
<!doctype html>
<html>
<head>
<title>Spring Security</title>
</head>
<body>
<h3>Error</h3>
<p thif="${param.error}">
An error occurred.
</p>
</body>
</html>
package com.concretepage;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Main {
public static void main(String[] args) {
SpringApplication.run(Main.class, args);
}
}
Output
Download the project and enter your GitHubclientId and clientSecret in application.yml file.
Then run the following command from root folder of the project using command prompt.
mvn spring-boot:run
http://localhost:8080/
References
OAuth2 BootOAuth 2 Developers Guide
