secure your spring app with SSO

Secure you spring-boot apps by using OAuth2 (GitHub) SSO quickly (Servlet API / legacy)

step: 0

1. build and run:

   ./gradlew -p step-0-no-security clean build bootRun

2. test:

   curl 0:8080
   http :8080

step: 1

1. build and run:

   ./gradlew -p step-1-basic-security clean build bootRun

2. test:

   curl -u ololo:trololo 0:8080
   http -a ololo:trololo :8080

step: 2

1. create ./step-2-oauth2-sso-security/src/main/resources/application-github.properties file with content like:

   security.oauth2.client.clientId=bd1c0a783ccdd1c9b9e4
   security.oauth2.client.clientSecret=1a9030fbca47a5b2c28e92f19050bb77824b5ad1

   this information can be fetched from you personal github account. you must create application for GitHub SSO.
2. build and run:

   ./gradlew -p step-2-oauth2-sso-security clean build bootRun

3. open http://127.0.0.1:8080
4. first time, you will be redirected on GitHub page for login
5. after success auth you will see result
6. next time you will be authenticated automatically

resources

• https://cloud.spring.io/spring-cloud-static/spring-cloud-security/2.2.1.RELEASE/reference/html/
• https://www.baeldung.com/spring-security-oauth2-enable-resource-server-vs-enable-oauth2-sso
• https://www.baeldung.com/spring-security-oauth