Web and Mobile Clients for Spring Security OAuth2 Web and Mobile Clients for Spring Security OAuth2 spring spring

Web and Mobile Clients for Spring Security OAuth2


java spring oauth spring-security spring-security-oauth2

How do I implement a Web Client project so that when user is logging in on the protected page or clicks on the Login button, be redirected to OAuth Provider url, login, and be authenticated on the Web Client with all user roles and also as well need to know which client was used

You want to use OAuth as SSO.

Option 1, use spring cloud https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v

Option 2, manually handle SSO process:

in your web client, configure the login page to OAuth server using authorization grant.

protected void configure(HttpSecurity http) throws Exception {    http.csrf().disable(); // TODO. Enable this!!!    http.authorizeRequests()    .and()    .formLogin()    .loginPage("http://oauth.web.com/oauth/authorize?response_type=code&client_id=webclient&redirect_uri=http://web.com") // manually defining page to login    //.failureUrl("/login?error") // manually defining page for login error    .usernameParameter("email")    .permitAll()       .and()    .logout()    //.logoutUrl("/logout")    .logoutSuccessUrl("/")    .permitAll();}

after authentication and authorization process finished, you will be redirected to web client with authorization code http://web.com/?code=jYWioI. your web client should exchange this code with token access on your oauth server.On your oauth server, create an endpoint for retrieving user information

@RestControllerpublic class UserRestService {  @RequestMapping("/user")  public Principal user(Principal user) {    // you can also return User object with it's roles    // {"details":...,"principal":{"username":"user",...},"name":"user"}    return user;  }}

Then, your web client can access the user details information by sending request with the token access to the above rest endpoint and authenticate the user based on the response.

Do I have to manage Access Token and always include it in the call to the Resource Server or it can be done somehow automatically?

Every request must include token access. If you want to do it automatically, spring has provide Oauth 2 client http://projects.spring.io/spring-security-oauth/docs/oauth2.html

What is the best way to implement security on the mobile apps that I'll be developing. Should I be using password grand for this authentication, since the apps will be build by me where I'll have a user name and password be in the native screen and then be send to the server as a basic authentication over SSL?

Since you are using native screen, password grant is enough, but you can store the refresh token, this will enable you to request token access without repeating the authentication process.

Are there any samples that I can take a look at that talk to Spring Security OAuth and return user details.

see sample code above or take a look at this https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last