How to configure oAuth spring security in Grails
Posted By : Tushar Paliwal | 23-Dec-2015
Recently most of the services over internet are provided software as a service(Saas), many big companies provides that over internet like Amazon, Google, Facebook. To access their services or resources we don't need to logged into them. They just authenticate using a simple approach which is called oAuth.
oAuth is a open standard protocol which helps us to access protected resource without get logged in. Let's client wanna access resource at resource server using credentials, then using oAuth client doesn't need to use credentials to authorize but it can simply done by using access token.
To implement oAuth in grails is very simple, you can just follow few simple steps.
- Step 1 :
Put an entry in BuildConfig.groovy to install plugin.
compile ":spring-security-oauth2-provider:2.0-RC5"
- Step 2 :
Put few entries to Config.groovy.
- Provide spring security static rules to token and authorize end point.
grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/oauth/authorize.dispatch': ["isFullyAuthenticated() and (request.getMethod().equals('GET') or request.getMethod().equals('POST'))"], '/oauth/token.dispatch': ["isFullyAuthenticated() and request.getMethod().equals('POST')"]]
- This is used to exclude displaying of password and client.
grails.exceptionresolver.params.exclude = ['password', 'client_secret']
grails.plugin.springsecurity.filterChain.chainMap = [ '/oauth/token': 'JOINED_FILTERS,-oauth2ProviderFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter', '/securedOAuth2Resources/**': 'JOINED_FILTERS,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-oauth2BasicAuthenticationFilter,-exceptionTranslationFilter', '/**': 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-oauth2BasicAuthenticationFilter,-oauth2ExceptionTranslationFilter' ]
- Provide spring security static rules to token and authorize end point.
- Step 3 :
Run a command to create Client, Authorization, AccessToken and RefreshToken domains.
s2-init Client AccessToken Authorization RefreshToken
Above command will automatically put an entry to Config.groovy.
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'Client' grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'AuthorizationCode' grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'AccessToken' grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'RefreshToken'
- Step 4 :
Now we can generate access token using any of the blow approach.
- Authorization Code flow
- Implicit Grant flow
- Resource Owner Password Credentials flow
- Client Credentials flow
I hope this will prove meaningfull for you. Please feel free to ask any query. Thank you.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Tushar Paliwal
Tushar is a developer with experience in Groovy and Grails , Spring and enterprise Java Technologies.