How to configure oAuth spring security in Grails

Recently most of the services over internet are provided software as a service(Saas), many big companies provides that over internet like Amazon, Google, Facebook. To access their services or resources we don't need to logged into them. They just authenticate using a simple approach which is called oAuth.

oAuth is a open standard protocol which helps us to access protected resource without get logged in. Let's client wanna access resource at resource server using credentials, then using oAuth client doesn't need to use credentials to authorize but it can simply done by using access token.

To implement oAuth in grails is very simple, you can just follow few simple steps.

• Step 1 :

  Put an entry in BuildConfig.groovy to install plugin.

  compile ":spring-security-oauth2-provider:2.0-RC5"
  

• Step 2 :

  Put few entries to Config.groovy.

  • Provide spring security static rules to token and authorize end point.

    grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    	'/oauth/authorize.dispatch':      ["isFullyAuthenticated() and (request.getMethod().equals('GET') or request.getMethod().equals('POST'))"],
    	'/oauth/token.dispatch':          ["isFullyAuthenticated() and request.getMethod().equals('POST')"]]
    

  • This is used to exclude displaying of password and client.

    grails.exceptionresolver.params.exclude = ['password', 'client_secret']
    
    

    grails.plugin.springsecurity.filterChain.chainMap = [
    	'/oauth/token': 'JOINED_FILTERS,-oauth2ProviderFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter',
    	'/securedOAuth2Resources/**': 'JOINED_FILTERS,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-oauth2BasicAuthenticationFilter,-exceptionTranslationFilter',
    	'/**': 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-oauth2BasicAuthenticationFilter,-oauth2ExceptionTranslationFilter'
    ]
    

• Step 3 :

  Run a command to create Client, Authorization, AccessToken and RefreshToken domains.

   s2-init Client AccessToken Authorization RefreshToken
  
  

   

  Above command will automatically put an entry to Config.groovy.

  grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'Client'
  grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'AuthorizationCode'
  grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'AccessToken'
  grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'RefreshToken'
  

• Step 4 :

  Now we can generate access token using any of the blow approach.

  1. Authorization Code flow
  2. Implicit Grant flow
  3. Resource Owner Password Credentials flow
  4. Client Credentials flow
   

  I hope this will prove meaningfull for you. Please feel free to ask any query. Thank you.