From Zero to Hero with REST and OAuth2 #jjug

9 likes3,326 views

The document discusses authorization using OAuth2 and securing REST APIs. It begins with an introduction to OAuth2 terminology and flow, including the authorization code grant and resource owner password credentials grant types. It then covers using JSON Web Tokens (JWTs) as access tokens, explaining that JWTs can be verified at startup without calling the authorization server for each request, unlike plain access tokens. The document concludes with links to code samples for implementing OAuth2 in Spring.

Technology

‹#›© 2016 Pivotal Software, Inc. All rights reserved. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.
From Zero to Hero with
REST and OAuth2
Toshiaki Maki (@making)
JJUG Night Seminar June 2016
2016-06-27

© 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?
• Toshiaki Maki (@making)
• Sr. Solutions Architect
• Spring Framework enthusiast
Perfect
Java EE
(Coming Soon)
bit.ly/spring-book

© 2016 Pivotal Software, Inc. All rights reserved.
Spring Boot

© 2016 Pivotal Software, Inc. All rights reserved.
Spring Initializr https://start.spring.io/

© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource
Server
Resource
Server
Resource
Server

© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource
Server
Resource
Server
Resource
Server
🔐
🔐
🔐
❓❓
• Basic
• OAuth2
• Spring Session
• SAML

© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token +
SSO

© 2016 Pivotal Software, Inc. All rights reserved.
Live Coding!!
• Spring Data REST
• Spring Security OAuth2
• @EnableAuthorizationServer
• @EnableResourceServer
• @EnableOAuth2Sso
• JWT
• Zuul Integration

‹#›© 2016 Pivotal Software, Inc. All rights reserved.
OAuth2

© 2016 Pivotal Software, Inc. All rights reserved.
OAuth2 - Terminologies
•Resource Owner
•Client
•Authorization Server
•Resource Server

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
CUI
Resource
Server
Resource Owner Password Credentials
(grant_type=password)

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
CUI
Resource
Server
username & password
Resource Owner Password Credentials
(grant_type=password)

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
CUI
Resource
Server
username & password
token
Resource Owner Password Credentials
(grant_type=password)

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
CUI
Resource
Server
username & password
token
token
Resource Owner Password Credentials
(grant_type=password)

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
CUI
Resource
Server
username & password
token
token
response
Resource Owner Password Credentials
(grant_type=password)

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code
(grant_type=authorization_code)
Authorization
Server
Web UI
Resource
Server

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token
userinfo

© 2016 Pivotal Software, Inc. All rights reserved.
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token
userinfo
every time

© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token (JWT)

© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token (JWT)
token_key

© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization
Server
Web UI
Resource
Server
OAuth2
REST API +
Access Token (JWT)
token_key
at startup

© 2016 Pivotal Software, Inc. All rights reserved.
Links
• https://github.com/Pivotal-Japan/from-zero-to-hero-with-rest-
and-oauth2
• http://www.slideshare.net/WillTran1/securing-microservices-
with-spring-cloud-security

© 2016 Pivotal Software, Inc. All rights reserved.
Announce
• Josh Long(@starbuxman) comes to Tokyo on July 6th !!
https://jsug.doorkeeper.jp/events/47900

More Related Content

What's hot (20)

PDF

Spring Framework 5.0による Reactive Web Application #JavaDayTokyoToshiaki Maki

PDF

Event Driven Microservices with Spring Cloud Stream #jjug_ccc #ccc_ab3Toshiaki Maki

PPTX

マイクロサービスに必要な技術要素はすべてSpring Cloudにある #DO07Toshiaki Maki

PDF

Data Microservices with Spring Cloud Stream, Task, and Data Flow #jsug #spri...Toshiaki Maki

PDF

Why PCF is the best platform for Spring BootToshiaki Maki

PDF

Microservices with Spring and Cloud FoundryAlain Sahli

PDF

From Spring Boot 2.2 to Spring Boot 2.3 #jsugToshiaki Maki

PDF

Short Lived Tasks in Cloud Foundry #cfdtokyoToshiaki Maki

PDF

#jjug_ccc #ccc_gh5 What's new in Spring Framework 4.3 / Boot 1.4 + Pivotal's ...Toshiaki Maki

PDF

Spring Cloud Stream with KafkaDavid Kiss

PDF

Serverless with Spring Cloud Function, Knative and riff #SpringOneTour #s1tToshiaki Maki

PPTX

Spring Cloud Netflixを使おう #jsugToshiaki Maki

PDF

Introduction to Spring WebFlux #jsug #sf_a1Toshiaki Maki

PDF

Spring5 New Features - Nov, 2017VMware Tanzu Korea

PDF

Implement Service Broker with Spring Boot #cf_tokyoToshiaki Maki

PDF

Java Microservices with Spring Boot and Spring Cloud - Denver JUG 2019Matt Raible

PPTX

Core Spring + Reactive 김민석VMware Tanzu Korea

PPTX

Spring & messagingArtem Bilan

PDF

Spring Boot & ActuatorsVMware Tanzu

PDF

4Developers 2015: Do you think you're doing microservice architecture? - Marc...PROIDEA

Spring Framework 5.0による Reactive Web Application #JavaDayTokyoToshiaki Maki

Event Driven Microservices with Spring Cloud Stream #jjug_ccc #ccc_ab3Toshiaki Maki

マイクロサービスに必要な技術要素はすべてSpring Cloudにある #DO07Toshiaki Maki

Data Microservices with Spring Cloud Stream, Task, and Data Flow #jsug #spri...Toshiaki Maki

Why PCF is the best platform for Spring BootToshiaki Maki

Microservices with Spring and Cloud FoundryAlain Sahli

From Spring Boot 2.2 to Spring Boot 2.3 #jsugToshiaki Maki

Short Lived Tasks in Cloud Foundry #cfdtokyoToshiaki Maki

#jjug_ccc #ccc_gh5 What's new in Spring Framework 4.3 / Boot 1.4 + Pivotal's ...Toshiaki Maki

Spring Cloud Stream with KafkaDavid Kiss

Serverless with Spring Cloud Function, Knative and riff #SpringOneTour #s1tToshiaki Maki

Spring Cloud Netflixを使おう #jsugToshiaki Maki

Introduction to Spring WebFlux #jsug #sf_a1Toshiaki Maki

Spring5 New Features - Nov, 2017VMware Tanzu Korea

Implement Service Broker with Spring Boot #cf_tokyoToshiaki Maki

Java Microservices with Spring Boot and Spring Cloud - Denver JUG 2019Matt Raible

Core Spring + Reactive 김민석VMware Tanzu Korea

Spring & messagingArtem Bilan

Spring Boot & ActuatorsVMware Tanzu

4Developers 2015: Do you think you're doing microservice architecture? - Marc...PROIDEA

Similar to From Zero to Hero with REST and OAuth2 #jjug (17)

PDF

Cloud Foundry UAA as an Identity GatewayVMware Tanzu

PDF

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

PPTX

Microservices security - jpmc tech fest 2018MOnCloud

PPTX

OAuth2 + API SecurityAmila Paranawithana

PDF

Lecture #25 : Oauth 2.0Dr. Ramchandra Mangrulkar

PPTX

Adding Identity Management and Access Control to your AppFIWARE

PPTX

O auth 2.0 authorization frameworkJohn Temoty Roca

PPTX

Enterprise Access Control Patterns for Rest and Web APIsCA API Management

PDF

Rest api titouan benoitTitouan BENOIT

PPTX

Adding identity management and access control to your appÁlvaro Alonso González

PDF

Integrando Azure AD B2C con Xamarin.FormsCésar Jesús Angulo Gasco

PDF

Survey on Restful Web Services Using Open Authorization (Oauth)I01545356IOSR Journals

PPTX

(1) OAuth 2.0 Overviewanikristo

PPTX

CyberArk Impact 2017 - REST for the Rest of UsJoe Garcia

PPTX

Api security-eic-prabathWSO2

PPTX

Best Practices in Building an API Security EcosystemPrabath Siriwardena

PDF

Draft Ietf Oauth V2 12Vishal Shah

Cloud Foundry UAA as an Identity GatewayVMware Tanzu

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

Microservices security - jpmc tech fest 2018MOnCloud

OAuth2 + API SecurityAmila Paranawithana

Lecture #25 : Oauth 2.0Dr. Ramchandra Mangrulkar

Adding Identity Management and Access Control to your AppFIWARE

O auth 2.0 authorization frameworkJohn Temoty Roca

Enterprise Access Control Patterns for Rest and Web APIsCA API Management

Rest api titouan benoitTitouan BENOIT

Adding identity management and access control to your appÁlvaro Alonso González

Integrando Azure AD B2C con Xamarin.FormsCésar Jesús Angulo Gasco

Survey on Restful Web Services Using Open Authorization (Oauth)I01545356IOSR Journals

(1) OAuth 2.0 Overviewanikristo

CyberArk Impact 2017 - REST for the Rest of UsJoe Garcia

Api security-eic-prabathWSO2

Best Practices in Building an API Security EcosystemPrabath Siriwardena

Draft Ietf Oauth V2 12Vishal Shah

More from Toshiaki Maki (11)

PDF

決済システムの内製化への旅 - SpringとPCFで作るクラウドネイティブなシステム開発 #jsug #sf_h1Toshiaki Maki

PDF

Spring Boot Actuator 2.0 & Micrometer #jjug_ccc #ccc_a1Toshiaki Maki

PDF

Spring Boot Actuator 2.0 & MicrometerToshiaki Maki

PDF

Open Service Broker APIとKubernetes Service Catalog #k8sjpToshiaki Maki

PDF

BOSH / CF Deployment in modern ways #cf_tokyoToshiaki Maki

PDF

Zipkin Components #zipkin_jpToshiaki Maki

PDF

今すぐ始めるCloud Foundry #hackt #hackt_kToshiaki Maki

PDF

Consumer Driven Contractsで REST API/マイクロサービスをテスト #m3techToshiaki Maki

PDF

Concourse CI Meetup DemoToshiaki Maki

PDF

Install Concourse CI with BOSHToshiaki Maki

PDF

Introduction to Concourse CI #渋谷JavaToshiaki Maki

決済システムの内製化への旅 - SpringとPCFで作るクラウドネイティブなシステム開発 #jsug #sf_h1Toshiaki Maki

Spring Boot Actuator 2.0 & Micrometer #jjug_ccc #ccc_a1Toshiaki Maki

Spring Boot Actuator 2.0 & MicrometerToshiaki Maki

Open Service Broker APIとKubernetes Service Catalog #k8sjpToshiaki Maki

BOSH / CF Deployment in modern ways #cf_tokyoToshiaki Maki

Zipkin Components #zipkin_jpToshiaki Maki

今すぐ始めるCloud Foundry #hackt #hackt_kToshiaki Maki

Consumer Driven Contractsで REST API/マイクロサービスをテスト #m3techToshiaki Maki

Concourse CI Meetup DemoToshiaki Maki

Install Concourse CI with BOSHToshiaki Maki

Introduction to Concourse CI #渋谷JavaToshiaki Maki

Recently uploaded (20)

DOCX

Python coding for beginners !! Start now!#Rajni Bhardwaj Grover

PDF

CIFDAQ Token Spotlight for 9th July 2025CIFDAQ

PDF

Agentic AI lifecycle for Enterprise Hyper-AutomationDebmalya Biswas

PDF

Exolore The Essential AI Tools in 2025.pdfSrinivasan M

PPTX

Q2 FY26 Tableau User Group Leader Quarterly Calllward7

PDF

How Startups Are Growing Faster with App Developers in Australia.pdfIndia App Developer

PDF

New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025BookNet Canada

PDF

What Makes Contify’s News API Stand Out: Key Features at a GlanceContify

PDF

Building Real-Time Digital Twins with IBM Maximo & ArcGIS IndoorsSafe Software

PDF

Using FME to Develop Self-Service CAD Applications for a Major UK Police ForceSafe Software

PDF

LOOPS in C Programming Language - TechnologyRishabhDwivedi43

PDF

“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...Edge AI and Vision Alliance

PDF

Empower Inclusion Through Accessible Java ApplicationsAna-Maria Mihalceanu

PDF

Biography of Daniel Podor.pdfDaniel Podor

PDF

CIFDAQ Market Wrap for the week of 4th July 2025CIFDAQ

PDF

Smart Trailers 2025 Update with History and OverviewPaul Menig

PPTX

Building Search Using OpenSearch: Limitations and WorkaroundsSease

PDF

Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdfEmily Achieng

PDF

IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...Rejig Digital

PPTX

WooCommerce Workshop: Bring Your LaptopLaura Hartwig