spring-boot-security-db

Demo project for Spring Boot Security OAuth2 With MySQL Database.

OAuth2 authentication and role based authorization for spring boot project, with user and client credentials stored in MySQL database. Tokens (access and refresh) are stored in database as well. Passwords are encrypted with BCrypt algorithm.

Libraries used:

• Spring boot
• Spring data JPA and Hibernate
• Liquibase (for database management)
• Spring security
• Spring OAuth2

Database description:

Below are the main tables which will be used in authentication/authorization process.

• users table: Contains basic user details (email and password) used for user to login. Here BCrypt encrypted passwords are stored.
• roles table: Contains allowed roles.
• user_role table: Mapping table to user and role.
• oauth_client_details table: Contains client related details.
• oauth_access_token table: Contains access tokens for authenticated users.
• oauth_refreh_token table: Contains refresh tokens for authenticated users.

NOTE:

If you add more roles, you will also need to add those roles in RolesEnum and update antMatchers in ResourceServerConfig class.

Project configurations - application.properties:

• Database configuration: You can modify database related configurations in application.properties.
• /spring-security-demo/api is context path of this project. You can modify it as per you choice.

How to run this project:

To run the project, open the command-line at the project's root directory, and run this command: mvnw spring-boot:run. It will automatically create the database, required tables, and insert preliminary data.

Endpoints of interest:

• http://localhost:8080/spring-security-demo/api/oauth/token
  • This will provide authenticate the user and provide access and refresh tokens.
  • Method: POST
  • Content-Type: application/x-www-form-urlencoded
  • Body:
    • username: admin@test.com
    • password: 123456
    • grant_type: password
    • client_id: clientId
    • client_secret: clientSecret
• http://localhost:8080/spring-security-demo/api/test
  • This is open route, accessible to all users without authentication.
  • Method: GET
• http://localhost:8080/spring-security-demo/api/s/adm/test
  • All the APIs which start from /s/adm/* will be only accessible to authenticated users with ADMIN role. So this is test endpoint for ADMIN user.
  • Method: GET
• http://localhost:8080/spring-security-demo/api/s/usr/test
  • All the APIs which start from /s/usr/* will be only accessible to authenticated users with USER role. So this is test endpoint for NORMAL but authenticated user.
  • Method: GET

References:

Mixture of below tutorials :)

• http://websystique.com/spring-security/secure-spring-rest-api-using-oauth2/
• https://www.javaguides.net/2018/09/spring-boot-spring-mvc-role-based-spring-security-jpa-thymeleaf-mysql-tutorial.html
• https://www.baeldung.com/spring-security-oauth-dynamic-client-registration