Spring Boot-based gRPC server with gRPC endpoints secured by Spring Security
Switch branches/tags
Nothing to show
Clone or download

README.md

gRPC Spring Security demo

This project demonstrates how to use Spring Security's method-based security mechanism to secure gRPC services. It is a gRPC server written in Java and built on Spring Boot. It uses gRPC interceptors to integrate with Spring Security, and supports two authentication mechanisms: HTTP Basic Auth and OAuth2 with JSON Web Tokens.

Within this demo, the following may be of interest:

The accompanying blog post contains more details about the background and motivations for this demo.

Requirements

  • Java 1.8 or newer

Usage

To start the application, run the following command in the project root directory:

./gradlew bootRun

This brings up the gRPC server, which runs on localhost port 7080.

For a simple way to interact with the gRPC server, without the need to create a client application, grpcc can be used.

With grpcc installed, start a client that connects to the gRPC server by running the following command in the src/main/proto directory in this project:

grpcc -i -p revinate/demo/demo.proto -a localhost:7080

This command starts the grpcc shell. Once in the shell, first create a variable to hold the metadata entry for Basic Auth credentials:

var md = cm({Authorization: "Basic Z3JwY3NwcmluZzpncnBjc3ByaW5n"})

Then make a call to the server using the credentials:

client.fibonacci({value: 10}, md, pr)