Skip to content

stormpath/stormpath-spring-security-boot-apikey-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

src/main

src/main

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

#Stormpath is Joining Okta We are incredibly excited to announce that Stormpath is joining forces with Okta. Please visit the Migration FAQs for a detailed look at what this means for Stormpath users.

We're available to answer all questions at support@stormpath.com.

Introduction

The purpose of this example is to demonstrate using the grant_type=client_credentials OAuth2 workflow to access a restricted endpoint in a Spring Security Spring Boot WebMVC application with Stormpath integrated.

The only explicitly defined endpoint in this example is /newApiKey

The /oauth/token endpoint is provided by the Stormpath integration.

Setup

Make sure that you've created a Stormpath account and that this application has access to your apiKey.properties file and a Stormpath Application href.

Build

mvn clean install

Run

STORMPATH_API_KEY_FILE=<path to apiKey.properties> \
STORMPATH_APPLICATION_HREF=<full href to Stormpath Application> \
java -jar target/*.jar

Use

The examples below use the httpie client (https://github.com/jkbrzt/httpie)

  1. Get an api client key pair

    http POST localhost:8080/newApiKey email=<valid email address> password=<valid password>

    Response:

    {
    "STATUS": "SUCCESS",
    "keyID": "<api key id>",
    "keySecret": "<api key secret>",
    "msg": "This is for testing purposes only!"
}

  2. Make a client_credentials request to get an access token

    http --auth <api key id>:<api key secret> -f POST localhost:8080/oauth/token grant_type=client_credentials

    Response:

    {
    "access_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...",
    "expires_in": 3600,
    "token_type": "Bearer"
}

  3. Hit the /restricted endpoint using the access token

    First, we'll hit the endpoint without authentication:

    http localhost:8080/restricted

    Response:

    {
    "fieldErrors": null,
    "message": "Full authentication is required to access this resource",
    "status": "error.accessDenied"
}

    Next, we'll hit the endpoint with authentication:

    http localhost:8080/restricted \
Authorization:"Bearer eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ..."

    Response:

    You must have authenticated, or you wouldn't be here.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

8 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages