Securing OAuth 2.0 Resources in Spring Security 5.0

preview_player
Показать описание
The OAuth 2.0 Authorization Framework is elaborate, with several nuances and subtleties that can make it overwhelming for implementers. Its strength and flexibility, have propelled it to an industry standard; quite often organizations look to frameworks to ensure correct implementation.
Spring Security 5.0 marked the beginning of a long-term mission that the Spring Security team has to simplify Spring’s support for OAuth 2.0. Last year, it began with OAuth 2.0 Login over OpenID Connect 1.0. And this year that journey continues to now include additional OAuth 2.0 Client features and the first release of OAuth 2.0 Resource Server support.
In this talk, we’ll take a look at two insecure applications--one a web application and the other a REST API--and integrate them both with an OAuth 2.0 Authorization Server. The first will feature Spring Security’s most recent OAuth 2.0 Client feature set and the second, its newly-released Resource Server support.
For the web application, we’ll configure the client to use the Authorization Code Grant flow. For the REST API, we’ll configure the resource server for JWT support, OAuth2-specific authorization expressions, and JWK set resolution. Finally, we’ll put it all together, logging into our application and retrieving a secure resource.

Speakers:
Josh Cummings
Principal Software Engineer, Pivotal
Joe Grandja
Staff Software Engineer, Pivotal
Filmed at SpringOne Platform 2018
  1. SpringDeveloper
  2. Web Development (Interest)
  3. spring
  4. pivotal
  5. Web Application (Industry) Web Application Framework (Software Genre)
  6. Java (Programming Language)
Рекомендации по теме
OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

Protect an API 0:09:13

Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

OAuth 2.0 Implementation 1:11:15

OAuth 2.0 Implementation with Spring Security and Spring Boot | Full Example

Spring Security - 0:36:00

Spring Security - Lesson 32 - Building an OAuth 2 reactive resource server

OAuth2 Login Made 0:13:05

OAuth2 Login Made Easy in Java: A Spring Boot & Spring Security Walkthrough

OAuth 2.0 Client 0:05:34

OAuth 2.0 Client Credentials Flow (in plain English)

OAuth 2.0 access 0:03:07

OAuth 2.0 access tokens explained

OAuth 2.0: An 0:06:34

OAuth 2.0: An Overview

Spring Security - 0:15:30

Spring Security - OAuth2 Example Using GitHub | SpringBoot | Java Techie

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

Securing Microservices with 1:32:11

Securing Microservices with OAuth 2 0 and OpenID Connect Hands On Workshop (Part 1) - OSW 2020

How to Create 0:02:10

How to Create an OAuth2 Resource Server w/ Spring Boot 3 [Secure APIs]

What is OAuth2.0 0:09:21

What is OAuth2.0 (in plain English)

#39 Spring Security 0:15:57

#39 Spring Security | Google and Github Login using OAuth2

An Illustrated Guide 0:16:36

An Illustrated Guide to OAuth and OpenID Connect

OAuth 2. 0 0:00:16

OAuth 2. 0 Flow

Profiling OAuth 2 0:20:35

Profiling OAuth 2 0 and OpenID Connect for Enterprise Use - OSW 2020

What is OAuth 0:18:05

What is OAuth 2.0? - Implement OAuth2.0 in Pega as consumer

Securing Your APIs 0:31:36

Securing Your APIs with OAuth 2.0 - API Days

OAuth 2 scope 0:23:38

OAuth 2 scope design for security

Spring Boot Security 0:10:55

Spring Boot Security OAuth 2

High Security and 0:53:21

High Security and Interoperable OAuth 2 0 What’s the Latest

Комментарии
Автор

The only and best tutorial about Spring Security 5.0 with OAuth2 and JWT with IAM/UAA server

qwalers
Автор

15:28 is it available not only in spring data repos?

flatmapper
Автор

To all those triggered by Spring...if you dont like the water stay out of the pool! Spring is THE best way to deal with the complexities of developing distributed applications. It's a work of art.

mikeklein
Автор

where is the github link for this project please someone provide me

rajatagrawal
Автор

Very informative and helpful video. Thanks a lot.

pranavkhandelwal
Автор

Why are we scrapping off the oauth2 and resource server on spring 2.5.6 and above?

kennethmarete
Автор

@Josh Cummings

Guys you make changes in resource server & restart client and say its working as expected (timestamp 44:03). The one assumption both the presenters are making is everyone who is watching the video knows the overall application they are using, the client aspect & are well versed in each aspect of oauth, which is not at true

Rob's presentations used to be so good when it comes to Spring Security. Now a days, the presentations are mere presentations, with very little emphasis on making them understandable

arithmeticerror
Автор

You guys are amazing, my life was saved

samuellarico
Автор

Great presentation guys. Some excellent information to get you going as well. Keep up the good work!

kappaj
Автор

Can you help me plese?
After running: .\gradlew -b uaa-server\build.gradle cargoRunLocal
I get such an error: Failed to start the Tomcat 8.x container. Check the file containing the container logs for more details.

sebastianszczebiot
Автор

"with several nuances and subtleties that can make it overwhelming for implementers"... right, to be honest, hopefully this video will help, thanks

LennarthAnaya
Автор

Is that ok to have spring security 5.1.0.RELEASE as a dependency, and call a video Spring Security 5.0?

Gregor_
Автор

Is there a better tutorial on this topic than this one? This doesn't appear to be a topic that lends itself well to a bottom up explanation. By all means start with some Restful services that don't require authentication and then go thru the steps necessary to provide it. I also find the way the code is displayed to be difficult to follow and there's generally too many context switches to follow what's going on.

rydmerlin
Автор

The presentation is really great .please share the code link.

nikhilkant