Category: Spring Security
-
Method level secturity at resource server
1. Introduction In this tutorial, we’ll use method level security to protect our web service endpoint. Using method-level security, we can apply annotations above the method name to either permit or block the execution of the method depending on specific conditions. For instance, we can apply a security annotation to restrict the method’s execution to…
-
Role based access control with Keycloak
1. Introduction In this tutorial, you will learn what are roles and authorities and how they work in Spring. You will also learn how to configure your resource server to validate user role. In previous tutorials, we accessed a protected resource at a resource server using a valid token. In this tutorial, we’ll assign user…
-
OAuth 2 Resource Server – Scope Based Access Control
1. Introduction Scope is a feature in OAuth 2.0 that restricts an application’s access to a user’s account. Applications can request one or more scopes, which are shown to the user on the consent screen. The access token provided to the application is then limited to the scopes that the user approves. For a client…
-
Working of OAuth with resource server
1. Introduction In this tutorial, we’ll learn how to configure a Spring Boot application as OAuth resource server. In the real world, the resource owner tries to access some information from the resource server. In this tutorial, the resource server is a Spring Boot application. The user tries to access a protected API endpoint. In…
-
Keycloak – Create new OAuth client and request access and refresh token
1. Introduction In this tutorial, we’ll learn how to configure a new OAuth client application in Keycloak. We’ll then see how to configure client application secrets. We’ll then use the new credential to perform authorization code flow. 2. Configure new OAuth client application We’ll not see how to configure a new OAuth client. In the…
-
Creating New Realm and New User in Keycloak
1. Introduction In previous tutorial, we started a Keycloak server in our localhost and created Admin user to login to the administrative console of Keycloak. In this tutorial, we’ll create a new realm and a new user in Keycloak. 2. What is a realm in Keycloak? A realm in Keycloak is equivalent to a tenant.…
-
Running Standalone Authorization Server Keycloak on Localhost
1. Introduction Keycloak is an open-source identity and access management (IAM) solution designed for modern applications and services. It provides features such as single sign-on (SSO), user federation, identity brokering, and social login. Built on top of popular standards like OAuth 2.0, OpenID Connect, and SAML 2.0, Keycloak offers seamless integration with various applications, allowing…
-
OAuth 2 – Authorization Code Grant
1. Introduction In this tutorial, we will dive into one of the most widely used OAuth 2.0 grant types, designed specifically for secure authorization in web applications. The Authorization Code Grant is an essential tool for server-side applications that require a robust and secure way to obtain access tokens on behalf of users. 2. OAuth…
-
OAuth 2 Grant Types
1. Introduction In this short tutorial, we’ll briefly discuss OAuth 2 grant types. 2. OAuth 2 Grant Types An OAuth 2 grant type is a method defined by the OAuth 2.0 authorization framework that allows a client application to obtain an access token. Various applications may exist, and the choice of OAuth grant type depends…
-
Encryption Algorithms
1. Introduction In this tutorial, we’ll discuss the encryption algorithms in brief. We’ll discuss one-way encryption, symmetric encryption and public key cryptography. 2. One-way encryption These algorithms are also known as hashing algorithms. A one-way algorithm takes an input string and generate an output known as the message digest. The output can not be converted…