from zero to hero with rest and oauth2 #jjug
TRANSCRIPT
‹#›© 2016 Pivotal Software, Inc. All rights reserved. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.
From Zero to Hero with REST and OAuth2
Toshiaki Maki (@making) JJUG Night Seminar June 2016 2016-06-27
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?• Toshiaki Maki (@making)
•Sr. Solutions Architect
•Spring Framework enthusiast
Perfect Java EE
(Coming Soon)
bit.ly/spring-book
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Spring Boot
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Spring Initializr https://start.spring.io/
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Spring Initializr https://start.spring.io/
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Spring Initializr https://start.spring.io/
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Spring Initializr https://start.spring.io/
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource Server
Resource Server
Resource Server
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource Server
Resource Server
Resource Server
🔐🔐🔐
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource Server
Resource Server
Resource Server
🔐🔐🔐
❓
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource Server
Resource Server
Resource Server
🔐🔐🔐
❓ ❓ • Basic • OAuth2 • Spring Session • SAML
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Web UI
Resource Server
Resource Server
Resource Server
🔐🔐🔐
❓ ❓ • Basic • OAuth2 • Spring Session • SAML
👈
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Today's topic
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token + SSO
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Live Coding!!•Spring Data REST
•Spring Security OAuth2
•@EnableAuthorizationServer
•@EnableResourceServer
•@EnableOAuth2Sso
• JWT
• Zuul Integration
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
OAuth2
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
OAuth2 - Terminologies •Resource Owner •Client •Authorization Server •Resource Server
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
CUI
Resource Server
Resource Owner Password Credentials (grant_type=password)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
CUI
Resource Server
username & password
Resource Owner Password Credentials (grant_type=password)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
CUI
Resource Server
username & password
token
Resource Owner Password Credentials (grant_type=password)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
CUI
Resource Server
username & password
token
token
Resource Owner Password Credentials (grant_type=password)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
CUI
Resource Server
username & password
token
token
response
Resource Owner Password Credentials (grant_type=password)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
redirect
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
redirect
code
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
redirect
codecode
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
redirect
codecode
token
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
redirect
codecode
token
token
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Code (grant_type=authorization_code)
Authorization Server
Web UI
Resource Server
authorize
redirect
codecode
token
token
response
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token
userinfo
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token
userinfo
every time
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token (JWT)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token (JWT)
token_key
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token (JWT)
token_key
at startup
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
JWT
Authorization Server
Web UI
Resource Server
OAuth2
REST API + Access Token (JWT)
token_key
at startup
Verify token
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Links• https://github.com/Pivotal-Japan/from-zero-to-hero-with-rest-
and-oauth2
• http://www.slideshare.net/WillTran1/securing-microservices-with-spring-cloud-security
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Announce• Josh Long(@starbuxman) comes to Tokyo on July 6th !!
https://jsug.doorkeeper.jp/events/47900