Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,201,483 members, 7,978,582 topics. Date: Friday, 18 October 2024 at 10:46 AM |
Nairaland Forum / Science/Technology / Programming / Google Oauth With Spring Boot Security (457 Views)
Java Spring Boot Needed Urgently / I Must Learn Spring Boot / Spring Boot Tutorial For Beginners (2) (3) (4)
Google Oauth With Spring Boot Security by BurnerMan: 6:36pm On Sep 09, 2023 |
Has anyone implemented google oauth with spring boot at the back end ? Will appreciate any help 1 Like |
Re: Google Oauth With Spring Boot Security by richebony: 9:00pm On Sep 09, 2023 |
you need this dependency in your maven pom dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> </dependency> in your applications.properties add these #GOOGLE OAUTH # You need additional settings to configure your OAUTH service ..just check youtube spring.security.oauth2.client.registration.google.client-id= your-client-id spring.security.oauth2.client.registration.google.client-secret=your-secret in your SecurityConfig class @Configuration public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception { return httpSecurity.authorizeHttpRequests(auth -> auth.requestMatchers("/".permitAll() .anyRequest().authenticated()) .oauth2Login(Customizer.withDefaults()) .formLogin(Customizer.withDefaults()) // u can replace this with httpBasic and configure the URL .build(); } } 2 Likes |
Re: Google Oauth With Spring Boot Security by InteliJ(f): 3:17am On Sep 10, 2023 |
richebony:Hello richebony, I've been learning spring security on youtube but most tutorials I've watched are not explanatory enough. It always look like they're doing magic, some are oudated especially implementing basic auth, the way to do this as shown in the tutorials is depreciated. If you don't mind, could you please recommend a good spring security video you know? Thank you. I see that you're good with this stuff, could you please mentor me? I need some guidance as this whole stuff is broad and I don't want to go the wrong way. I promise not to waste your time or stress you. Thank you! |
Re: Google Oauth With Spring Boot Security by parkervero(m): 7:41am On Sep 10, 2023 |
InteliJ: https://m.youtube.com/playlist?list=PLEocw3gLFc8X_a8hGWGaBnSkPFJmbb8QP Check this out. You can get good Spring Security course on Udemy at cheaper rate like #3500 Spring documentation is there to help, too. |
Re: Google Oauth With Spring Boot Security by jesmond3945: 8:05am On Sep 10, 2023 |
InteliJ:you better read the docs. Thats where most of these videos lift from. |
Re: Google Oauth With Spring Boot Security by richebony: 8:44am On Sep 10, 2023 |
InteliJ: Lol, you are not alone in this, I also had this issue, especially with the introduction of Spring Security 6, it made most of my prior knowledge deprecated, I would recommend Dan Vega's Spring Security course on YouTube, he works with the Spring team and gets most of his resources directly from the docs .So just search for his channel on YouTube [Dan Vega]..if you have any questions u can holla 2 Likes |
Re: Google Oauth With Spring Boot Security by BurnerMan: 9:35am On Sep 10, 2023 |
richebony: Thanks bro, but i understand this flow but it doesnt fit into the context of what i am trying to do. Maybe I should give a bit more background on what I'm trying to do.. So I had custom configurations for some of the filters in the securityFilterChain. I customized the AuthenticationFilter(UsernamePasswordFilter), the authenticationManager, and an AuthenticationProvider - which loads the user from the database, dao stuff. Now, what I want to do configure another authenticationProvider that implements OpenID connect, and then add this to the authenticatonManager. I have searched spring docs but they don't seem to provide a flow for that. So that's what im struggling with bro. I hope you understand what I am saying boss? |
Re: Google Oauth With Spring Boot Security by richebony: 2:14pm On Sep 10, 2023 |
BurnerMan: So what you are saying is that you want a customOAuth2 service you would need to add these properties spring.security.oauth2.client.provider.google.authorization-uri= spring.security.oauth2.client.provider.google.token-uri = spring.security.oauth2.client.provider.google.user-info-uri= spring.security.oauth2.client.provider.google.user-name-attribute= email add this dependency <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-jose</artifactId> </dependency> create a customOauth2UserService import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import org.springframework.web.client.RestTemplate; @Service @RequiredArgsConstructor public class CustomOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> { @Value("${spring.security.oauth2.client.provider.google.user-info-uri}" private String userInfoUri; private final RestTemplate restTemplate; @Override public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { String accessToken = userRequest.getAccessToken().getTokenValue(); GoogleUserInfo userInfo = restTemplate.getForObject(userInfoUri, GoogleUserInfo.class, accessToken); if (userInfo == null) { throw new UsernameNotFoundException("User not found" } Map<String, Object> attributes = new HashMap<>(); attributes.put("email", userInfo.getEmail()); attributes.put("name", userInfo.getName()); return new DefaultOAuth2User( Collections.singleton(new OAuth2UserAuthority(attributes)), attributes, "email" } } create your customAuth2Provider @Component @RequiredArgsConstructor public class CustomOAuth2AuthenticationProvider implements AuthenticationProvider { private final CustomOAuth2UserService customOAuth2UserService; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal(); UserDetails userDetails = customOAuth2UserService.loadUser(oauth2User.getRequest()); return new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities()); } @Override public boolean supports(Class<?> authentication) { return OAuth2UserAuthenticationToken.class.isAssignableFrom(authentication); } } @Configuration @RequiredArgsConstructor public class SecurityConfig { private final CustomOAuth2AuthenticationProvider customOAuth2AuthenticationProvider; @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception { return httpSecurity.authorizeHttpRequests(auth -> auth.requestMatchers("/".permitAll() .anyRequest().authenticated()) .oauth2Login((oauth2Login) -> oauth2Login .userInfoEndpoint((userInfo) -> userInfo.userService(customOAuth2UserService)) // this is authoInjected with the provider // you can also configure the login uri/page here ) .formLogin(Customizer.withDefaults()) .build(); } } PS : The code might not work ,didnt test it ...i am actually wondering why you chose this approach,you can run test cases on the service layer ,if that works, then extra configuration tweaking might fix it |
Re: Google Oauth With Spring Boot Security by InteliJ(f): 2:52am On Sep 11, 2023 |
richebony:Thank you very much! Sure, I will. |
Re: Google Oauth With Spring Boot Security by InteliJ(f): 2:54am On Sep 11, 2023 |
parkervero:I've added it to my library already. Thanks for your time, I appreciate. |
Re: Google Oauth With Spring Boot Security by InteliJ(f): 2:57am On Sep 11, 2023 |
jesmond3945:I'll read the docs for sure. But I'm just starting, I want to get the basics from videos before I move to the docs. Thank you for the heads up. |
Re: Google Oauth With Spring Boot Security by batistutajulio: 10:30pm On Sep 11, 2023 |
richebony: Great one. I was also going to recommend Dan Vega. |
(1) (Reply)
Help With Assignments On Linux / . / Application Closes Soon!
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 54 |