JavaAuthenticationPart6

Using OAuth2

OAuth2Config.java

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;

import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;

import org.springframework.security.oauth2.client.registration.ClientRegistration;

import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;

@Configuration

@EnableWebSecurity

public class OAuth2Config extends WebSecurityConfigurerAdapter {

    @Bean

    public ClientRegistrationRepository clientRegistrationRepository() {

        return new InMemoryClientRegistrationRepository(this.googleClientRegistration());

    }

    private ClientRegistration googleClientRegistration() {

        return ClientRegistration.withRegistrationId("google")

                .clientId("YOUR_CLIENT_ID")

                .clientSecret("YOUR_CLIENT_SECRET")

                .scope("email", "profile")

                .authorizationUri("https://accounts.google.com/o/oauth2/auth")

                .tokenUri("https://oauth2.googleapis.com/token")

                .userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")

                .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")

                .clientName("Google")

                .build();

    }

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()

                .antMatchers("/", "/login**").permitAll()

                .anyRequest().authenticated()

                .and()

                .oauth2Login();

    }

}

Explanation:

This class configures Spring Security to use OAuth2 for authentication, specifically with Google as the OAuth2 provider. The ClientRegistrationRepository bean is set up to hold the client registration details. Here, the Google client registration is defined with the necessary endpoints (authorizationUri, tokenUri, userInfoUri),the client ID, and client secret. The configure method in this class customizes the HttpSecurity object to specify that requests to the root URL (/) and /login endpoints are accessible to all users, while all other requests require authentication. The oauth2Login() method integrates OAuth2 login support. When a user attempts to log in, they are redirected to Google’s OAuth2 authorization endpoint, where they can grant access. Upon successful authorization, Google redirects back to the application with an authorization code, which is exchanged for an access token, allowing the application to access the user's information.

For more details find part 7,in the blog,next week.