- In the Spring Security 6 ecosystem, compared to 5, there is a preference for JWT or Keycloak over traditional OAuth2 using a Password Grant method with Spring Security Authorization and Resource Server. I needed to incorporate the current OAuth2 Password Grant with the Spring Security new version and am showing the customization.
- Set up access & refresh token APIs on both '/oauth2/token' and on our controller layer such as '/api/v1...', both of which function same.
- Authentication management based on a combination of username, client id, and an extra token (referred to in the source code as App-Token, which receives a unique value from the calling devices).
- Separated UserDetails implementation for Admin and Customer roles.
- Integration with spring-security-oauth2-authorization-server.
- Provide MySQL DDL, which consists of oauth_access_token, oauth_refresh_token and oauth_client_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the
authorization
table indicated in https://github.com/spring-projects/spring-authorization-server.
- Provide MySQL DDL, which consists of oauth_access_token, oauth_refresh_token and oauth_client_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the
- Application of Spring Rest Docs.
Category | Dependencies |
---|---|
Backend-Language | Java 17 |
Backend-Framework | Spring Boot 3.1.2 |
Main Libraries | Spring Security Authorization Server 1.2.3 |
Package-Manager | Maven 3.6.3 (mvnw, Dockerfile) |
RDBMS | Mysql 8.0.17 |
- Use the following module for Blue-Green deployment:
- The above module references this app's Dockerfile and the entrypoint script in the .docker folder.