Skip to content

dukai2016/spring-rest-oauth2-sample

 
 

Repository files navigation

spring-rest-oauth2-sample

中文版

Index

This is REST service sample be supported by:

And use specification-arg-resolver for filter.

NOTE If you need RSA sign check, you can use validateWithSignCheck of ValidateHelper

Build and Run [TOP]

$ cd <spring-rest-oauth2-sample root path>
$ ./gradlew clean build bootRun

NOTICE [TOP]

  • Validate failed -> Response http status is 422(Unprocessable Entity)
  • Server error -> Response http status is 500(Internal Server Error)

Usage [TOP]

Import the init.sql to your database, I suggest you to use PostgreSQL [TOP]

Get access_token [TOP]

Take your token from oauth/token in terminal, if you use ssl remember add -k:

$ curl -X POST -vu ios_app:123456 http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=admin&username=admin&grant_type=password&scope=read"

or Advanced REST client or Postman or other REST client in your Chrome with:

url: http://localhost:8080/oauth/token
POST
headers: Authorization: Basic aW9zX2FwcDoxMjM0NTY= (Encrypt client_id:client_secret by HTTP Basic)
payload: password=admin&username=admin&grant_type=password&scope=read

Get New access_token with refresh_token [TOP]

curl -X POST -vu ios_app:123456 http://localhost:8080/oauth/token -H "Accept: application/json" -d "grant_type=refresh_token&refresh_token=<refresh_token_returned>"

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/oauth/token
POST
headers: Authorization: Basic <Encrypt client_id:client_secret by HTTP Basic>
payload: grant_type=refresh_token&refresh_token=<refresh_token_returned>

Access to Welcome Resource [TOP]

Use the access_token returned to make the authorized request to the protected endpoint:

$ curl -X GET http://localhost:8080/welcome -H "Authorization: Bearer <access_token_returned>"

If the request is successful, your response status is 200(OK), and your body is:

{
  "id": 2,
  "content": "Hello, admin!"
}

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/welcome
GET
headers: Authorization: bearer <access_token_returned>

Access to User Resource [TOP]

1. Create New User [TOP]

curl -X POST "http://localhost:8080/resources/v1/users" -H "Authorization: bearer <access_token_returned>" -d "usr=tommy&name=tom&pwd=tom12345"

If the request is successful, your response status is 201(Created), and your body is:

{
  "id": 4,
  "name": "tom",
  "usr": "tommy",
  "description": "tom's account"
}

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/resources/v1/users
POST
headers: Authorization: bearer <access_token_returned>
payload: usr=tommy&name=tom&pwd=tom12345&description=tom's account

2. Show All Users [TOP]

$ curl -X GET "http://localhost:8080/resources/v1/users" -H "Authorization: bearer <access_token_returned>"

If the request is successful, your response status is 200(OK), and your body is:

[
  {
    "id": 1,
    "name": "root",
    "usr": "root",
    "description": "root account"
  },
  {
    "id": 2,
    "name": "admin",
    "usr": "admin",
    "description": "admin account"
  },
  {
    "id": 3,
    "name": "guest",
    "usr": "guest",
    "description": "guest account"
  },
  {
    "id": 4,
    "name": "tom",
    "usr": "tommy",
    "description": "tom's account"
  }
]

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/resources/v1/users
GET
headers: Authorization: bearer <access_token_returned>

You can add filter params like:

$ curl -X GET "http://localhost:8080/resources/v1/users?name=tom&createdDateAfter=2016-11-01&createdDateBefore=2016-11-30&sortBy=id:desc,name:desc" -H "Authorization: bearer <access_token_returned>"

If the request is successful, your response status is 200(OK), and your body is:

[
  {
    "id": 4,
    "name": "tom",
    "usr": "tommy",
    "description": "tom's account"
  }
]

3. Show Users in Page [TOP]

$ curl -X GET "http://localhost:8080/resources/v1/users?pageNo=1&pageSize=20&name=tom&sortBy=id:asc,name:desc" -H "Authorization: Bearer <access_token_returned>"

If the request is successful, your response status is 200(OK), and your body is:

{
  "content": [
    {
      "id": 9,
      "name": "tom",
      "usr": "tommy",
      "description": "tom's account"
    }
  ],
  "totalElements": 1,
  "last": true,
  "totalPages": 1,
  "size": 20,
  "number": 0,
  "sort": [
    {
      "direction": "ASC",
      "property": "id",
      "ignoreCase": false,
      "nullHandling": "NATIVE",
      "ascending": true
    },
    {
      "direction": "DESC",
      "property": "name",
      "ignoreCase": false,
      "nullHandling": "NATIVE",
      "ascending": false
    }
  ],
  "first": true,
  "numberOfElements": 1
}

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/resources/v1/users?pageNo=1&pageSize=20&name=tom&sortBy=id:asc,name:desc
GET
headers: Authorization: bearer <access_token_returned>

NOTE:

Param name Type Description
pageNo int Must be equal or greater than 1
pageSize int Must be equal or greater than 1
sortBy string Like paramA:asc,paramB:desc,paramC:asc,...

4. Show User by id [TOP]

$ curl -X GET "http://localhost:8080/resources/v1/users/4" -H "Authorization: Bearer <access_token_returned>"

If the request is successful, your response status is 200(OK), and your body is:

{
  "id": 4,
  "name": "tom",
  "usr": "tommy",
  "description": "tom's account"
}

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/resources/v1/users/4
GET
headers: Authorization: bearer <access_token_returned>

5. Update User by id [TOP]

curl -X PUT "http://localhost:8080/resources/v1/users/4" -H "Authorization: bearer <access_token_returned>" -d "name=jerry"

If the request is successful, your response status is 200(OK), and your body is:

{
  "id": 9,
  "name": "jerry",
  "usr": "tommy",
  "description": "tommy's account"
}

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/resources/v1/users/4
PUT
headers: Authorization: bearer <access_token_returned>
payload: name=jerry

6. Delete User by id [TOP]

curl -X DELETE "http://localhost:8080/resources/v1/users/4" -H "Authorization: bearer <access_token_returned>"

If the request is successful, your response status is 204(No Content)

or use Advanced REST client / Postman or other REST client:

url: http://localhost:8080/resources/v1/users/4
DELETE
headers: Authorization: bearer <access_token_returned>

Other resources [TOP]

Refer to previous user resource. And you can generate the sign with SignTest

Deploy [TOP]

  1. Build war and use tomcat.
  2. Build jar and run java -jar foo.jar
  3. Use Docker. You can build your docker image by Dockerfile. And run it with docker-compose.yml.

License [TOP]

MIT

Copyright (c) since 2015 saintdan

Version History [TOP]

Version history is here. ;)

About

REST service sample that protected by Spring OAuth 2

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 100.0%