Set Up the Project with Dependencies
- Include the necessary dependencies such as Spring Security and OAuth2 client in your `pom.xml` file if you are using Maven:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
Create a Configuration Class
- Establish a configuration class to register the OAuth2 client. Define authorized clients' registration details in the `application.yml` or `application.properties` file.
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
)
.oauth2Login();
}
}
Configure OAuth2 Client
- Provide OAuth2 client configuration details in `application.yml`:
spring:
security:
oauth2:
client:
registration:
google:
client-id: your-client-id
client-secret: your-client-secret
scope: profile, email
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
authorization-grant-type: authorization_code
provider:
google:
authorization-uri: https://accounts.google.com/o/oauth2/auth
token-uri: https://oauth2.googleapis.com/token
user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo
user-name-attribute: sub
Handle User Authentication
- Create a controller to handle login functionality and redirect users after successful authentication.
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class HomeController {
@GetMapping("/home")
public String home() {
return "home"; // View name
}
@GetMapping("/")
public String index() {
return "index"; // View name
}
}
Setup Redirect URIs
- Ensure that the redirect URIs in your OAuth2 provider are configured correctly to match the application endpoints. This aligns with your application configuration in `application.yml`.
Custom Authentication Handling
- For advanced scenarios, override `OAuth2UserService` for custom user attribute mapping or add additional security checks if needed:
import java.util.Map;
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Service;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
@Service
public class CustomOAuth2UserService extends DefaultOAuth2UserService {
@Override
public OAuth2User loadUser(OAuth2UserRequest userRequest) {
OAuth2User user = super.loadUser(userRequest);
Map<String, Object> attributes = user.getAttributes();
// Custom logic like saving or processing user details
return new DefaultOAuth2User(singleton(new SimpleGrantedAuthority("ROLE_USER")), attributes, "name");
}
}
Conclusion
- Implementing SSO with OAuth 2.0 in Java involves setting up the Spring Security OAuth2 client, configuring client registration, and handling user authentication with appropriate endpoints. Tailor the default configuration to your specific use case for optimal functionality.
