https://github.com/stormpath/stormpath-spring-security-boot-apikey-example

https://github.com/stormpath/stormpath-spring-security-boot-apikey-example

Last synced: 4 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/stormpath/stormpath-spring-security-boot-apikey-example
• Owner: stormpath
• Created: 2016-08-10T06:56:59.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2017-03-07T00:00:56.000Z (about 9 years ago)
• Last Synced: 2025-04-30T05:04:13.760Z (about 1 year ago)
• Language: Java
• Size: 7.81 KB
• Stars: 2
• Watchers: 7
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
#Stormpath is Joining Okta

We are incredibly excited to announce that [Stormpath is joining forces with Okta](https://stormpath.com/blog/stormpaths-new-path?utm_source=github&utm_medium=readme&utm-campaign=okta-announcement). Please visit [the Migration FAQs](https://stormpath.com/oktaplusstormpath?utm_source=github&utm_medium=readme&utm-campaign=okta-announcement) for a detailed look at what this means for Stormpath users.

We're available to answer all questions at [support@stormpath.com](mailto:support@stormpath.com).

## Introduction

The purpose of this example is to demonstrate using the `grant_type=client_credentials` OAuth2 workflow to access a restricted endpoint in a Spring Security Spring Boot WebMVC application with Stormpath integrated.

The only explicitly defined endpoint in this example is `/newApiKey`

The `/oauth/token` endpoint is provided by the Stormpath integration.

## Setup

Make sure that you've created a Stormpath account and that this application has access to your `apiKey.properties` file and a Stormpath Application href.

## Build

`mvn clean install`

## Run

```

STORMPATH_API_KEY_FILE= \

STORMPATH_APPLICATION_HREF= \

java -jar target/*.jar

```

## Use

The examples below use the httpie client (https://github.com/jkbrzt/httpie)

1. Get an api client key pair

    `http POST localhost:8080/newApiKey email= password=`

    

    Response:

    

    ```

    {

        "STATUS": "SUCCESS",

        "keyID": "",

        "keySecret": "",

        "msg": "This is for testing purposes only!"

    }

    ```

    

2. Make a `client_credentials` request to get an access token

    `http --auth : -f POST localhost:8080/oauth/token grant_type=client_credentials`

    

    Response:

    

    ```

    {

        "access_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...",

        "expires_in": 3600,

        "token_type": "Bearer"

    }

    ```

    

3. Hit the `/restricted` endpoint using the access token

   First, we'll hit the endpoint without authentication:

   

   `http localhost:8080/restricted`

   

   Response:

   

   ```

   {

       "fieldErrors": null,

       "message": "Full authentication is required to access this resource",

       "status": "error.accessDenied"

   }

   ```

    Next, we'll hit the endpoint with authentication:

    

    ```

    http localhost:8080/restricted \

    Authorization:"Bearer eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ..."

    ```

    

    Response:

    

    `You must have authenticated, or you wouldn't be here.`