Category : Spring Boot | Sub Category : Spring Boot | By Prasad Bonam Last updated: 2023-07-10 01:28:34 Viewed : 745
Real-time example of implementing Single Sign-On (SSO) in a Spring Boot application :
Lets consider a real-time example of implementing Single Sign-On (SSO) in a Spring Boot application using OAuth 2.0 with Google as the identity provider. In this scenario, users will be able to sign in to your Spring Boot application using their Google accounts.
Configure Google OAuth 2.0: Go to the Google Developers Console (https://console.developers.google.com/), create a new project, and enable the Google+ API. Then, create OAuth 2.0 credentials by following these steps:
http://localhost:8080/login/oauth2/code/google (replace with your actual domain if applicable).Configure Spring Boot Application Properties:
Add the following configuration properties to your application.properties or application.yml file:
properties# Google OAuth 2.0 Configuration spring.security.oauth2.client.registration.google.client-id=YOUR_CLIENT_ID spring.security.oauth2.client.registration.google.client-secret=YOUR_CLIENT_SECRET spring.security.oauth2.client.registration.google.redirect-uri={baseUrl}/login/oauth2/code/{registrationId} spring.security.oauth2.client.registration.google.scope=profile,email # Spring Security Configuration spring.security.oauth2.client.registration.google.client-name=Google spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/auth spring.security.oauth2.client.provider.google.token-uri=https://accounts.google.com/o/oauth2/token spring.security.oauth2.client.provider.google.user-info-uri=https://www.googleapis.com/oauth2/v3/userinfo spring.security.oauth2.client.provider.google.user-name-attribute=name
Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with the actual values obtained from the Google Developers Console.
WebSecurityConfigurerAdapter and override the configure(HttpSecurity http) method:javaimport org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.defaultSuccessUrl("/dashboard")
.and()
.logout()
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
}
}
javaimport org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class HomeController {
@GetMapping("/")
public String home() {
return "home";
}
@GetMapping("/dashboard")
public String dashboard() {
return "dashboard";
}
}
Create HTML Templates:
Create home.html and dashboard.html templates in the src/main/resources/templates directory with appropriate content.
Run the Application:
Run the Spring Boot application and access http://localhost:8080 in your browser. You will be redirected to the Google login page, where you can sign in with your Google account. After successful authentication, you will be redirected back to the applications dashboard.
This is a simplified example that demonstrates SSO using Google OAuth 2.0 in a Spring Boot application. Depending on your requirements, you may need to customize the application further, handle user information, and integrate with other identity providers.