Securing a REST API with OAuth 2.0
-
Introduction5m
-
-
LockedAdding Authentication5mLockedLimits of HTTP Basic5mLockedOAuth 2.0 and JWT10mLockedLab: Adding OAuth 2.0 Bearer JWT Authentication5mLockedAccessing Authentication in Spring MVC10mLockedLab: Accessing Authentication in Spring MVC30mLockedThe Big Picture10mLockedAccessing Authentication Anywhere10mLockedAccessing Authentication Anywhere20mLockedValidate Claims10mLockedLab - Validate Claims25mLockedProcessing Failures10mLockedLab - Processing Failures20m
-
-
-
LockedAuthorization Models Overview - Request vs. Method10mLockedOAuth 2.0 Scopes10mLockedAdding Request Authorization10mLockedLab: Adding Request Authorization10mLockedAdding Method Authorization10mLockedLab: Adding Method Authorization10mLockedAdding Data Authorization10mLockedLab: Adding Data Authorization10mLockedAdding Delegated Authorization10mLockedLab: Connecting to an Authorization Server10m
-
-
CompletedConclusion
Get free Spring training, led by the experts
Give your skills and career a bump with Spring—the world’s most popular Java framework. Your free account gives you access to our growing library of hands-on training, straight from the Spring experts.
Spring Security and Spring MVC provides multiple ways to access authentication information in your web application. The Authentication
method parameter type allows direct access to the authentication object. The @CurrentSecurityContext
annotation grants access to the entire security context, providing a comprehensive view of the authentication and other security-related information; remember that it provides the use of SpEL, type conversion and meta-annotations. Finally, the @AuthenticationPrincipal
annotation is suitable for extracting type-specific information from the principal, and you can see it as an alias of the @CurrentSecurityContext(expression = "authentication.principal")
.
By leveraging these mechanisms, you can implement secure and personalized features based on the user's authentication details in your Spring MVC application.
Now let's take a look at each of these in practice.
Felipe Gutierrez
Staff Engineer
Over 30 years of IT experience, during which he has developed programs for companies in multiple vertical industries, such as government, retail, healthcare, education, and banking. Book Author from Apress. Currently writing the Pro Spring Boot 3rd Edition.
Josh Cummings
Staff Engineer and Spring Security committer
Spring Security committer, Pluralsight author, and juggler.
Give Feedback
Help us improve by sharing your thoughts.