Skip to content

Latest commit

 

History

History
107 lines (84 loc) · 4.53 KB

getting-started.adoc

File metadata and controls

107 lines (84 loc) · 4.53 KB

Getting Started

If you are just getting started with Spring Authorization Server, the following sections walk you through creating your first application.

System Requirements

Spring Authorization Server requires a Java 17 or higher Runtime Environment.

Installing Spring Authorization Server

Spring Authorization Server can be used anywhere you already use Spring Security.

The easiest way to begin using Spring Authorization Server is by creating a Spring Boot-based application. You can use start.spring.io to generate a basic project or use the default authorization server sample as a guide. Then add Spring Boot’s starter for Spring Authorization Server as a dependency:

Maven
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>
Gradle
implementation "org.springframework.boot:spring-boot-starter-oauth2-authorization-server"
Tip
 See Installing Spring Boot for more information on using Spring Boot with Maven or Gradle.

Alternatively, you can add Spring Authorization Server without Spring Boot using the following example:

Maven
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-authorization-server</artifactId>
    <version>{spring-authorization-server-version}</version>
</dependency>
Gradle
implementation "org.springframework.security:spring-security-oauth2-authorization-server:{spring-authorization-server-version}"

Developing Your First Application

To get started, you need the minimum required components defined as a @Bean. When using the spring-boot-starter-oauth2-authorization-server dependency, define the following properties and Spring Boot will provide the necessary @Bean definitions for you:

application.yml
link:{docs-java}/sample/gettingstarted/application.yml[role=include]
Tip
 Beyond the Getting Started experience, most users will want to customize the default configuration. The next section demonstrates providing all of the necessary beans yourself.

Defining Required Components

If you want to customize the default configuration (regardless of whether you’re using Spring Boot), you can define the minimum required components as a @Bean in a Spring @Configuration.

These components can be defined as follows:

SecurityConfig.java
link:{docs-java}/sample/gettingstarted/SecurityConfig.java[role=include]

This is a minimal configuration for getting started quickly. To understand what each component is used for, see the following descriptions:

  1. A Spring Security filter chain for the Protocol Endpoints.

  2. A Spring Security filter chain for authentication.

  3. An instance of javadoc:org.springframework.security.core.userdetails.UserDetailsService[] for retrieving users to authenticate.

  4. An instance of RegisteredClientRepository for managing clients.

  5. An instance of com.nimbusds.jose.jwk.source.JWKSource for signing access tokens.

  6. An instance of java.security.KeyPair with keys generated on startup used to create the JWKSource above.

  7. An instance of javadoc:org.springframework.security.oauth2.jwt.JwtDecoder[] for decoding signed access tokens.

  8. An instance of AuthorizationServerSettings to configure Spring Authorization Server.