Spring Boot Backend Development Course, Implementing Login and Logout with OAuth2, Adding Logic for Editing, Deleting Posts, and Verifying Authors

Table of Contents

1. Introduction
2. Introduction to Spring Boot
3. Overview of OAuth2
4. Implementing Login/Logout
5. Implementing Post Edit and Delete Features
6. Adding Author Confirmation Logic
7. Conclusion

Introduction

Today, we will learn how to develop a backend application using Spring Boot. This tutorial will cover how to implement login and logout using OAuth2, as well as how to add functionality for editing and deleting posts and author confirmation logic. Through this process, you will learn to utilize various features of Spring Boot.

Introduction to Spring Boot

Spring Boot is a framework that supports easy application development based on the Spring Framework. It helps you build applications quickly without complex configurations and supports various embedded servers (e.g., Tomcat, Jetty, etc.). The main benefits of Spring Boot are:

• Quick Start: Initial setup is simple, reducing development time.
• Auto Configuration: Automatically sets up necessary libraries and dependencies.
• Embedded Server: You can easily run applications locally without separate server configuration.
• Strong Community: There is a vibrant user base and ample resources available for learning and problem-solving.

Overview of OAuth2

OAuth2 is an authentication protocol that allows client applications to obtain permission to access user resources. Through OAuth2, users can securely manage access permissions for applications. OAuth2 supports several authentication methods (e.g., Authorization Code, Implicit, Resource Owner Password Credentials, etc.) and is widely used in web and mobile applications.

In this tutorial, we will implement user authentication using OAuth2 and add features for creating, editing, and deleting posts with this authentication information. We will primarily use the Authorization Code Grant method.

Implementing Login/Logout

We will explore how to implement OAuth2-based login/logout functionality in a Spring Boot application. In this process, we will use Spring Security to handle authentication and authorization. Let’s proceed to the next steps.

1. Add Dependencies

First, we need to add the necessary dependencies to the Maven pom.xml file. Please add the following dependencies:

      <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-security</artifactId>
      </dependency>
      <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-oauth2-client</artifactId>
      </dependency>
      <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-web</artifactId>
      </dependency>
    

2. Configure application.yml

Now we need to configure the OAuth2 client information. Set the following in the src/main/resources/application.yml file:

    spring:
      security:
        oauth2:
          client:
            registration:
              google:
                client-id: YOUR_CLIENT_ID
                client-secret: YOUR_CLIENT_SECRET
                scope: profile, email
                redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
                authorization-grant-type: authorization_code
            provider:
              google:
                authorization-uri: https://accounts.google.com/o/oauth2/auth
                token-uri: https://oauth2.googleapis.com/token
                user-info-uri: https://www.googleapis.com/userinfo/v2/me
    

3. Create SecurityConfig Class

Create a SecurityConfig class for secure application configuration. This class will handle the security settings of Spring Security.

    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

    @Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .antMatchers("/", "/login", "/error/**").permitAll()
                    .anyRequest().authenticated()
                    .and()
                .oauth2Login()
                    .defaultSuccessUrl("/home", true)
                    .failureUrl("/login?error");
        }
    }
    

4. Implement Login and Logout Controller

Create a HomeController class that will be called when users attempt to log in, handling the flow after login.

    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.GetMapping;

    @Controller
    public class HomeController {

        @GetMapping("/")
        public String index() {
            return "index"; // Return to index.html page
        }

        @GetMapping("/home")
        public String home() {
            return "home"; // Return to home.html page
        }
    }
    

At this point, basic login and logout functionality has been implemented. Users can now log in using their Google accounts.

Implementing Post Edit and Delete Features

Now that we have implemented basic login/logout functionality, we will add the ability to create, edit, and delete posts.

1. Create Entity and Repository for Posts

First, we need to create a Post entity and a JPA repository for it.

    import javax.persistence.*;
    import java.time.LocalDateTime;

    @Entity
    public class Post {
        @Id
        @GeneratedValue(strategy = GenerationType.IDENTITY)
        private Long id;
        
        private String title;
        private String content;

        @ManyToOne
        @JoinColumn(name="user_id")
        private User user; // Author information

        private LocalDateTime createdAt;
        private LocalDateTime updatedAt;

        // getters and setters
    }
    

    import org.springframework.data.jpa.repository.JpaRepository;

    public interface PostRepository extends JpaRepository {
    }
    

2. Implement Post Creation and Editing Functionality

Create a controller to handle post creation and editing functionality.

    import org.springframework.security.core.annotation.AuthenticationPrincipal;
    import org.springframework.stereotype.Controller;
    import org.springframework.ui.Model;
    import org.springframework.web.bind.annotation.*;

    @Controller
    @RequestMapping("/posts")
    public class PostController {

        private final PostRepository postRepository;

        public PostController(PostRepository postRepository) {
            this.postRepository = postRepository;
        }

        @GetMapping("/new")
        public String newPost(Model model) {
            model.addAttribute("post", new Post());
            return "newpost"; // Post creation page
        }

        @PostMapping
        public String createPost(@ModelAttribute Post post, @AuthenticationPrincipal User user) {
            post.setUser(user); // Set the currently logged-in user
            post.setCreatedAt(LocalDateTime.now());
            postRepository.save(post);
            return "redirect:/posts";
        }

        @GetMapping("/{id}/edit")
        public String editPost(@PathVariable Long id, Model model) {
            Post post = postRepository.findById(id).orElseThrow();
            model.addAttribute("post", post);
            return "editpost"; // Post editing page
        }

        @PostMapping("/{id}")
        public String updatePost(@PathVariable Long id, @ModelAttribute Post post) {
            post.setId(id);
            post.setUpdatedAt(LocalDateTime.now());
            postRepository.save(post);
            return "redirect:/posts";
        }
    }
    

3. Implement Post Deletion Functionality

Add a method for deleting posts to the PostController.

    @DeleteMapping("/{id}")
    public String deletePost(@PathVariable Long id) {
        postRepository.deleteById(id);
        return "redirect:/posts";
    }
    

Adding Author Confirmation Logic

Finally, we add author confirmation logic to ensure that users can only edit or delete their own posts. To do this, we will add logic that compares the logged-in user’s information with the author of the post.

    @PostMapping("/{id}/edit")
    public String editPost(@PathVariable Long id, @AuthenticationPrincipal User user) {
        Post post = postRepository.findById(id).orElseThrow();
        if (!post.getUser().equals(user)) {
            throw new AccessDeniedException("You cannot edit this post."); // Access denied exception
        }
        return "editpost"; // Move to edit page
    }

    @DeleteMapping("/{id}")
    public String deletePost(@PathVariable Long id, @AuthenticationPrincipal User user) {
        Post post = postRepository.findById(id).orElseThrow();
        if (!post.getUser().equals(user)) {
            throw new AccessDeniedException("You cannot delete this post."); // Access denied exception
        }
        postRepository.deleteById(id);
        return "redirect:/posts";
    }
    

Conclusion

In this tutorial, we learned how to implement OAuth2-based login and logout functionality using Spring Boot, and how to add features for creating, editing, and deleting posts. Additionally, we established safeguards to ensure that users can only edit or delete their own posts through author confirmation logic. Through this process, we became acquainted with the basic usage of Spring Boot and OAuth2, gaining foundational knowledge necessary for actual application development.

We hope to continue learning about various features using Spring Boot and improve our skills further. Wishing you the best of luck on your development journey!