{"id":33023,"date":"2024-11-01T09:13:11","date_gmt":"2024-11-01T09:13:11","guid":{"rendered":"http:\/\/atmokpo.com\/w\/?p=33023"},"modified":"2024-11-01T11:29:18","modified_gmt":"2024-11-01T11:29:18","slug":"spring-boot-backend-development-course-implementing-login-and-logout-with-oauth2-implementing-and-applying-oauth2-with-spring-security","status":"publish","type":"post","link":"https:\/\/atmokpo.com\/w\/33023\/","title":{"rendered":"Spring Boot Backend Development Course, Implementing Login and Logout with OAuth2, Implementing and Applying OAuth2 with Spring Security"},"content":{"rendered":"<\/p>\n\n
1. Introduction<\/h2>\n
\n The authentication and authorization mechanisms of modern applications are very important. OAuth2 is a widely used framework for handling authentication and authorization across various platforms. This tutorial will explain the login and logout process through OAuth2 using Spring Boot and Spring Security step by step. The goal is to build a secure API that includes user authentication features.\n <\/p>\n<\/section>\n\n
2. Spring Boot and Spring Security Project Setup<\/h2>\n
2.1. Installation Requirements<\/h3>\n
\n The following software is required to proceed with this tutorial:\n <\/p>\n
\n
JDK 11 or higher<\/li>\n
Apache Maven<\/li>\n
IDE (IntelliJ IDEA, Eclipse, etc.)<\/li>\n<\/ul>\n
2.2. Project Creation<\/h3>\n
\n First, create a new Spring Boot project using Spring Initializr<\/code>. For dependencies, add \n Spring Web<\/code>, Spring Security<\/code>, and OAuth2 Client<\/code>.\n <\/p>\n
mvn clean install<\/code><\/pre>\n<\/section>\n\n
3. OAuth2 Authentication Setup<\/h2>\n
3.1. OAuth2 Provider Configuration<\/h3>\n
\n There are various OAuth2 providers, and in this tutorial, we will use Google OAuth2. Create a new project in the Google Cloud Console and generate an OAuth 2.0 client ID. \n The required information is the client ID and the client secret.\n <\/p>\n
3.2. Application Properties Configuration<\/h3>\n
\nAdd the following configuration to the src\/main\/resources\/application.yml<\/code> file:\n <\/p>\n
\n Create a class named SecurityConfig<\/code> for basic Spring Security configuration. This class \n extends WebSecurityConfigurerAdapter<\/code> to define the security configuration.\n <\/p>\n
import org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n@Configuration\n@EnableWebSecurity\npublic class SecurityConfig extends WebSecurityConfigurerAdapter {\n @Override\n protected void configure(HttpSecurity http) throws Exception {\n http\n .authorizeRequests()\n .antMatchers(\"\/\", \"\/login\", \"\/oauth2\/**\").permitAll() \/\/ Allow all users for paths related to login\n .anyRequest().authenticated() \/\/ Other requests are accessible only to authenticated users\n .and()\n .oauth2Login(); \/\/ OAuth2 login configuration\n }\n}<\/code><\/pre>\n<\/section>\n\n
5. Login and Logout<\/h2>\n
5.1. Login Processing<\/h3>\n
\n OAuth2 login processing is automatically managed by Spring Security. When a user accesses the \/login path, a login page is provided, and after login, they are redirected to the path set as the Redirect URI<\/code>.\n <\/p>\n
5.2. Logout Processing<\/h3>\n
\n Logout can be simply handled by setting the logout<\/code> path. After logging out, the user can be redirected to the home page.\n <\/p>\n
http.logout()\n .logoutSuccessUrl(\"\/\") \/\/ Redirect to home on logout\n .invalidateHttpSession(true); \/\/ Invalidate session\n<\/code><\/pre>\n<\/section>\n\n
6. Create Client Application<\/h2>\n
\n To test login and logout, a simple client application will be created. Users can verify their information after authenticating through their Google account.\n <\/p>\n
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;\nimport org.springframework.security.oauth2.client.web.userdetails.OAuth2UserService;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class UserController {\n\n private final OAuth2UserService oAuth2UserService;\n private final ClientRegistrationRepository clientRegistrationRepository;\n\n public UserController(OAuth2UserService oAuth2UserService, ClientRegistrationRepository clientRegistrationRepository) {\n this.oAuth2UserService = oAuth2UserService;\n this.clientRegistrationRepository = clientRegistrationRepository;\n }\n\n @GetMapping(\"\/user\")\n public String getUserInfo(Principal principal) {\n return \"User Info: \" + principal.getName(); \/\/ Return user info\n }\n}<\/code><\/pre>\n<\/section>\n\n
7. Testing and Conclusion<\/h2>\n
\n Once all settings are complete, run the application and access the \/login page. Click the Google login button to verify that the authentication process works correctly. \n Upon successful login, user information can be verified at the \/user path.\n <\/p>\n
\n In this tutorial, you learned the basics of OAuth2 login\/logout using Spring Boot. In the future, you can extend this with more complex authentication mechanisms using JWT, \n and add custom features tailored to your company’s requirements.\n <\/p>\n<\/section>\n