Spring Security Authorization Service

Description

Oauth2 authorization Server. this program is designed using Java and Spring Boot, which can be used to register and authenticate users and resource applications in an advanced way. This service can be used as register server

my website: https://alirezaalijani.ir

Details:

• Oauth service
• Authentication and Authorization froms
• Use fail attempts to block access
• Use java email client to send emails
• Different accesses for users
• Creating a professional and encrypted link to verify user actions (email verification)
• Create an html email template and send asymmetric emails
• Use Google recaptcha
• Jwt for api authentication
• ٍSecuring webservice
• Dockerized application with docker-compose

Goals

• Authentication & Authorization server
• Account validation
• User management
• Distributed service

How to use

Using maven and docker

Project dependencies

• Docker : Get Started
• docker-compose : Overview of Docker Compose
• maven : How to use or Download
• java 17

Config Project

1. Download or clone project

git clone https://github.com/alirezaalj/Spring-Security-Authorization-Service.git
or 
wget https://github.com/alirezaalj/Spring-Security-Authorization-Service/archive/refs/heads/master.zip

2. go to project folder open command line in there

cd Spring-Security-Authorization-Service
cp config-repository-copy/* config-repository/
cd config-repository 
git init
git add .
git commit -m "Initial commit" 
cd ..

email

• ~~gmail~~ account or other smtp email account
• ~~gmail~~ no longer support for Allow Less Secure App. So you should use other mail hosting.
• if using ~~gmail~~ first do fallow this two-step (no longer support) ######1- Two-Step Verification should be turned off. ######2- Allow Less Secure App(should be turned on). add your email info to conf/config-repository/oauth-mail.yml file and host info

my-spring:
  mail:
    host: <your smtp host> # your smtp host
    port: 587 # your smtp host port
    username: <your_emai_account> # your smtp account username
    password: <your_email_accunt_password>  #your smtp account password
    properties:
      mail:
        smtp:
          auth: true
          connectiontimeout: 5000
          timeout: 5000
          writetimeout: 5000
          starttls:
            enable: true # if your host has TLS is enabled else set false

3. After Any change in conf/config-repository you must run git commit -m "Config commit"

4. Change config-dev.env file configs:

5. In application folder cd Spring-Security-Authorization-Service build jar file and docker image

mvn clean install -DskipTests

5. Run Application docker compose

cd docker-compose

docker-compose --env-file config-dev.env up

application is ready on http://localhost:9000/

Use postman for Oauth client authorization: pkce, authorization_code

postman public workspace

https://www.postman.com/warped-station-341723/workspace/spring-auth-server/overview

application by default add 3 Oauth clients

6. Stop Application : docker compose

cd docker-compose

docker-compose --env-file config-dev.env dwon

login http://localhost:9000/auth/login

Run in development mode

Project dependencies:

Maven and Java

• maven : How to use or Download
• java 17

email

• ~~gmail~~ account or other smtp email account
• ~~gmail~~ no longer support for Allow Less Secure App. So you should use other mail hosting.
• if using ~~gmail~~ first do fallow this two-step (no longer support) ######1- Two-Step Verification should be turned off. ######2- Allow Less Secure App(should be turned on). add your email info to conf/config-repository/oauth-mail.yml file and host info

my-spring:
  mail:
    host: smtp.gmail.com # your smtp host
    port: 587 # your smtp host port
    username: <your_emai_account> # your smtp account username
    password: <your_email_accunt_password>  #your smtp account password
    properties:
      mail:
        smtp:
          auth: true
          connectiontimeout: 5000
          timeout: 5000
          writetimeout: 5000
          starttls:
            enable: true # if your host has TLS is enabled else set false

Database

• postgres : Run postgres on port 5432 with username: postgres And password: postgres
• i suggest using docker
• dockerhub : https://hub.docker.com/_/postgres
• using this commands for *pull *and use postgres whit docker
• run and pull PostgreSQL whit docker and config password to postgres on port 5432

docker run --name postgresql-container -p 5432:5432 -e POSTGRES_PASSWORD=postgres -d postgres

• create new database whit name : oauth_server_db

docker exec -it postgresql-container psql -U postgres -c "CREATE DATABASE oauth_server_db;"

• you can use pgadmin4 connecting to postgrsql
• if you are running postgrsql in your machine you can change conf/config-repository/oauth-postgres.yml file :

postgres:
  host: localhost
  db: oauth_server_db # database name
  user: postgres # username
  pass: postgres # password
  port: 5432 # port

Redis server

• redis server is used for saving login failures, but you can run project without using redis by changing conf/config-repository/oauth-app.yml

...
    login:
      theme: default
      validator:
        validate-url: ${application.info.host}/verification/{path}/{token}
      fall:
        service: memory # login failures will be saved on memory
        max-attempt: 10
        expire-after:
          duration: 1
          unit: DAYS
...

running redis: if you want to save failures on redis

...
    login:
      theme: default
      validator:
        validate-url: ${application.info.host}/verification/{path}/{token}
      fall:
        service: redis # login failures will be saved on redis
...

• Redis : Run redis on port 6379 with no username And password
• i suggest using docker
• dockerhub : https://hub.docker.com/_/redis
• using this commands for *pull *and use redis whit docker
• run and pull Redis whit docker and config on port 6379

docker run --name my-redis -p 6379:6379 -d redis

Running Project

1. go to project folder
2. cd "Oauth Authorzation Project" and Open this directory with your IDEA
3. open config-server module
4. copy all files inside conf/config-repository-copy/ to conf/config-repository/
5. open command line in config-repository and run this commands: git init git add . git commit -m "Initial commit config repo"
6. after any change on files in conf/config-repository/ you must commit them, then config server can pull them and make it available for other services
7. Start by spring-boot-maven-plugin with your IDEA

# or run with command line
cd config-server
# and
mvn spring-boot:run

8. project start on port 8888, and you can see the console - logging
9. and configs are available on urls: (you can check them) username: spring_config_user password: spring_config_user

• http://localhost:8888/oauth-app.yml
• http://localhost:8888/oauth-application.yml
• http://localhost:8888/oauth-base.yml
• http://localhost:8888/oauth-mail.yml
• http://localhost:8888/oauth-postgres.yml
• http://localhost:8888/oauth-redis.yml

10. If you are seen error like : error: invalid remote: origin it's because of bad configuration try change configuration file in config-server/src/main/resources/application.yml and change uri to absolute path of conf/config-repository

    config:
      server:
        git:
          uri: /home/user/Oauth2-Authorization-Project/conf/config-repository  # path to 'conf/config-repository' directory you can replace it with absolute path 
          default-label: master

After running Config Server we can run authorization-server

dependency:

1. postgrsql is running
2. redis is running -if using redis in fall config
3. config-server is running
4. email is configured

Start by spring-boot-maven-plugin with your IDEA

# or run with command line
cd authorization-serve
# and
mvn spring-boot:run

application is ready on http://localhost:9000/

The recaptcha is disabled if you have your domain recaptcha key and secret config them and make enable: true and commit changes inside config-repository

conf/config-repository/oauth-app.yml

google:
  recaptcha:
    enable: false
    key:
      site: <your google key-site> # your google key-site for domain like: localhost
      secret: <your google key-secret> # your google key-secret for domain like: localhost

The User configurations and OAuth2 Clients config

• all configs are static in class
• authorization-server/src/main/java/ir/alirezaalijani/security/authorization/service/initializers/DataSourceInitializer.java
• You can read more about Oauth2

images:

Login page:

Registering Page:

Forget Password:

Contact page:

Email Verification Template: