Spring Boot Oauth2 Security

This post is an enhancement for my previous post which talks about how to secure your REST API using Spring security oauth2.
In case if you missed it, here is the place to grab.

Spring boot is one of the new inventions from Spring framework that makes developers' lives easier when building large scale applications. Here is a good place to grab the concepts.

If you check my previous post related to oauth2 security then you know there is a bit of configuration that needs to be done in Spring side. But on the other hand Spring boot will do all the hard work and we just need to tell them what to do by a simple annotation.

So this post is about how to configure Spring boot project with Spring security and Oauth2. Actually we can't really say configure because all most all configurations are done by Spring boot itself.

Source code :

Step 1
For this project I'm using H2 in memory database. Because of that you don't need to create any database and tables as the creation happens at run time. But if you want this project to use MySQL as the data source then first create the database and then create the tables.

 CREATE TABLE user (  
  email VARCHAR(50),  
  password VARCHAR(500),  
  activationkey VARCHAR(50) DEFAULT NULL,  
  resetpasswordkey VARCHAR(50) DEFAULT NULL  
 CREATE TABLE authority (  
 CREATE TABLE user_authority (  
   username VARCHAR(50) NOT NULL,  
   authority VARCHAR(50) NOT NULL,  
   FOREIGN KEY (username) REFERENCES user (username),  
   FOREIGN KEY (authority) REFERENCES authority (name),  
   UNIQUE INDEX user_authority_idx_1 (username, authority)  
 CREATE TABLE oauth_access_token (  
  token_id VARCHAR(256) DEFAULT NULL,  
  token BLOB,  
  authentication_id VARCHAR(256) DEFAULT NULL,  
  user_name VARCHAR(256) DEFAULT NULL,  
  client_id VARCHAR(256) DEFAULT NULL,  
  authentication BLOB,  
  refresh_token VARCHAR(256) DEFAULT NULL  
 CREATE TABLE oauth_refresh_token (  
  token_id VARCHAR(256) DEFAULT NULL,  
  token BLOB,  
  authentication BLOB  

  • user table - system users
  • authority -  roles
  • user_authority - many to many table for user and role
  • oauth_access_token - to hold access_token
  • oauth_refresh_token - to hold refresh_token
Add some seed data.

 INSERT INTO user (username,email, password, activated) VALUES ('admin', '', 'b8f57d6d6ec0a60dfe2e20182d4615b12e321cad9e2979e0b9f81e0d6eda78ad9b6dcfe53e4e22d1', true);  
 INSERT INTO user (username,email, password, activated) VALUES ('user', '', 'd6dfa9ff45e03b161e7f680f35d90d5ef51d243c2a8285aa7e11247bc2c92acde0c2bb626b1fac74', true);  
 INSERT INTO user (username,email, password, activated) VALUES ('rajith', '', 'd6dfa9ff45e03b161e7f680f35d90d5ef51d243c2a8285aa7e11247bc2c92acde0c2bb626b1fac74', true);  
 INSERT INTO authority (name) VALUES ('ROLE_USER');  
 INSERT INTO authority (name) VALUES ('ROLE_ADMIN');  
 INSERT INTO user_authority (username,authority) VALUES ('rajith', 'ROLE_USER');  
 INSERT INTO user_authority (username,authority) VALUES ('user', 'ROLE_USER');  
 INSERT INTO user_authority (username,authority) VALUES ('admin', 'ROLE_USER');  
 INSERT INTO user_authority (username,authority) VALUES ('admin', 'ROLE_ADMIN');  

Step 2
Configure WebSecurityAdapter

 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {  
   private UserDetailsService userDetailsService;  
   public PasswordEncoder passwordEncoder() {  
     return new StandardPasswordEncoder();  
   public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {  
   public void configure(WebSecurity web) throws Exception {  
   public AuthenticationManager authenticationManagerBean() throws Exception {  
     return super.authenticationManagerBean();  
   @EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)  
   private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {  
     protected MethodSecurityExpressionHandler createExpressionHandler() {  
       return new OAuth2MethodSecurityExpressionHandler();  

Step 3
Configuration for Oauth2

 public class OAuth2Configuration {  
   protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {  
     private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;  
     private CustomLogoutSuccessHandler customLogoutSuccessHandler;  
     public void configure(HttpSecurity http) throws Exception {  
           .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize"))  
   protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {  
     private static final String ENV_OAUTH = "authentication.oauth.";  
     private static final String PROP_CLIENTID = "clientid";  
     private static final String PROP_SECRET = "secret";  
     private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";  
     private RelaxedPropertyResolver propertyResolver;  
     private DataSource dataSource;  
     public TokenStore tokenStore() {  
       return new JdbcTokenStore(dataSource);  
     private AuthenticationManager authenticationManager;  
     public void configure(AuthorizationServerEndpointsConfigurer endpoints)  
         throws Exception {  
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {  
           .scopes("read", "write")  
           .authorizedGrantTypes("password", "refresh_token")  
           .accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800));  
     public void setEnvironment(Environment environment) {  
       this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);  

This is it. Try running Spring boot application by
mvn spring-boot:run

Then check your oauth2 security by executing following curls. 


  1. Thank you for sharing the information. And please update some useful article like this.

    digital marketing training Chennai

  2. I am reading the articles one by one since yesterday night and every time i find a new article grabbing my attention within a post.
    iOS Training in Chennai

  3. I read this book really awesome.You provided another one great article.I hope this information may change my carrier.

    Oracle SQL Training in Chennai

  4. Wow amazing i saw the article with execution models you had posted. It was such informative. Really its a wonderful article. Thank you for sharing and please keep update like this type of article because i want to learn more relevant to this topic.

    Web Designing Training in Chennai

  5. Nice article, is it possible SSO using spring oauth2 framework authorization and authentication please provide some example code

  6. The future of software testing is on positive note. It offers huge career prospects for talented professionals to be skilled software testers. Best software testing training institute in Chennai | Software Testing Training in Chennai | Software testing course in Chennai

  7. It’s really amazing that we can record what our visitors do on our site. Thanks for sharing this awesome guide. I’m happy that I came across with your site this article is on point,thanks again and have a great day.

    Microstrategy Training in Chennai

  8. You made some decent factors there. I looked on the internet for the difficulty and found most individuals will associate with along with your website.Keep update more excellent posts.

    Digital marketing company in Chennai

  9. Really an amazing post..! By reading your blog post i gained more information. Thanks a lot for posting unique information and made me more knowledgeable person. Keep on blogging!!
    Hadoop Training in Chennai Adyar

  10. I do believe all of the concepts you’ve introduced in your post. They’re very convincing and will definitely work. Nonetheless, the posts are too short for novices. May you please extend them a bit from subsequent time? Thank you for the post.

    Online Training in Chennai


  11. I do trust all of the concepts you’ve presented on your post. They’re really convincing and will definitely work. Still, the posts are too brief for newbies. May you please extend them a little from subsequent time?Also, I’ve shared your website in my social networks.

    Corporate Training in Chennai

  12. Great information shared in this blog. Helps in gaining concepts about new information and concepts.Awsome information provided.Very useful for the beginners.
    Dotnet Training in Chennai

  13. Nice Blog Provides Latest Telugu Movie Reviews and other news like Telugu Movie News , Telugu Political News and Movie Released Dates

  14. Wow amazing i saw the article with execution models you had posted. It was such informative.By explaining this type we can identify the concepts easily. So thank you for this sharing.

    SEO Training in Chennai

  15. Great information shared in this blog. Helps in gaining concepts about new information and concepts.Awsome information provided.Very useful for the beginners.
    SEO training in Chennai

  16. very useful information provided in this blog. concepts were explained in a detailed manner. Keep giving these types of information.
    SEO training in Chennai

  17. Wow really nice and by explaining with execution models we can easily interact with the concepts as well. And within this how it will be enabled with API systems? Other than that i am okey and if you are having some other suggestion mean share that please.

    Car Wash Services in Mumbai

  18. Pretty article! I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing.
    SAP Training in Chennai with placement | java training in chennai with placement

  19. We appreciate, result in I ran across what exactly I had been seeking. You could have wrapped up my own Some evening extended quest! Our god Bless you man. Use a fantastic time. Ok bye

    App-v Online Training By Realtime Trainer In India

    Dellboomi Online Training By Realtime Trainer In India

    Hadoop Online Training By Realtime Trainer In India

    My SQL Online Training By Realtime Trainer In India

  20. This blog having the details of Processes running. The way of running is explained clearly. The content quality is really great. The full document is entirely amazing. Thank you very much for this blog.
    SEO Company in India
    Digital Marketing Company in India

  21. A nice article here with some useful tips for those who are not used-to comment that frequently. Thanks for this helpful information I agree with all points you have given to us. I will follow all of them.

    Best Laser Clinic In Chennai

    Best Implant Clinic In Chennai

  22. Thank you for sharing the information here. Its much informative and really i got some valid information. You had posted the amazing article.

    MSBI Training in Chennai

    Informatica Training in Chennai

    Dataware Housing Training in Chennai