meecrowave-doc/src/main/jbake/content/meecrowave-oauth2/index.adoc - openwebbeans-meecrowave - Git at Google

 = Meecrowave OAuth2
 :jbake-date: 2017-01-08
 :jbake-type: page
 :jbake-status: published
 :jbake-meecrowavepdf:
 :jbake-meecrowavetitleicon: icon icon_puzzle_alt
 :jbake-meecrowavecolor: body-green
 :icons: font

 Starting with version 0.3.0.

 Coordinates:

 [source,xml]
 ----
 <dependency>
   <groupId>org.apache.meecrowave</groupId>
   <artifactId>meecrowave-oauth2</artifactId>
   <version>${meecrowave.version}</version>
 </dependency>
 ----

 A small OAuth2 server based on CXF implementation.

 See http://cxf.apache.org/docs/jax-rs-oauth2.html for more details.

 Here is the current configuration (mainly based on CXF one):

 include::../../../../../target/generated-doc/OAuth2Configuration.adoc[]

 These options are available through the CLI or through properties as usually with Meecrowave configuration.

 Note that meecrowave also provides a bundle which is an executable jar to run an OAuth2 server.

 Here is a sample usage of that bundle:

 [source,bash]
 ----
 java -jar meecrowave-oauth2-0.3.1-bundle.jar --users test=test --roles test=test
 ----

 Then just test your token endpoint:

 [source,bash]
 ----
 curl -XPOST http://localhost:8080/oauth2/token -d username=test -d password=test -d grant_type=password
 ----

 And you should get something like:

 [source,javascript]
 ----
 {
   "access_token":"5e2f211d4b4ccaa36a11d0876597f01e",
   "token_type":"Bearer",
   "expires_in":3600,
   "scope":"refreshToken",
   "refresh_token":"7ae5dc2e25925e5514b7e2e632cfa6a"
 }
 ----

 IMPORTANT: these example use inline users but you should configure a realm for a real usage.


 NOTE: this module is interesting if you plan to base your application development
 on Meecrowave because it shows how to use CLI configuration and wire it in your application
 but also how to use a 3rd party library (CXF there) and build a fatjar.

 == Authorization code case

 Authorization code flow is a bit more complicated but services (endpoints) can be activated (see configuration - `--oauth2-authorization-code-support`).

 You will need to configure CXF to point to the keystore/key to crypt/sign the token in session.
 It is properties based. All CXF properties (`rs.security.*`) are supported but prefixed with `oauth2.cxf.` to avoid
 to mix it with another configuration starting with `rs.*`.

 For instance you can use:

 [source,properties]
 ----
 oauth2.cxf.rs.security.keystore.type = jks
 oauth2.cxf.rs.security.keystore.file = /opt/keystores/oauth2.jks
 oauth2.cxf.rs.security.keystore.password = password
 oauth2.cxf.rs.security.keystore.alias = alice
 oauth2.cxf.rs.security.key.password = pwd
 ----
	= Meecrowave OAuth2
	:jbake-date: 2017-01-08
	:jbake-type: page
	:jbake-status: published
	:jbake-meecrowavepdf:
	:jbake-meecrowavetitleicon: icon icon_puzzle_alt
	:jbake-meecrowavecolor: body-green
	:icons: font

	Starting with version 0.3.0.

	Coordinates:

	[source,xml]
	----
	<dependency>
	<groupId>org.apache.meecrowave</groupId>
	<artifactId>meecrowave-oauth2</artifactId>
	<version>${meecrowave.version}</version>
	</dependency>
	----

	A small OAuth2 server based on CXF implementation.

	See http://cxf.apache.org/docs/jax-rs-oauth2.html for more details.

	Here is the current configuration (mainly based on CXF one):

	include::../../../../../target/generated-doc/OAuth2Configuration.adoc[]

	These options are available through the CLI or through properties as usually with Meecrowave configuration.

	Note that meecrowave also provides a bundle which is an executable jar to run an OAuth2 server.

	Here is a sample usage of that bundle:

	[source,bash]
	----
	java -jar meecrowave-oauth2-0.3.1-bundle.jar --users test=test --roles test=test
	----

	Then just test your token endpoint:

	[source,bash]
	----
	curl -XPOST http://localhost:8080/oauth2/token -d username=test -d password=test -d grant_type=password
	----

	And you should get something like:

	[source,javascript]
	----
	{
	"access_token":"5e2f211d4b4ccaa36a11d0876597f01e",
	"token_type":"Bearer",
	"expires_in":3600,
	"scope":"refreshToken",
	"refresh_token":"7ae5dc2e25925e5514b7e2e632cfa6a"
	}
	----

	IMPORTANT: these example use inline users but you should configure a realm for a real usage.


	NOTE: this module is interesting if you plan to base your application development
	on Meecrowave because it shows how to use CLI configuration and wire it in your application
	but also how to use a 3rd party library (CXF there) and build a fatjar.

	== Authorization code case

	Authorization code flow is a bit more complicated but services (endpoints) can be activated (see configuration - `--oauth2-authorization-code-support`).

	You will need to configure CXF to point to the keystore/key to crypt/sign the token in session.
	It is properties based. All CXF properties (`rs.security.*`) are supported but prefixed with `oauth2.cxf.` to avoid
	to mix it with another configuration starting with `rs.*`.

	For instance you can use:

	[source,properties]
	----
	oauth2.cxf.rs.security.keystore.type = jks
	oauth2.cxf.rs.security.keystore.file = /opt/keystores/oauth2.jks
	oauth2.cxf.rs.security.keystore.password = password
	oauth2.cxf.rs.security.keystore.alias = alice
	oauth2.cxf.rs.security.key.password = pwd
	----