Spring Security Mongo

A Commons Library to provide the repositories for mongo db

License

License

MIT
Categories

Categories

Security
GroupId

GroupId

uk.co.caeldev
ArtifactId

ArtifactId

spring-security-mongo
Last Version

Last Version

3.0.2
Release Date

Release Date

Type

Type

jar
Description

Description

Spring Security Mongo
A Commons Library to provide the repositories for mongo db
Project URL

Project URL

https://github.com/caelwinner/spring-security-mongo
Source Code Management

Source Code Management

https://github.com/caelwinner/spring-security-mongo.git

Download spring-security-mongo

How to add to project

<!-- https://jarcasting.com/artifacts/uk.co.caeldev/spring-security-mongo/ -->
<dependency>
    <groupId>uk.co.caeldev</groupId>
    <artifactId>spring-security-mongo</artifactId>
    <version>3.0.2</version>
</dependency>
// https://jarcasting.com/artifacts/uk.co.caeldev/spring-security-mongo/
implementation 'uk.co.caeldev:spring-security-mongo:3.0.2'
// https://jarcasting.com/artifacts/uk.co.caeldev/spring-security-mongo/
implementation ("uk.co.caeldev:spring-security-mongo:3.0.2")
'uk.co.caeldev:spring-security-mongo:jar:3.0.2'
<dependency org="uk.co.caeldev" name="spring-security-mongo" rev="3.0.2">
  <artifact name="spring-security-mongo" type="jar" />
</dependency>
@Grapes(
@Grab(group='uk.co.caeldev', module='spring-security-mongo', version='3.0.2')
)
libraryDependencies += "uk.co.caeldev" % "spring-security-mongo" % "3.0.2"
[uk.co.caeldev/spring-security-mongo "3.0.2"]

Dependencies

runtime (7)

Group / Artifact Type Version
org.springframework.boot : spring-boot-starter-web jar 2.0.1.RELEASE
org.springframework.boot : spring-boot-starter-security jar 2.0.1.RELEASE
org.springframework.boot : spring-boot-starter-data-mongodb jar 2.0.1.RELEASE
org.springframework.security.oauth : spring-security-oauth2 jar 2.3.0.RELEASE
com.google.guava : guava jar 19.0
com.fasterxml.jackson.core : jackson-databind jar
org.apache.commons : commons-lang3 jar 3.7

test (6)

Group / Artifact Type Version
org.springframework.boot : spring-boot-starter-test jar 2.0.1.RELEASE
org.assertj : assertj-core jar 3.5.2
uk.org.fyodor : fyodor-core jar 1.0.0
com.github.fakemongo : fongo jar 2.2.0-RC1
com.lordofthejars : nosqlunit-mongodb jar 0.14.0
com.jayway.jsonpath : json-path jar 0.9.1

Project Modules

There are no modules declared in this project.

Spring Security Mongo

Build Status Coverage Status Maven Central

Library to provide full implementation of all the repositories and provider necessary to have all the security persisted in MongoDB.

  • ApprovalStore
  • ClientDetailsService
  • ClientRegistrationService
  • TokenStore
  • UserDetailsManager
  • ClientTokenServices

Important

The library does not provides the necessary config to use these services, you will have to do that for your self. On the other hand I have another library that you can use shows how to configure all the services and have up and running your oauth2 server.

https://github.com/caelcs/base-auth2-server

How to use it

Step 1

Add as dependency to your project and then use the beans in your Spring Oauth2 Configuration

Note:

Spring Boot 2.x and Oath2 library and Mongo Driver 3.6 has bring a lot of changes that are not backward compatible unless that you play around with dependencies. So I have updated all the dependencies to use the latest from version 3.0.0.

  • Spring Boot 1.5.x -> use 2.0.0
  • Spring Boot 2.x.x -> use 3.0.0

Step 2

Add this annotation to your configuration class:

@Configuration
@EnableSecurityMongo
public class MongoSecurityConfiguration {

}

Having this annotation will define in your spring context all the necessary to use this library.

Step 3

Create in your mongo instance the user that you will use to access the database

db.createUser(
  {
    user: "oauth2",
    pwd: "testpass",
    roles: [ { role: "readWrite", db: "invoicer" } ]
  }
)

Step 4

define the following properties in your app if you want to use the default Mongo client. If you want to use your own version just DO NOT ADD these properties.

mongo.host=localhost
mongo.port=27017
mongo.database=testdb
mongo.username=testuser
mongo.password=testpassword

Creating users manually in Mongo DB

You can produce the json to create in your mongo instance the users by executing some of the integration tests or just insert this json:

Mongo User

{
    "_id" : "testuser",
    "_class" : "uk.co.caeldev.springsecuritymongo.domain.User",
    "password" : "testpassword",
    "userUUID" : LUUID("03479d48-93cf-5e55-974f-842eb0200ca8"),
    "authorities" : [ 
        {
            "role" : "ROLE_USER",
            "_class" : "org.springframework.security.core.authority.SimpleGrantedAuthority"
        }
    ],
    "accountNonExpired" : true,
    "accountNonLocked" : true,
    "credentialsNonExpired" : true,
    "enabled" : true
}

Mongo Client Detail

{
    "_id" : "testclient",
    "_class" : "uk.co.caeldev.springsecuritymongo.domain.MongoClientDetails",
    "clientSecret" : "testclientsecret",
    "scope" : [ 
        "read"
    ],
    "resourceIds" : [ 
        "oauth2-resource"
    ],
    "authorizedGrantTypes" : [ 
        "authorization_code", 
        "implicit"
    ],
    "registeredRedirectUris" : [ 
        "http://www.google.co.uk"
    ],
    "authorities" : [ 
        {
            "role" : "ROLE_CLIENT",
            "_class" : "org.springframework.security.core.authority.SimpleGrantedAuthority"
        }
    ],
    "accessTokenValiditySeconds" : 30000.0000000000000000,
    "refreshTokenValiditySeconds" : 30000.0000000000000000,
    "additionalInformation" : {},
    "autoApproveScopes" : [ 
        ""
    ]
}

Versions

Version
3.0.2
3.0.1
2.0.0
0.1.11
0.1.10
0.1.9
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0