Simplify OAuth2 Authentication with Spring Cloud Hoxton: A Step‑by‑Step Guide
Learn how to quickly set up an OAuth2 authentication server using Spring Cloud Hoxton, including Maven dependencies, web security configuration, client details, and password‑grant testing, while also covering Spring Security’s {noop} password handling and providing useful code snippets for developers.
Background: many online tutorials on configuring OAuth2 are complex; this series simplifies it using Spring Cloud Hoxton.
Based on Spring Cloud OAuth, build a concise OAuth authentication center.
Refer to Ruan Yifeng’s article for OAuth2 grant types.
Project core versions: Spring Boot 2.2.0.M5, Spring Cloud Hoxton.M2, Spring Cloud OAuth2 2.2.0.M2.
Start Configuration
Maven Dependency Introduction
Only web and cloud‑oauth starters are required.
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
</dependencies>Configure Web Security to Intercept All Requests
Inject AuthenticationManager into Spring for OAuth server.
Create an in‑memory UserDetailsService with a test user.
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Override
protected UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("lengleng")
.password("{noop}lengleng")
.authorities("USER")
.build());
return manager;
}
}Configure OAuth2 Authorization Server
Define clientId, secret, and supported grant types (including refresh token).
@Configuration
@EnableAuthorizationServer
public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("appid")
.secret("{noop}secret")
.authorizedGrantTypes("password","authorization_code","client_credentials","implicit","refresh_token")
.scopes("all");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}The authentication server is now functional.
Test Password Grant
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d 'grant_type=password&username=lengleng&password=lengleng&scope=all' \
"http://appid:secret@localhost:8764/oauth/token"Summary
Spring Security 5 supports dynamic password encoding; the {noop} prefix tells Spring to use NoOpPasswordEncoder without custom implementation.
For more OAuth2 extensions, visit the author's blog at https://my.oschina.net/giegie.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java Architecture Diary
Committed to sharing original, high‑quality technical articles; no fluff or promotional content.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.