Backend Development 4 min read

Simplify OAuth2 Setup with Spring Cloud Hoxton: A Step‑by‑Step Guide

This tutorial walks you through building a lightweight OAuth2 authentication server using Spring Cloud Hoxton, covering required dependencies, web security configuration, client details, grant types, testing with the password flow, and key insights on Spring Security password handling.

Java Architecture Diary

Aug 30, 2019

Simplify OAuth2 Setup with Spring Cloud Hoxton: A Step‑by‑Step Guide

Background

Many online tutorials on configuring OAuth2 are complex; this series uses the latest Spring Cloud Hoxton to build a simple OAuth2 authentication server.

Dependencies

Only the web starter and spring-cloud-starter-oauth2 are required.

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-oauth2</artifactId>
    </dependency>
</dependencies>

Web Security Configuration

Inject the AuthenticationManager and define an in‑memory UserDetailsService with a test user.

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    @Override
    protected UserDetailsService userDetailsService() {
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("lengleng")
                .password("{noop}lengleng")
                .authorities("USER")
                .build());
        return manager;
    }
}

OAuth2 Authorization Server

Configure client details, supported grant types (including refresh token), and scopes.

@Configuration
@EnableAuthorizationServer
public class BigAuthServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("appid")
                .secret("{noop}secret")
                .authorizedGrantTypes("password","authorization_code","client_credentials","implicit","refresh_token")
                .scopes("all");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.authenticationManager(authenticationManager)
                 .userDetailsService(userDetailsService);
    }
}

Testing Password Grant

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d 'grant_type=password&username=lengleng&password=lengleng&scope=all' \
"http://appid:secret@localhost:8764/oauth/token"

Summary

Spring Security 5 supports {noop} passwords via NoOpPasswordEncoder, eliminating the need for a custom PasswordEncoder.

For more OAuth2 extensions, visit the author's blog.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.

Backend Java Authentication Spring Cloud OAuth2 spring-security

Written by

Java Architecture Diary

Committed to sharing original, high‑quality technical articles; no fluff or promotional content.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.