Spring Cloud Security offers a set of primitives for building secure applications and services with minimum fuss. A declarative model which can be heavily configured externally (or centrally) lends itself to the implementation of large systems of co-operating, remote components, usually with a central indentity management service. It is also extremely easy to use in a service platform like Cloud Foundry. Building on Spring Boot and Spring Security OAuth2 we can quickly create systems that implement common patterns like single sign on, token relay and token exchange.
Features
Spring Cloud Security features:
Relay SSO tokens from a front end to a back end service in a Zuul proxy
Relay tokens between resource servers
An interceptor to make a Feign client behave like OAuth2RestTemplate (fetching tokens etc.)
Configure downstream authentication in a Zuul proxy
Getting Started
If your app also has a Spring Cloud Zuul embedded reverse proxy (using @EnableZuulProxy) then you can ask it to forward OAuth2 access tokens downstream to the services it is proxying. Thus the SSO app above can be enhanced simply like this:
@SpringBootApplication
@EnableOAuth2Sso
@EnableZuulProxy
class Application {
}
and it will (in addition to logging the user in and grabbing a token) pass the authentication token downstream to the /proxy/* services. If those services are implemented with @EnableResourceServer then they will get a valid token in the correct header.
Quick start
Bootstrap your application with Spring Initializr.
