Spring Cloud Security

2.0.2

Spring Cloud Security offers a set of primitives for building secure applications and services with minimum fuss. A declarative model which can be heavily configured externally (or centrally) lends itself to the implementation of large systems of co-operating, remote components, usually with a central indentity management service. It is also extremely easy to use in a service platform like Cloud Foundry. Building on Spring Boot and Spring Security OAuth2 we can quickly create systems that implement common patterns like single sign on, token relay and token exchange.

Features

Spring Cloud Security features:

  • Relay SSO tokens from a front end to a back end service in a Zuul proxy

  • Relay tokens between resource servers

  • An interceptor to make a Feign client behave like OAuth2RestTemplate (fetching tokens etc.)

  • Configure downstream authentication in a Zuul proxy

Getting Started

If your app also has a Spring Cloud Zuul embedded reverse proxy (using @EnableZuulProxy) then you can ask it to forward OAuth2 access tokens downstream to the services it is proxying. Thus the SSO app above can be enhanced simply like this:

@SpringBootApplication
@EnableOAuth2Sso
@EnableZuulProxy
class Application {

}

and it will (in addition to logging the user in and grabbing a token) pass the authentication token downstream to the /proxy/* services. If those services are implemented with @EnableResourceServer then they will get a valid token in the correct header.

Quick start

Bootstrap your application with Spring Initializr.

Documentation

Each Spring project has its own; it explains in great details how you can use project features and what you can achieve with them.
2.0.2 SNAPSHOT CURRENT Reference Doc. API Doc.
2.0.1 CURRENT GA Reference Doc. API Doc.
1.2.4 SNAPSHOT CURRENT Reference Doc. API Doc.
1.2.3 CURRENT GA Reference Doc. API Doc.