2. Lack of etiquette and manners is a huge turn off.
KnolX Etiquettes
Punctuality
Respect Knolx session timings, you
are requested not to join sessions
after a 5 minutes threshold post
the session start time.
Feedback
Make sure to submit a constructive
feedback for all sessions as it is
very helpful for the presenter.
Silent Mode
Keep your mobile devices in silent
mode, feel free to move out of
session in case you need to attend
an urgent call.
Avoid Disturbance
Avoid unwanted chit chat during
the session.
3. 01 What is Spring Security?
02
03
04
05
Agenda
What is Oauth 2.0
OAuth 2.0 Roles
Advantages of OAuth 2.0
06 Demo
How does it works & Abstract Protocol flow
4. What is Spring Security
● Spring Security is a framework which provides various security features like:
authentication, authorization to create secure Java Enterprise Applications.
● It is a sub-project of Spring framework which was started in 2003 by Ben Alex.
Later on, in 2004, It was released under the Apache License as Spring Security
2.0.0.
● This framework targets two major areas of application are authentication and
authorization.
● We can apply authorization to authorize web request, methods and access to
individual domain.
5. What is OAuth 2.0
● Oauth 2.0 is an authorization protocol and not authentication protocol .
● OAuth is an authorization framework which allows limited access to protected
resources on behalf of resource owner .
● It delegates certain responsibilities to another server and enforces reusability .
● Works on the concept of Access Tokens .
6.
7. OAuth 2.0 Roles
● Resource Owner
● Client
● Authorization Server
● Resource Server
8. ● Resource Owner :- The resource owner is the user who authorizes an
application to access their account. The application’s access to the user’s
account is limited to the scope of the authorization granted (e.g. read or write
access) .
● Client :- The client is the system that requires access to the protected
resources. To access resources, the client must hold the appropriate Access
Token .
● Authorization Server :- This server receives requests from the Client for
Access Token and issues them upon successful authentication and consent
by the resource owner .
9. ● Resource Server :- A server that protects the user’s resource and receives
access request from the Client. It accepts and validates an Access Token
from the Client and returns the appropriate resource to it .
10. How does it work?
● Let's assume the client requests authorization to access protected resources
owned by the resource owner by redirecting the client to the authorization server.
● The resource access request is authenticated and authorized by the resource
owner from the web application, and the authorization grant is returned to the
client by an authorized endpoint.
● The client requests the access token from the authorization server by presenting
the authorization grant returned from the authorized endpoint and
authentication of its own identity to the token endpoint.
● The access token will be issued to the client for valid authentication and
authorization grant by the authorization server or authentication provider.
11. ● By presenting the access token for authentication, the client can request the
protected resources from the resource server.
● The requested resources are returned to the application (client) with the valid
access token from the resource server.
13. Advantages of OAuth 2.0
● OAuth 2.0 is a very flexible protocol that relies on SSL (Secure Sockets Layer
that ensures data between the web server and browsers remain private) to save
user access token.
● It has ability to share data for users without having to release personal
information.
● It uses tokenization to give limited access to the user's data.
● It is easy to implement and provides strong authentication.