Securing a Spring Boot REST API with Okta

In this section, we will learn how to secure a Spring Boot REST API with Okta.


What is Okta?

Okta is primarily cloud-based identity and access management software that enables secure authentication, Single Sign-On (SSO), Active Directory (AD) and LDAP integration, the centralized deprovisioning of users, multifactor authentication (MFA), mobile identity management, and flexible policies for organization security and control.

Okta’s basis is based on the notion of Identity as a Service (IDaaS), which provides enterprises with a comprehensive solution for identity and access management. More Info - click here


Why Do We Use Okta?

1. Increased Security

It provides a strong and secure authentication architecture that protects enterprises against illegal access and data breaches.


2. Better User Experience

Users can access all applications with only one set of credentials thanks to Okta's single sign-on (SSO) capabilities, which make for a faster and more effective user experience.


3. Productivity

Okta boosts productivity by making application access faster and easier.


4. Scalability and Flexibility

Okta solutions are scalable to meet the growing demands of modern technology landscapes, adaptable to different environments.


5. Governance and Compliance

Okta ensures adherence to regulatory requirements and compliance standards, instilling trust among customers and partners.


6. Cost savings

Okta reduces the need for IT specialists and streamlines user account management, saving enterprises time and money.


7. Enhanced collaboration

Okta's API access control tools let developers build safe and smooth interfaces between apps, facilitating communication and information sharing between teams.

More Info - click here


Let's go through a simple example,

1. Register to Okta

Go to okta signup page using https://developer.okta.com/signup/ link, We will be taken to a page like the below image,

Then click on the "Sign up free for Developer Edition" button. We will be taken to a page like the below image,

We can register by entering our personal information and click on "Sign up" button or We can register by clicking "Continue with GitHub" or "Continue with Google". I am using my Google account to register to Okta.

Okta will work as authorization server and for our API it will give us access token. Only when we have the access token we will be able to access the secured API's in our application.


2. Create an application in Okta

Next we need to create an application in Okta. 

Navigate to "Applications" on the left panel and select the "application" option from the dropdown list and then click on "Create App Integration" like below image.

After clicking "Create App Integration" button, we will see a popup like below image, 

Then choose "API Services" and the click on "Next" button. We will be taken to a page like the below image,

Here we have to give the name of our application and then click on "Save" button. We will be taken to a page like the below image,

Remember to have "Client ID" and "Client Secret" safely with us for the future purpose.

Next, navigate to "Security" on the left panel and select the "API" option from the dropdown list. 

Remember to have Authorization Server URL "Issuer URI" with us for the future purpose. This is created by Okta by default for us.


3. Create Custom Scope

Scopes are identifiers used to specify what access privileges are being requested.

Click on edit button, We will be taken to a page like the below image,

Click on "Add Scope" button, we will see a popup like below image, 

Remember to have custom scope "knowledgefactory" with us for the future purpose.


4. Creating spring boot application

First, open the Spring initializr https://start.spring.io/ 

Then, Provide the Group and Artifact name. We have provided Group name com.knf.dev.demo and Artifact spring-boot-okta-secure-rest-api. Here I selected the Maven project - language Java 17 - Spring Boot 3.1.5 , Okta, and Spring Web.

Then, click on the Generate button. When we click on the Generate button, it starts packing the project in a .zip(spring-boot-okta-secure-rest-api) file and downloads the project. Then, Extract the Zip file.

Then, import the project on your favourite IDE.


Final Project Directory


Complete pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
   https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>3.1.5</version>
      <relativePath/> <!-- lookup parent from repository -->
   </parent>
   <groupId>com.knf.dev.demo</groupId>
   <artifactId>spring-boot-okta-secure-rest-api</artifactId>
   <version>0.0.1-SNAPSHOT</version>
   <name>spring-boot-okta-secure-rest-api</name>
   <description>Demo project for Spring Boot and Okta</description>
   <properties>
      <java.version>17</java.version>
   </properties>
   <dependencies>
      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-web</artifactId>
      </dependency>
      <dependency>
         <groupId>com.okta.spring</groupId>
         <artifactId>okta-spring-boot-starter</artifactId>
         <version>3.0.5</version>
      </dependency>

      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-test</artifactId>
         <scope>test</scope>
      </dependency>
   </dependencies>

   <build>
      <plugins>
         <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
         </plugin>
      </plugins>
   </build>

</project>


application.yaml 

okta:
  oauth2:
    issuer: https://<your-domain>/oauth2/default

Specify our issuer uri in application.yaml file.


Create Security Configuration

package com.knf.dev.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
                .authorizeHttpRequests((requests) -> requests
                        .requestMatchers("/public").permitAll()
                        .anyRequest().authenticated())
                .oauth2ResourceServer((oauth2) -> oauth2
                        .jwt(Customizer.withDefaults())
                )
                .build();
    }
}

@Configuration annotation indicating that an object is a source of bean definitions. @Configuration classes declare beans through @Bean -annotated methods.

The @EnableWebSecurity helps to configure the Spring security-related beans, here SecurityFilterChain. SecurityFilterChain is used by FilterChainProxy to determine which Spring Security Filter instances should be invoked for the current request. More Info - click here

The requestMatchers() facilitate all the ways of restricting requests that were supported by the removed methods. Here's an example that permits access to the /public endpoint without authentication.

permitAll() method is used to configure access rules for specific endpoints or resources, allowing unrestricted access to them without requiring authentication or authorization. So, here '/public' endpoint has access to any request. But, '/protected' end point is secured. We need access token to access it.


Create DemoController.java 

package com.knf.dev.demo.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DemoController {

    @GetMapping("/public")
    public String publicMsg(){

        return "Public...";
    }

    @GetMapping("/protected")
    public String protectedMsg(){

        return "Protected...";
    }
}


SpringBootOktaSecureRestApiApplication.java 

package com.knf.dev.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringBootOktaSecureRestApiApplication {

   public static void main(String[] args) {
      SpringApplication.run(SpringBootOktaSecureRestApiApplication.class, args);
   }

}


5. Verify our system is working as expected


Run the Spring Boot application - mvn spring-boot:run


OR 


Run this Spring boot application from 

  • IntelliJ IDEA IDE by right click - Run 'Application.main()' 
  • Eclipse/STS - You can right click the project or the Application.java file and run as java application or Spring boot application.


Get the access token 

URL to hit to get the access token

https://<your-domain>/oauth2/default/v1/token

For Authorization specify, [Username = Client ID and Password = Client Secret]

On request body specify,[grant_type client_credentials and scope knowledgefactory] like below images.


We can use this access token as a Bearer Token to hit the secured endpoint, 



Remove the token and hit the endpoint again, we will get Status: 401 Unauthorized 

Source code - click here!

Popular posts from this blog

Learn Java 8 streams with an example - print odd/even numbers from Array and List

Example 1: Java 8 program to print odd numbers from a List   import java.util.Arrays; import java.util.List; import java.util.stream.Collectors; /*Java 8 Program to find Odd Numbers from a List*/ public class DriverClass { public static void main( String [] args) { List < Integer > numbers = Arrays. asList( 1 , 4 , 8 , 40 , 11 , 22 , 33 , 99 ); List < Integer > oddNumbers = numbers.stream(). filter(o -> o % 2 != 0 ). collect(Collectors.toList()); System.out.println(oddNumbers); } } 1. Initialize List using Arrays.asList() method. Java's built-in Arrays.asList() method converts an array into a list. This method takes an array as an argument and returns a List object. 2.  Java List interface provides stream() method which returns a sequential Stream with list of Integer as its source. 3. The Java stream filter(...
Read more

Java Stream API - How to convert List of objects to another List of objects using Java streams?

Image
In this section, we will show you how to convert a List of objects to another List of objects in Java using the Java streams map(). The ‘map’ method maps each element to its corresponding result. Java Stream API   The Java Stream API provides a functional programming approach over the object oriented capabilities of Java. It is used for processing collections of objects. The Stream in Java can be defined as a sequence of elements from a source List, Set or Array. Most of the stream operations return a Stream. This avails engender a chain of stream operations(stream pipe-lining). The streams withal support the aggregate or terminal operations on the elements. for example, finding the sum or maximum element or finding the average etc...Stream operations can either be executed sequentially or parallel. when performed parallelly, it is called a parallel stream.   Stream map() Method   The Java 8 Stream map() is an intermediate operation. It converts Stream<obj1> to Str...
Read more

Registration and Login with Spring Boot + Spring Security + Thymeleaf

Image
In this section, we will learn how to create user registration and login using Spring boot, Spring security, Thymeleaf, JPA, and H2DB. The GitHub repository link is provided at the end of this tutorial. You can download the source code. Technologies used: Spring Boot 2.5.5  Spring Data JPA  Spring Security  Thymeleaf  Maven 3+  Java 17  H2 Database   User Interface User Registration Authentication Failed Authentication success Sign out Final Project Structure: Complete pom.xml: <? xml version ="1.0" encoding ="UTF-8" ?> < project xmlns ="http://maven.apache.org/POM/4.0.0" xmlns: xsi ="http://www.w3.org/2001/XMLSchema-instance" xsi :schemaLocation ="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd" > < modelVersion >4.0.0</ modelVersion > < parent > < groupId >org.springframework.boot</ groupId > < artifactId >spring-boot-starter-pare...
Read more

Java, Spring Boot Mini Project - Library Management System - Download

Image
Hello everyone, Hope you are doing well. Here, we provide a Library Management System mini-project for beginners, it's free for download. Maybe you can build more on top of this project and create your own product, that's all about you. The source code download link is provided at the end of this post. 1. Benefit of this project You could cover the following technologies and features by learning and debugging this mini project. Java 17 Java Stream Java Lamda Expressions Java Records Functional programming Object-oriented programming var Keyword in Java Generics in Java Java Switch Spring boot 2.6.4 Spring Security Thymeleaf template engine OpenCSV Spring Data JPA Server Side Pagination H2 Database  Bootstrap HTML CSS and more... 2. Objective Of Spring Boot On Library Management System The main objective of this project is to manage the details of the books, author, category, and publisher. Only Admin/Librarian will manage all these activities. Also, they can export the data in ...
Read more

ReactJS, Spring Boot JWT Authentication Example

Image
In this tutorial, we’ll create a user registration & login example using ReactJS, Spring Boot, Spring Security, and JWT authentication. You could download the source code from our Github repository, the download link is provided at the end of this tutorial. Technologies used Backend Technologies: Java 17 Spring Boot 2.7.0 Spring Security Spring Data JPA JWT H2 Database Frontend Technologies: React 17.0.1 Axios 0.27.2 Redux 4.0.5 Bootstrap 4.5.2 ReactJS - SpringBoot - JWT - Flow Backend Project Directory: Frontend Project Directory: Following is the screenshot of our application - User Registration: User Signin: Profile View: Access Resource: We will build two projects:  1. Backend:   spring-boot-security-jwt 2. Frontend: react-redux-jwt Project 1: spring-boot-security-jwt Pom.xml <?xml version = "1.0" encoding = "UTF-8" ?> <project xmlns = "http://maven.apache.org/POM/4.0.0" xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"...
Read more

Top 5 Java ORM tools - 2024

Image
  The term ORM refers to object-relational mapping, which uses objects to adapt programming languages to database systems while allowing them to function with SQL and object-oriented programming ideas. Any kind of database management system that can accomplish object mapping to the table in the virtual system is suitable for the implementation of ORM. Java has a wide variety of ORM tools, some of which are mentioned below: 1. Hibernate Hibernate is a lightweight, open-source, non-invasive Java ORM (Object-Relational Mapping) framework that allows developers to create objects that function independently of database software and create persistence logic in any Java or JavaEE application. It offers an abstraction layer, so developers don't have to bother about implementations; Hibernate handles these tasks internally, such as connecting to databases and creating queries to carry out CRUD operations, among other things. Persistence logic development is done with it. Persistence logic r...
Read more

Java - Blowfish Encryption and decryption Example

Image
Blowfish is an encryption method developed by Bruce Schneier in 1993 as an alternative to the DES encryption method. It is significantly faster than DES and provides good encryption speed, although no effective cryptanalysis technique has been found to date. It is one of the first secure block ciphers that is not protected by any patents and is therefore freely available for anyone to use. This is a symmetric block cipher algorithm. Block size: 64 bits Key size: variable size from 32 to 448 bits number of subsections: 18 [P-array] number of rounds: 16 number of substitution blocks: 4 [each with 512 records of 32 bits each] develop  Example 1: Encryption and decryption using Blowfish import java.io.UnsupportedEncodingException; import java.nio.charset.Charset; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.Base64; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSiz...
Read more

Spring boot video streaming example-HTML5

Image
Hello everyone, Today we will learn how to stream MP4 video using Spring Boot and Spring Web Flux.  The Source code download link is provided at the end of this post. New, Quarkus Practice User Interface   Project Structure: G radle(build.gradle) plugins { id 'org.springframework.boot' version '2.5.4' id 'io.spring.dependency-management' version '1.0.11.RELEASE' id 'java' } group = 'com.knf.demo' version = '0.0.1-SNAPSHOT' sourceCompatibility = '11' repositories { mavenCentral() } dependencies { implementation 'org.springframework.boot:spring-boot-starter-webflux' testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'io.projectreactor:reactor-test' } test { useJUnitPlatform() } Service (VideoStreamingService.java) package  com.knf.demo.service ; import org.springframework.beans.factory.annotation. Autowired ; import org.springframework...
Read more

Google Cloud Storage + Spring Boot - File Upload, Download, and Delete

Image
In this section, we will learn  how to  create a simple spring boot application to perform different file operations such as upload, download, list, and delete files from the Google Cloud Storage. 1.  A little bit of Background Google Cloud Storage Cloud Storage is a managed service for storing unstructured data. Store any amount of data and retrieve it as often as you like. More Info - click here! Spring Boot Spring Boot makes it easy to create stand-alone, production-grade Spring-based Applications that you can "just run".  More Info - click here! 2. Create a GCP Project First, Sign into the Google console at  https://console.cloud.google.com . You can create a new project by first selecting the project dropdown in the top left and selecting " New Project ". Next, specify your GCP  Project name  and  Project ID . Then  Click on the " CREATE " button. Copy " Project ID " and keep it for future purposes. 3. Create a Google Cloud Storage bucke...
Read more