(Quick Reference)

1 Introduction to the Spring Security OAuth2 Plugin - Reference Documentation

Authors: Brian Saville, Bobby Vandiver, Roy Willemse

Version: 3.0.0-RC2

Table of Contents

1 Introduction to the Spring Security OAuth2 Plugin

The OAuth2 plugin adds OAuth 2.0 support to a Grails application that uses Spring Security. It depends on Spring Security Core plugin.

Under the covers, Spring Security OAuth is used by the plugin to provide OAuth 2.0 services. This documentation specifies a few specific steps you will have to take in order to ensure proper integration with the underlying library.

This plugin provides support for Grails domain classes necessary for providing OAuth 2.0 authorization. The standard grant types described in RFC 6749 are supported by the plugin. Access to protected resources is controlled by a combination of Spring Security Core's methods, i.e. request maps, annotations, intercept maps and careful configuration of the Spring Security filter chains.

1.1 Change Log

  • 3.0.0-RC2
    • Upgrade to Spring Security OAuth 2.0.9-RELEASE
    • Fix issues with Grails 3.1.x (#114, PR #116)
  • 3.0.0-RC1
    • Upgrade to Grails 3.x
    • Make `readAuthentication` in `GormTokenStoreService` null safe (pull request #109)
    • Upgrade to Spring OAuth 2.0.8.RELEASE
  • 2.0-RC5
    • Upgrade to Spring OAuth 2.0.7.RELEASE for compatibility with Spring Security Core RC5 (issue #100)
    • Resolve minor problems affecting stateless access of OAuth 2.0 resources
    • Remove need to include `clientCredentialsAuthenticationProvider` in `grails.plugin.springsecurity.providerNames` list
    • Document using plugin to create only authorization server only or only a resource server (issue #71)
  • 2.0-RC4
    • Fix for Grails 2.5.0 (issue #76)
    • Add support for basic authentication (issue #80)
    • Fix access token header format in the docs (issue #84)
    • Throw exception on validation code save (issue #90)
    • Fixes and enhancements for additional information (issue #87)
    • Add support for unlimited refresh tokens (issue #75)
  • 2.0-RC3
    • Upgrade to Spring OAuth 2.0.6.RELEASE (issue #63)
    • Fix problems with updating access tokens (issues #49, #50, and #68)
    • Add TravisCI build
    • Ensure Set-Cookie header is not set in response
    • Fix handling of scope parameter (issue #64)
  • 2.0-RC2
    • Resolves session vulnerability (issue #42)
    • Upgrade to Spring Security OAuth2 2.0.4.RELEASE
    • Supports authorization auto-approval
    • Minor tweaks to domain models
  • 2.0-RC1
    • Complete overhaul of the plugin
    • Requires/supports Spring Security Core 2.0-RC4
    • Uses Spring Security OAuth2 2.0.2.RELEASE
    • Fix #13 - Make clientSecret optional in client configuration structure
    • Merge pull request #21 (Burt's cleanup)
    • Use log wrapper instead of log4j
    • Depends on Grails 2.0 or greater (consistent with core plugin)
  • 1.0.5
    • Initial release of plugin compatible with spring security core 2.0-RC2