I really need help with spring security. I studied the documentation in detail, but I could not understand many things. Some sample code is missing. I just don't know where to start.
Necessary:
- authorize the user via OAuth2,
- save the user to the database, since there are relationships in the tables to the User entity (I can’t imagine how you can do without saving).
- save the token or substitute it in headers. Needed in order to work with the resource server API through a user token.
In general, I plan to use VK as a resource server. But I know that there will also be difficulties. To begin with, I would like to do this for Google or Github.
I will be glad for any help! Code examples in which the items above are configured, I would also be grateful!
I sort of figured out the simplest authorization and wrote the following code:
@Configuration
@EnableWebFluxSecurity
public class OAuth2LoginSecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(authorize -> authorize
.anyExchange().authenticated()
)
.oauth2Login(withDefaults());
return http.build();
}
}
I can't move further. Perhaps I understand something wrong.