How to do it...

The following steps will guide you to configure an Authorization Server and a Resource Server using Spring Security OAuth2:

1. Create the initial project using Spring Initializr, as we did for other recipes in this book. Go to https://start.spring.io/ and define the following data:
   • Set up the Group as com.packt.example
   • Define the Artifact as implicit-server
   • Add Web and Security as dependencies for this project

1. After creating the implicit-server project, import it to your IDE. If you are using Eclipse, import it as a Maven project.
2. Open the pom.xml file and add the following dependency as we will use the Spring Security OAuth2 project (I recommend you to use the latest version of this project, particularly if you are using JWT, which is not the case for this recipe):

<dependency>
 <groupId>org.springframework.security.oauth</groupId>
 <artifactId>spring-security-oauth2</artifactId>
</dependency>

1. Open the application.properties file and add the same configuration as we did for the first recipe to set up the user's credentials (which were username adolfo and password 123).
2. Create the UserProfile.java and UserController classes within the com.packt.example.implicitserver.api package. The content for both classes must be the as same provided for the first recipe (you can also download the source code from GitHub if you want).
3. Now create the OAuth2ResourceServer class with the following content to declare how to protect endpoints which matches the /api/** pattern. This class should be created within the com.packt.example.implicitserver.confi package:

@Configuration
@EnableResourceServer
public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter {
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().anyRequest().authenticated()
        .and()
            .requestMatchers().antMatchers("/api/**");
    }
}

1. Note that the Resource Server is being configured the same way we did when adding support for the Authorization Code grant type.

1. Create the OAuth2AuthorizationServer class as presented in the following code, to configure the Implicit grant type:

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("clientapp").secret("123456")
 .redirectUris("http://localhost:9000/callback")
 .authorizedGrantTypes("implicit")
            .accessTokenValiditySeconds(120)
 .scopes("read_profile", "read_contacts");
    }
}

1. The preceding class looks similar to the one created for the Authorization Code grant type. The difference now is that we are defining authorizedGrantTypes as Implicit and we are also defining a short validity time for the access token.
2. Run the application using your IDE actions or by running the Maven command, mvn spring-boot:run.