The document discusses how to secure a RESTful web service using OAuth 2.0 authentication in three steps: 1) Obtain a secret code by authorizing with a client ID and credentials, 2) Use the secret code to obtain an access token, and 3) Include the access token in the header when accessing the secured web service. An example Mule flow is provided to demonstrate implementing OAuth 2.0 security for a REST API using the authorization code grant type.

1. By Anirban Sen Chowdhary

2. We often required to secure our web services specially those are accessed by the
external world.
What about securing a RESTful web services ???

4. Yes .. We can .. I will show you this trick .. How ??

5. We can easily secure our REST service using OAUTH 2.0

6. For implementing OAUTH 2.0 in our REST web service we require 3
steps :-
• Authorisation to obtain a secret code
• Use that secret code to obtain an access_token
• Use the access_token to validate and access the web service

7. Let us we have following Mule flow:-
Here is our web service which will be secured by using OAUTH 2.0 security. You can
see the OAUTH 2.0 component is placed between HTTP and CXF component which
will validate the access_token and will permit to accesses the web service

8. The corresponding Mule flow will be as follows:-
Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP

9. Here you can see we have configured the Spring security with username and
password to obtain a secret code. Also in oauth2 provider config we configured
client id and client secret

10. Authorization to obtain a secret code

11. Now we will go with first step :
Step 1 :- Authorisation to obtain a secret code
We will put the following url in browser :-
http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1-
9237-96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert
You can see we are passing client id and client code in our url and we will
get the above page for login

12. We will be providing the username and password configure in our Spring security
in Mule Config:-
username john and password is doe in our case, and we will hit login
and Authorize button

13. We will get a secrete code in browser url as following :-
We will use that secret code to obtain an access_token

14. Use that secret code to obtain an access_token

15. Now we will go with second step :
Step 2 :- Use that secret code to obtain an access_token
We need to include the secret code in our url as follows :-
http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1-
9237-96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20-
96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX8
5YOxNlLFTg&redirect_uri=http://localhost:8082/getData/insert
We will use that secret code to obtain an access_token.
And now you can see we got the access_token in the browser.
And this access_token will be using to access our web service

16. Use the access_token to validate and access the web service

17. Now we will go with third step :
Step 3 :- Use the access_token to validate and access the web service
We need the access_token to be pass as a header when accessing web service as
follows
You can see we are using REST Client for testing our web service and
passing the access_token in the header

18. Now, you can see that if we hit the web service in the REST Client with the an
access_token in the header, the secured service is providing the response

19. In my next slide I will bring some other techniques in Mule
implementation .
Hope you have enjoyed this simpler version.
Keep sharing your knowledge and let our Mule community grow 