This repository contains all the code for the Thymeleaf and WebFlux Spring Boot tutorial, illustrating how to protect functionality based on the user authorities and authentication status, and how to prevent CSRF attacks with Spring Security.
Prerequisites:
To install this example, first clone this repository:
git clone https://github.com/indiepopart/thymeleaf-security.gitcd thymeleaf-securityWith OktaCLI, register for a free developer account:
okta registerProvide the required information. Once you complete the registration, create a client application with the following command:
okta apps createYou will be prompted to select the following options:
- Application name: thymeleaf-security
- Type of Application: Web
- Type of Application: Okta Spring Boot Starter
- Redirect URI: Default
- Post Logout Redirect URI: Default
The OktaCLI will create the client application and configure the issuer, clientId and clientSecret in src/main/resources/application.properties. Update the issuer, client-id and client-secret in application.yml. Delete application.properties.
okta:
oauth2:
issuer: https://{yourOktaDomain}/oauth2/default
client-id: {clientId}
client-secret: {clientSecret}# to the Okta dashboard, and in the left menu, go to Security > API, the choose the default authorization server. In the Scopes tab, click Add Scope. Set the scope name as quiz and add a description, leave all the remaining fields with default values and click on Create.
In the project root, generate the application container image with the following Maven command:
./mvnw spring-boot:runOnce the application is up, go to http://localhost:8080/ and # with your Okta credentials.