Don't let the sparklr sample confuse you (it does a lot more than you seem to need). Is this simple enough for you?
@ComponentScan
@EnableAutoConfiguration
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Configuration
@Order(Ordered.LOWEST_PRECEDENCE - 100)
protected static class OAuth2Config extends OAuth2AuthorizationServerConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.apply(new InMemoryClientDetailsServiceConfigurer())
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.accessTokenValiditySeconds(60)
.and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials")
.authorities("ROLE_CLIENT")
.scopes("read")
.secret("secret");
// @formatter:on
}
}
}
That's the auth server. The client is also easy (e.g. the one in the Spring OAuth project). P.S. this is all Spring OAuth 2.0 stuff (not yet released), but we're working on it (and the 1.0 features with XML config really aren't that much heavier).
N.B. This kind of defeats the object of OAuth2 (webapp clients are not supposed to collect user credentials). You should consider using grant_type=authorization_code
.