{"id":85811,"date":"2019-01-09T12:54:45","date_gmt":"2019-01-09T10:54:45","guid":{"rendered":"http:\/\/www.javacodegeeks.com\/?p=85811"},"modified":"2019-01-17T15:25:29","modified_gmt":"2019-01-17T13:25:29","slug":"create-secure-spring-rest-api","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2019\/01\/create-secure-spring-rest-api.html","title":{"rendered":"Create a Secure Spring REST API"},"content":{"rendered":"<p><span style=\"font-size: 20px;\"><b>\u201cI love writing authentication and authorization code.\u201d ~ No Java Developer Ever.<\/b> Tired of building the same login screens over and over? <a href=\"https:\/\/developer.okta.com\/signup?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Try the Okta API for hosted authentication, authorization, and multi-factor auth.<\/a><\/span><\/p>\n<p><em>\u201cIf it is useful, it will be modified.\u201d<\/em>&nbsp;Those words of wisdom came from a QA teacher of mine, to explain that all software evolves when it becomes useful to someone, and for as long as it is useful. We all know this. Users ask us for new features, bug fixes and changes in domain logic every day. As any project (especially a monolith) grows it can begin to become difficult to maintain, and the barrier to entry for anyone new just gets higher and higher. In this tutorial, I\u2019m excited to walk you through building a secure Spring REST API that tries to solve for some of these pain points using a microservices architecture.<\/p>\n<p>In a microservices architecture, you logically divide your application into several apps that can be more easily maintained and scaled, use different stacks, and support more teams working in parallel. But microservices are the simple solution to every scaling and maintenance problem.<\/p>\n<p>Microservices also present a number of architectural challenges that must be addressed:<\/p>\n<ul class=\"wp-block-list\">\n<li>How those services communicate?<\/li>\n<li>How should communication failures and availability be handled?<\/li>\n<li>How can a user\u2019s requests be traced between services?<\/li>\n<li>And, how should you handle user authorization to access a single service?<\/li>\n<\/ul>\n<p>Let\u2019s dig in and find out how to address these challenges when building a Spring REST API.<\/p>\n<h2 class=\"wp-block-heading\" id=\"secure-your-spring-rest-api-with-oauth-20\">Secure Your Spring REST API with OAuth 2.0<\/h2>\n<p>In&nbsp;<a href=\"https:\/\/www.oauth.com\/oauth2-servers\/the-resource-server\/\">OAuth 2.0<\/a>, a resource server is a service designed to handle&nbsp;<em>domain-logic<\/em>&nbsp;requests and does not have any kind of login workflow or complex authentication mechanism: it receives a pre-obtained access token that guarantees a user have grant permission to access the server and delivers the expected response.<\/p>\n<p>In this post, you are going to build a simple&nbsp;<em>Resource Server<\/em>&nbsp;with Spring Boot and Okta to demonstrate how easy it is. You will to implement a simple&nbsp;<em>Resource Server<\/em>&nbsp;that will receive and validate a&nbsp;<em>JWT Token<\/em>.<\/p>\n<h2 class=\"wp-block-heading\" id=\"add-a-resource-server-your-spring-rest-api\">Add a Resource Server Your Spring REST API<\/h2>\n<p>This example uses Okta to handle all authentication process. You can register for a&nbsp;<a href=\"https:\/\/developer.okta.com\/signup\/?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">free-forever developer account<\/a>&nbsp;that will enable you to create as many users and applications you need.<\/p>\n<p>I have set up some things so we can get started easily. Please clone the following resource repository and go to&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">startup<\/code>&nbsp;tag, as follows:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:xml; wrap-lines:false\">git clone -b startup https:\/\/github.com\/oktadeveloper\/okta-secure-spring-rest-api-example secure-spring-rest-api\ncd secure-spring-rest-api\n<\/pre>\n<p>This project has the following structure:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:xml; wrap-lines:false\">$ tree .\n.\n\u251c\u2500\u2500 README.md\n\u251c\u2500\u2500 mvnw\n\u251c\u2500\u2500 mvnw.cmd\n\u251c\u2500\u2500 pom.xml\n\u2514\u2500\u2500 src\n    \u251c\u2500\u2500 main\n    \u2502   \u251c\u2500\u2500 java\n    \u2502   \u2502   \u2514\u2500\u2500 net\n    \u2502   \u2502       \u2514\u2500\u2500 dovale\n    \u2502   \u2502           \u2514\u2500\u2500 okta\n    \u2502   \u2502               \u2514\u2500\u2500 secure_rest_api\n    \u2502   \u2502                   \u251c\u2500\u2500 HelloWorldController.java\n    \u2502   \u2502                   \u251c\u2500\u2500 SecureRestApiApplication.java\n    \u2502   \u2502                   \u2514\u2500\u2500 SecurityConfig.java\n    \u2502   \u2514\u2500\u2500 resources\n    \u2502       \u2514\u2500\u2500 application.properties\n    \u2514\u2500\u2500 test\n        \u2514\u2500\u2500 java\n            \u2514\u2500\u2500 net\n                \u2514\u2500\u2500 dovale\n                    \u2514\u2500\u2500 okta\n                        \u2514\u2500\u2500 secure_rest_api\n                            \u2514\u2500\u2500 SecureRestApiApplicationTests.java\n\n14 directories, 9 files\n<\/pre>\n<p>I created it using the excellent&nbsp;<a href=\"https:\/\/start.spring.io\/\">Spring Initializr<\/a>&nbsp;and adding&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">Web<\/code>&nbsp;and&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">Security<\/code>&nbsp;dependencies. Spring Initializr provides an easy way to create a new&nbsp;<a href=\"https:\/\/spring.io\/projects\/spring-boot\">Spring Boot<\/a>&nbsp;service with some common&nbsp;<em>auto-discovered<\/em>&nbsp;dependencies. It also adds the&nbsp;<a href=\"https:\/\/github.com\/takari\/maven-wrapper\">Maven Wrapper<\/a>: so you use the command&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">mvnw<\/code>&nbsp;instead of&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">mvn<\/code>, the tool will detect if you have the designated Maven version and, if not, it will download and run the specified command.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Fun fact<\/strong>: Did you know the Maven wrapper was originally created by Okta\u2019s own&nbsp;<a href=\"https:\/\/twitter.com\/briandemers\">Brian Demers<\/a>?!<\/p>\n<\/blockquote>\n<p>The file&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">HelloWorldController<\/code>&nbsp;is a simple&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">@RestController<\/code>&nbsp;that outputs \u201cHello World\u201d.<\/p>\n<p>In a terminal, you can run the following command and see Spring Boot start:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">mvnw spring-boot:run<\/pre>\n<p><strong>TIP:<\/strong>&nbsp;If this command doesn\u2019t work for you, try&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">.\/mvnw spring-boot:run<\/code>&nbsp;instead.<\/p>\n<p>Once it finishes loading, you\u2019ll have a REST API ready and set to deliver to you a glorious&nbsp;<em>Hello World<\/em>&nbsp;message!<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">&gt; curl http:\/\/localhost:8080\/\nHello World<\/pre>\n<p><strong>TIP:<\/strong>&nbsp;The&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">curl<\/code>&nbsp;command is not available by default for Windows users. You can download it from&nbsp;<a href=\"https:\/\/curl.haxx.se\/windows\/\">here<\/a>.<div style=\"display:inline-block; margin: 15px 0;\"> <div id=\"adngin-JavaCodeGeeks_incontent_video-0\" style=\"display:inline-block;\"><\/div> <\/div><\/p>\n<p>Now, you need to properly create a protected&nbsp;<em>Resource Server<\/em>.<\/p>\n<h2 class=\"wp-block-heading\" id=\"set-up-an-oauth-20-resource-server\">Set Up an OAuth 2.0 Resource Server<\/h2>\n<p>In the Okta dashboard, create an application of type&nbsp;<strong>Service<\/strong>&nbsp;it indicates a resource server that does not have a login page or any way to obtain new tokens.<\/p>\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-service-1024x697.png\" alt=\"\" class=\"wp-image-85814\" width=\"820\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-service-1024x697.png 1024w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-service-300x204.png 300w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-service-768x522.png 768w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-service.png 1073w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>Click&nbsp;<strong>Next<\/strong>, type the name of your service, then click&nbsp;<strong>Done<\/strong>. You will be presented with a screen similar to the one below. Copy and paste your&nbsp;<em>Client ID<\/em>&nbsp;and&nbsp;<em>Client Secret<\/em>&nbsp;for later. They will be useful when you are configuring your application.<\/p>\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/service-created-1024x655.png\" alt=\"\" class=\"wp-image-85815\" width=\"820\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/service-created-1024x655.png 1024w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/service-created-300x192.png 300w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/service-created-768x491.png 768w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/service-created.png 1148w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>Now, let\u2019s code something!<\/p>\n<p>Edit the&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">pom.xml<\/code>&nbsp;file and add dependencies for Spring Security and Okta. They will enable all the Spring AND Okta OAuth 2.0 goodness you need:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:xml\">&lt;!-- security - begin --&gt;\n&lt;dependency&gt;\n    &lt;groupId&gt;org.springframework.boot&lt;\/groupId&gt;\n    &lt;artifactId&gt;spring-boot-starter-security&lt;\/artifactId&gt;\n&lt;\/dependency&gt;\n&lt;dependency&gt;\n    &lt;groupId&gt;org.springframework.cloud&lt;\/groupId&gt;\n    &lt;artifactId&gt;spring-cloud-starter-oauth2&lt;\/artifactId&gt;\n&lt;\/dependency&gt;\n&lt;dependency&gt;\n    &lt;groupId&gt;com.okta.spring&lt;\/groupId&gt;\n    &lt;artifactId&gt;okta-spring-boot-starter&lt;\/artifactId&gt;\n    &lt;version&gt;0.6.1&lt;\/version&gt;\n&lt;\/dependency&gt;\n&lt;!-- security - end --&gt;\n<\/pre>\n<p>By simply adding this dependency, your code is going to be like a locked house without a key. No one can access your API until you provide a key to your users. Run the command below again.<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">mvnw spring-boot:run<\/pre>\n<p>Now, try to access the Hello World resource:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash; wrap-lines:false\">&gt; curl http:\/\/localhost:8080\/\n{\"timestamp\":\"2018-11-30T01:35:30.038+0000\",\"status\":401,\"error\":\"Unauthorized\",\"message\":\"Unauthorized\",\"path\":\"\/\"}\n<\/pre>\n<h2 class=\"wp-block-heading\" id=\"add-spring-security-to-your-rest-api\">Add Spring Security to Your REST API<\/h2>\n<p>Spring Boot has a lot of classpath magic and is able to discover&nbsp;<em>and<\/em>&nbsp;automatically configure dependencies. Since you have added Spring Security, it automatically secured your resources. Now, you need to configure Spring Security so you can properly authenticate the requests.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>NOTE:<\/strong>&nbsp;If you are struggling, you can check the modifications in Git branch&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">step-1-security-dependencies<\/code>.<\/p>\n<\/blockquote>\n<p>For that, you need to modify&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">application.properties<\/code>&nbsp;as follows (use&nbsp;<em>client_id<\/em>&nbsp;and&nbsp;<em>client_secret<\/em>&nbsp;provided by Okta dashboard to your application):<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">okta.oauth2.issuer=https:\/\/{yourOktaDomain}\/oauth2\/default\nokta.oauth2.clientId={clientId}\nokta.oauth2.clientSecret={clientSecret}\nokta.oauth2.scopes=openid<\/pre>\n<p>Spring Boot uses annotations and code for configuring your application so you do not need to edit super boring XML files. This means you can use the Java compiler to validate your configuration!<\/p>\n<p>I usually create configuration in different classes, each one have its own purpose. Create the class&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">net.dovale.okta.secure_rest_api.SecurityConfig<\/code>&nbsp;as follows:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:java; wrap-lines:false\">package net.dovale.okta.secure_rest_api;\n\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;\n\n@EnableWebSecurity\n@EnableResourceServer\npublic class SecurityConfig  {}\n<\/pre>\n<p>Allow me to explain what the annotations here do:<\/p>\n<ul class=\"wp-block-list\">\n<li><code class=\"highlighter-rouge\" style=\"font-size: 13px;\">@EnableWebSecurity<\/code>&nbsp;&#8211; tells spring we are going to use Spring Security to provide web security mechanisms<\/li>\n<li><code class=\"highlighter-rouge\" style=\"font-size: 13px;\">@EnableResourceServer<\/code>&nbsp;&#8211; convenient annotation that enables request authentication through OAuth 2.0 tokens. Normally, you would provide a&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">ResourceServerConfigurer<\/code>&nbsp;bean, but Okta\u2019s Spring Boot starter conveniently provides one for you.<\/li>\n<\/ul>\n<p>That\u2019s it! Now you have a completely configured and secured Spring REST API without any boilerplate!<\/p>\n<p>Run Spring Boot again and check it with cURL.<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash; wrap-lines:false\">mvnw spring-boot:run\n# in another shell\ncurl http:\/\/localhost:8080\/\n{\"error\":\"unauthorized\",\"error_description\":\"Full authentication is required to access this resource\"}\n<\/pre>\n<p>The message changed, but you still without access\u2026 why? Because now the server is waiting for an&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">authorization<\/code>&nbsp;<em>header<\/em>with a valid token. In the next step, you\u2019ll create an access token and use it to access your API.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>NOTE:<\/strong>&nbsp;Check the Git branch<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">step-2-security-configuration<\/code>&nbsp;if you have any doubt.<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"generate-tokens-in-your-spring-rest-api\">Generate Tokens in Your Spring REST API<\/h2>\n<p>So\u2026 how do you obtain a token? A resource server has no responsibility to obtain valid credentials: it will only check if the token is valid and proceed with the method execution.<\/p>\n<p>An easy way to achieve a token to generate one using&nbsp;<a href=\"https:\/\/oidcdebugger.com\/\">OpenID Connect &lt;debugger\/&gt;<\/a>.<\/p>\n<p>First, you\u2019ll need to create a new&nbsp;<strong>Web<\/strong>&nbsp;application in Okta:<\/p>\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-web-application-1024x542.png\" alt=\"\" class=\"wp-image-85817\" width=\"820\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-web-application-1024x542.png 1024w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-web-application-300x160.png 300w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-web-application-768x407.png 768w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/create-new-web-application.png 1048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>Set the&nbsp;<em>Login redirect URIs<\/em>&nbsp;field to&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">https:\/\/oidcdebugger.com\/debug<\/code>&nbsp;and&nbsp;<em>Grant Type Allowed<\/em>&nbsp;to&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">Hybrid<\/code>. Click&nbsp;<strong>Done<\/strong>&nbsp;and copy the client ID for the next step.<\/p>\n<p>Now, on the OpenID Connect&nbsp;website, fill the form in like the picture below (do not forget to fill in the client ID for your recently created Okta web application):<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"723\" height=\"588\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect.png\" alt=\"\" class=\"wp-image-85818\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect.png 723w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-300x244.png 300w\" sizes=\"(max-width: 723px) 100vw, 723px\" \/><\/figure>\n<p>Submit the form to start the authentication process. You\u2019ll receive an Okta login form if you are not logged in or you\u2019ll see the screen below with your custom token.<\/p>\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-token-1024x402.png\" alt=\"\" class=\"wp-image-85819\" width=\"820\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-token-1024x402.png 1024w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-token-300x118.png 300w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-token-768x301.png 768w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-token.png 1195w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>The token will be valid for one hour so you can do a lot of testing with your API. It\u2019s simple to use the token, just copy it and modify the curl command to use it as follows:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">&gt; export TOKEN=${YOUR_TOKEN}\n&gt; curl http:\/\/localhost:8080 -H \"Authorization: Bearer $TOKEN\"\nHello World\n<\/pre>\n<h2 class=\"wp-block-heading\" id=\"add-oauth-20-scopes\">Add OAuth 2.0 Scopes<\/h2>\n<p>OAuth 2.0 scopes is a feature that let users decide if the application will be authorized to make something restricted. For example, you could have \u201cread\u201d and \u201cwrite\u201d scopes. If an application needs the&nbsp;<em>write<\/em>&nbsp;scope, it should ask the user this specific scope. These can be automatically handled by Okta\u2019s authorization server.<\/p>\n<p>As a resource server, it can have different endpoints with different scope for each one. Next, you are going to learn how to set different scopes and how to test them.<\/p>\n<p>Add a new annotation to your&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">SecurityConfig<\/code>&nbsp;class:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:java\">@EnableWebSecurity\n@EnableResourceServer\n@EnableGlobalMethodSecurity(prePostEnabled = true)\npublic class SecurityConfig {}\n<\/pre>\n<p>The new&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">@EnableGlobalMethodSecurity(prePostEnabled = true)<\/code>&nbsp;annotation tells Spring to use&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Aspect-oriented_programming\">AOP<\/a>-like method security and&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">prePostEnabled = true<\/code>&nbsp;will enable&nbsp;<em>pre<\/em>&nbsp;and&nbsp;<em>post<\/em>&nbsp;annotations. Those annotations will enable us to define security programmatically for each endpoint.<\/p>\n<p>Now, make changes to&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">HelloWorldController.java<\/code>&nbsp;to create a&nbsp;<em>scope-protected<\/em>&nbsp;endpoint:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:java\">import org.springframework.security.access.prepost.PreAuthorize;\nimport java.security.Principal;\n...\n@PreAuthorize(\"#oauth2.hasScope('profile')\")\n@GetMapping(\"\/protected\/\")\npublic String helloWorldProtected(Principal principal) {\n    return \"Hello VIP \" + principal.getName();\n}\n<\/pre>\n<p>Pay attention to&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">@PreAuthorize(\"#oauth2.hasScope('profile')\")<\/code>. It says: before running this method, verify the request has authorization for the specified Scope. The&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">#oauth2<\/code>&nbsp;bit is added by&nbsp;<a href=\"https:\/\/docs.spring.io\/spring-security\/oauth\/apidocs\/org\/springframework\/security\/oauth2\/provider\/expression\/OAuth2SecurityExpressionMethods.html\">OAuth2SecurityExpressionMethods<\/a>&nbsp;(check the other methods available) Spring class and is added to your classpath through the&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">spring-cloud-starter-oauth2<\/code>&nbsp;dependency.<\/p>\n<p>OK! After a restart, your server will be ready! Make a new request to the endpoint using your current token:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">&gt; curl http:\/\/localhost:8080\/protected\/ -H \"Authorization: Bearer $TOKEN\"\n{\"error\":\"access_denied\",\"error_description\":\"Access is denied\"}<\/pre>\n<p>Since your token does not have the desired scope, you\u2019ll receive an&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">access is denied<\/code>&nbsp;message. To fix this, head back over to&nbsp;<a href=\"https:\/\/oidcdebugger.com\/debug\">OIDC Debugger<\/a>&nbsp;and add the new scope.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"692\" height=\"112\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-profile-scope.png\" alt=\"\" class=\"wp-image-85820\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-profile-scope.png 692w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/01\/openid-connect-profile-scope-300x49.png 300w\" sizes=\"(max-width: 692px) 100vw, 692px\" \/><\/figure>\n<p>Try again using the newly obtained token:<\/p>\n<pre class=\"wp-block-preformatted gutter: false;brush:bash\">&gt; curl http:\/\/localhost:8080\/protected\/ -H \"Authorization: Bearer $TOKEN\"\nHello VIP raphael@dovale.net<\/pre>\n<p>That\u2019s it! If you are in doubt of anything, check the latest repository branch&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">finished_sample<\/code>.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>TIP:<\/strong>&nbsp;Since&nbsp;<code class=\"highlighter-rouge\" style=\"font-size: 13px;\">profile<\/code>&nbsp;is a common OAuth 2.0 scope, you don\u2019t need to change anything in your authorization server. Need to create a custom scope? See this&nbsp;<a href=\"https:\/\/developer.okta.com\/blog\/2018\/10\/16\/token-auth-for-java#add-a-custom-scope?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Simple Token Authentication for Java Apps<\/a>.<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"learn-more-about-spring-and-rest-apis\">Learn More about Spring and REST APIs<\/h2>\n<p>In this tutorial, you learned how to use Spring (Boot) to create a resource server and seamlessly integrate it with OAuth 2.0. Both Spring and REST API\u2019s are huge topics, with lots to discuss and learn.<\/p>\n<p>The source code for this tutorial is&nbsp;<a href=\"https:\/\/github.com\/oktadeveloper\/okta-secure-spring-rest-api-example\">available on GitHub<\/a>.<\/p>\n<p>Here are some other posts that will help you further your understanding of both Spring and REST API security:<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2017\/06\/21\/what-the-heck-is-oauth?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">What the Heck is OAuth?<\/a><\/li>\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2018\/04\/02\/client-creds-with-spring-boot?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Secure Server-to-Server Communication with Spring Boot and OAuth 2.0<\/a><\/li>\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2018\/11\/26\/spring-boot-2-dot-1-oidc-oauth2-reactive-apis?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Spring Boot 2.1: Outstanding OIDC, OAuth 2.0, and Reactive API Support<\/a><\/li>\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2018\/10\/05\/build-a-spring-boot-app-with-user-authentication?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Add User Authentication to Your Spring Boot App in 15 Minutes<\/a><\/li>\n<\/ul>\n<p><span style=\"font-size: 20px;\"><b>\u201cI love writing authentication and authorization code.\u201d ~ No Java Developer Ever.<\/b> Tired of building the same login screens over and over? <a href=\"https:\/\/developer.okta.com\/signup?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Try the Okta API for hosted authentication, authorization, and multi-factor auth.<\/a><\/span><br \/>&nbsp;<br \/>&nbsp;<br \/><a href=\"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api?utm_campaign=text_website_all_multiple_dev_ciam_secure-spring-rest-api-12-18_null&amp;utm_source=jcg&amp;utm_medium=cpc\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api&amp;source=gmail&amp;ust=1547105431819000&amp;usg=AFQjCNGd36DOcDNGBAQkZPyQ3KyGUWa2eA\">&#8216;Create a Secure REST API&#8217;<\/a>&nbsp;was originally published on the Okta developer blog on December 18, 2018.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cI love writing authentication and authorization code.\u201d ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. \u201cIf it is useful, it will be modified.\u201d&nbsp;Those words of wisdom came from a QA teacher of mine, to explain that all &hellip;<\/p>\n","protected":false},"author":70622,"featured_media":240,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[54,30],"class_list":["post-85811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java","tag-restful-web-services","tag-spring"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Create a Secure Spring REST API - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Interested to learn about Spring REST API? Check our article explaining how to address microservices challenges when building a Spring REST API.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Secure Spring REST API - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about Spring REST API? Check our article explaining how to address microservices challenges when building a Spring REST API.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-09T10:54:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-17T13:25:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Raphael Do_vale\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Raphael Do_vale\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/create-secure-spring-rest-api.html\"},\"author\":{\"name\":\"Raphael Do_vale\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/2d25326ca456ba29bdebf6c24fda4213\"},\"headline\":\"Create a Secure Spring REST API\",\"datePublished\":\"2019-01-09T10:54:45+00:00\",\"dateModified\":\"2019-01-17T13:25:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/create-secure-spring-rest-api.html\"},\"wordCount\":1737,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"keywords\":[\"RESTful Web Services\",\"Spring\"],\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/create-secure-spring-rest-api.html\",\"url\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api\",\"name\":\"Create a Secure Spring REST API - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"datePublished\":\"2019-01-09T10:54:45+00:00\",\"dateModified\":\"2019-01-17T13:25:29+00:00\",\"description\":\"Interested to learn about Spring REST API? Check our article explaining how to address microservices challenges when building a Spring REST API.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"width\":150,\"height\":150,\"caption\":\"spring-interview-questions-answers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2018\\\/12\\\/18\\\/secure-spring-rest-api#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Create a Secure Spring REST API\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/2d25326ca456ba29bdebf6c24fda4213\",\"name\":\"Raphael Do_vale\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/576a053f49ea5125f5cf78cafd67379057e740a9b1e301abdbf3130243c37f26?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/576a053f49ea5125f5cf78cafd67379057e740a9b1e301abdbf3130243c37f26?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/576a053f49ea5125f5cf78cafd67379057e740a9b1e301abdbf3130243c37f26?s=96&d=mm&r=g\",\"caption\":\"Raphael Do_vale\"},\"sameAs\":[\"https:\\\/\\\/developer.okta.com\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/raphael-do_vale\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Create a Secure Spring REST API - Java Code Geeks","description":"Interested to learn about Spring REST API? Check our article explaining how to address microservices challenges when building a Spring REST API.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api","og_locale":"en_US","og_type":"article","og_title":"Create a Secure Spring REST API - Java Code Geeks","og_description":"Interested to learn about Spring REST API? Check our article explaining how to address microservices challenges when building a Spring REST API.","og_url":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_published_time":"2019-01-09T10:54:45+00:00","article_modified_time":"2019-01-17T13:25:29+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","type":"image\/jpeg"}],"author":"Raphael Do_vale","twitter_card":"summary_large_image","twitter_creator":"@javacodegeeks","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Raphael Do_vale","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/create-secure-spring-rest-api.html"},"author":{"name":"Raphael Do_vale","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/2d25326ca456ba29bdebf6c24fda4213"},"headline":"Create a Secure Spring REST API","datePublished":"2019-01-09T10:54:45+00:00","dateModified":"2019-01-17T13:25:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/create-secure-spring-rest-api.html"},"wordCount":1737,"commentCount":0,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","keywords":["RESTful Web Services","Spring"],"articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/create-secure-spring-rest-api.html","url":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api","name":"Create a Secure Spring REST API - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#primaryimage"},"image":{"@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","datePublished":"2019-01-09T10:54:45+00:00","dateModified":"2019-01-17T13:25:29+00:00","description":"Interested to learn about Spring REST API? Check our article explaining how to address microservices challenges when building a Spring REST API.","breadcrumb":{"@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","width":150,"height":150,"caption":"spring-interview-questions-answers"},{"@type":"BreadcrumbList","@id":"https:\/\/developer.okta.com\/blog\/2018\/12\/18\/secure-spring-rest-api#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Create a Secure Spring REST API"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/2d25326ca456ba29bdebf6c24fda4213","name":"Raphael Do_vale","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/576a053f49ea5125f5cf78cafd67379057e740a9b1e301abdbf3130243c37f26?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/576a053f49ea5125f5cf78cafd67379057e740a9b1e301abdbf3130243c37f26?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/576a053f49ea5125f5cf78cafd67379057e740a9b1e301abdbf3130243c37f26?s=96&d=mm&r=g","caption":"Raphael Do_vale"},"sameAs":["https:\/\/developer.okta.com"],"url":"https:\/\/www.javacodegeeks.com\/author\/raphael-do_vale"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/85811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/70622"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=85811"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/85811\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/240"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=85811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=85811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=85811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}