diff --git a/cloud-foundry-uaa/cf-uaa-config/uaa.yml b/cloud-foundry-uaa/cf-uaa-config/uaa.yml
new file mode 100644
index 0000000000..b782c2b681
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-config/uaa.yml
@@ -0,0 +1,73 @@
+issuer:
+ uri: http://localhost:8080/uaa
+
+spring_profiles: postgresql,default
+
+database.driverClassName: org.postgresql.Driver
+database.url: jdbc:postgresql:uaadb2
+database.username: postgres
+database.password: postgres
+
+encryption:
+ active_key_label: CHANGE-THIS-KEY
+ encryption_keys:
+ - label: CHANGE-THIS-KEY
+ passphrase: CHANGEME
+
+login:
+ serviceProviderKey: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
+ L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
+ fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
+ AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
+ 7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
+ lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
+ ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
+ kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
+ gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
+ vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
+ A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
+ N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
+ qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
+ -----END RSA PRIVATE KEY-----
+ serviceProviderKeyPassword: password
+ serviceProviderCertificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
+ MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
+ MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
+ cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
+ CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
+ BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
+ BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
+ qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
+ znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
+ MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
+ gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
+ VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
+ VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
+ QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
+ 0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
+ KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
+ RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
+ -----END CERTIFICATE-----
+
+#The secret that an external login server will use to authenticate to the uaa using the id `login`
+LOGIN_SECRET: loginsecret
+
+jwt:
+ token:
+ signing-key: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAqUeygEfDGxI6c1VDQ6xIyUSLrP6iz1y97iHFbtXSxXaArL4a
+ ...
+ v6Mtt5LcRAAVP7pemunTdju4h8Q/noKYlVDVL30uLYUfKBL4UKfOBw==
+ -----END RSA PRIVATE KEY-----
+ verification-key: |
+ -----BEGIN PUBLIC KEY-----
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUeygEfDGxI6c1VDQ6xI
+ ...
+ AwIDAQAB
+ -----END PUBLIC KEY-----
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-client/pom.xml b/cloud-foundry-uaa/cf-uaa-oauth2-client/pom.xml
new file mode 100644
index 0000000000..8e31cc41fb
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-client/pom.xml
@@ -0,0 +1,43 @@
+
+
+ 4.0.0
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 2.1.3.RELEASE
+
+
+ com.example
+ cf-uaa-oauth2-client
+ 0.0.1-SNAPSHOT
+ uaa-client-webapp
+ Demo project for Spring Boot
+
+
+ 1.8
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-client
+
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+
+
+
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientApplication.java b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientApplication.java
new file mode 100644
index 0000000000..c9e81fcd5d
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientApplication.java
@@ -0,0 +1,13 @@
+package com.baeldung.cfuaa.oauth2.client;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CFUAAOAuth2ClientApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(CFUAAOAuth2ClientApplication.class, args);
+ }
+
+}
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientController.java b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientController.java
new file mode 100644
index 0000000000..b1631ed327
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/java/com/baeldung/cfuaa/oauth2/client/CFUAAOAuth2ClientController.java
@@ -0,0 +1,80 @@
+package com.baeldung.cfuaa.oauth2.client;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+
+@RestController
+public class CFUAAOAuth2ClientController {
+
+ @Value("${resource.server.url}")
+ private String remoteResourceServer;
+
+ private RestTemplate restTemplate;
+
+ private OAuth2AuthorizedClientService authorizedClientService;
+
+ public CFUAAOAuth2ClientController(OAuth2AuthorizedClientService authorizedClientService) {
+ this.authorizedClientService = authorizedClientService;
+ this.restTemplate = new RestTemplate();
+ }
+
+ @RequestMapping("/")
+ public String index(OAuth2AuthenticationToken authenticationToken) {
+ OAuth2AuthorizedClient oAuth2AuthorizedClient = this.authorizedClientService.loadAuthorizedClient(authenticationToken.getAuthorizedClientRegistrationId(), authenticationToken.getName());
+ OAuth2AccessToken oAuth2AccessToken = oAuth2AuthorizedClient.getAccessToken();
+
+ String response = "Hello, " + authenticationToken.getPrincipal().getName();
+ response += "";
+ response += "Here is your accees token :" + oAuth2AccessToken.getTokenValue();
+ response += "";
+ response += "You can use it to call these Resource Server APIs:";
+ response += "";
+ response += "Call Resource Server Read API";
+ response += "";
+ response += "Call Resource Server Write API";
+ return response;
+ }
+
+ @RequestMapping("/read")
+ public String read(OAuth2AuthenticationToken authenticationToken) {
+ String url = remoteResourceServer + "/read";
+ return callResourceServer(authenticationToken, url);
+ }
+
+ @RequestMapping("/write")
+ public String write(OAuth2AuthenticationToken authenticationToken) {
+ String url = remoteResourceServer + "/write";
+ return callResourceServer(authenticationToken, url);
+ }
+
+ private String callResourceServer(OAuth2AuthenticationToken authenticationToken, String url) {
+ OAuth2AuthorizedClient oAuth2AuthorizedClient = this.authorizedClientService.loadAuthorizedClient(authenticationToken.getAuthorizedClientRegistrationId(), authenticationToken.getName());
+ OAuth2AccessToken oAuth2AccessToken = oAuth2AuthorizedClient.getAccessToken();
+
+ HttpHeaders headers = new HttpHeaders();
+ headers.add("Authorization", "Bearer " + oAuth2AccessToken.getTokenValue());
+
+ HttpEntity entity = new HttpEntity<>("parameters", headers);
+ ResponseEntity responseEntity = null;
+
+ String response = null;
+ try {
+ responseEntity = restTemplate.exchange(url, HttpMethod.GET, entity, String.class);
+ response = responseEntity.getBody();
+ } catch (HttpClientErrorException e) {
+ response = e.getMessage();
+ }
+ return response;
+ }
+}
\ No newline at end of file
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/application.properties b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/application.properties
new file mode 100644
index 0000000000..de8e1a7b9f
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/application.properties
@@ -0,0 +1,23 @@
+# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
+#spring.security.oauth2.client.provider.*= # OAuth provider details.
+#spring.security.oauth2.client.registration.*= # OAuth client registrations.
+
+server.port=8081
+#server.servlet.context-path=/uaa-client-webapp
+
+uaa.url=http://localhost:8080/uaa
+resource.server.url=http://localhost:8082
+
+spring.security.oauth2.client.registration.uaa.client-name=UAA OAuth2 Client
+spring.security.oauth2.client.registration.uaa.client-id=client1
+spring.security.oauth2.client.registration.uaa.client-secret=client1
+spring.security.oauth2.client.registration.uaa.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.uaa.scope=resource.read,resource.write,openid,profile
+spring.security.oauth2.client.registration.uaa.redirect-uri=http://localhost:8081/login/oauth2/code/uaa
+#spring.security.oauth2.client.registration.uaa.redirect-uri=http://localhost:8081/**
+
+spring.security.oauth2.client.provider.uaa.token-uri=${uaa.url}/oauth/token
+spring.security.oauth2.client.provider.uaa.authorization-uri=${uaa.url}/oauth/authorize
+spring.security.oauth2.client.provider.uaa.jwk-set-uri=${uaa.url}/token_keys
+spring.security.oauth2.client.provider.uaa.user-info-uri=${uaa.url}/userinfo
+spring.security.oauth2.client.provider.uaa.user-name-attribute=user_name
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/templates/index.html b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/templates/index.html
new file mode 100644
index 0000000000..eb6e267b94
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-client/src/main/resources/templates/index.html
@@ -0,0 +1 @@
+tintin
\ No newline at end of file
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/pom.xml b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/pom.xml
new file mode 100644
index 0000000000..9cf8993cd2
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/pom.xml
@@ -0,0 +1,43 @@
+
+
+ 4.0.0
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 2.1.3.RELEASE
+
+
+ com.baeldung.cfuaa
+ cf-uaa-oauth2-resource-server
+ 0.0.1-SNAPSHOT
+ cf-uaa-oauth2-resource-server
+ Demo project for Spring Boot
+
+
+ 1.8
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-resource-server
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+
+
+
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerApplication.java b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerApplication.java
new file mode 100644
index 0000000000..51ad6e938d
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerApplication.java
@@ -0,0 +1,13 @@
+package com.baeldung.cfuaa.oauth2.resourceserver;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CFUAAOAuth2ResourceServerApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(CFUAAOAuth2ResourceServerApplication.class, args);
+ }
+
+}
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerRestController.java b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerRestController.java
new file mode 100644
index 0000000000..c08f17d8d8
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerRestController.java
@@ -0,0 +1,28 @@
+package com.baeldung.cfuaa.oauth2.resourceserver;
+
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@RestController
+public class CFUAAOAuth2ResourceServerRestController {
+
+ @GetMapping("/")
+ public String index(@AuthenticationPrincipal Jwt jwt) {
+ return String.format("Hello, %s!", jwt.getSubject());
+ }
+
+ @GetMapping("/read")
+ public String read(JwtAuthenticationToken jwtAuthenticationToken) {
+ return "Hello write: " + jwtAuthenticationToken.getTokenAttributes();
+ }
+
+ @GetMapping("/write")
+ public String write(Principal principal) {
+ return "Hello write: " + principal.getName();
+ }
+}
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerSecurityConfiguration.java b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerSecurityConfiguration.java
new file mode 100644
index 0000000000..d04d51cda3
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/java/com/baeldung/cfuaa/oauth2/resourceserver/CFUAAOAuth2ResourceServerSecurityConfiguration.java
@@ -0,0 +1,21 @@
+package com.baeldung.cfuaa.oauth2.resourceserver;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+public class CFUAAOAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .authorizeRequests()
+ .antMatchers("/read/**").hasAuthority("SCOPE_resource.read")
+ .antMatchers("/write/**").hasAuthority("SCOPE_resource.write")
+ .anyRequest().authenticated()
+ .and()
+ .oauth2ResourceServer()
+ .jwt();
+ }
+}
\ No newline at end of file
diff --git a/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/resources/application.properties b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/resources/application.properties
new file mode 100644
index 0000000000..ba9b95e0d4
--- /dev/null
+++ b/cloud-foundry-uaa/cf-uaa-oauth2-resource-server/src/main/resources/application.properties
@@ -0,0 +1,16 @@
+server.port=8082
+
+uaa.url=http://localhost:8080/uaa
+
+#approch1
+spring.security.oauth2.resourceserver.jwt.issuer-uri=${uaa.url}/oauth/token
+
+#approch2
+#spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${uaa.url}/token_key
+
+# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
+#security.oauth2.client.client-id=client1
+#security.oauth2.client.client-secret=client1
+
+#security.oauth2.resource.jwt.key-uri=${uaa.url}/token_key
+#security.oauth2.resource.token-info-uri=${uaa.url}/oauth/check_token