spring-security-oauth2

问题 Is it possible to use JSON Web Encryption(JWE) with Spring Security OAuth2 JWT ? Right now I have a following JwtAccessTokenConverter : @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter() { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { DBUserDetails user = (DBUserDetails) authentication.getUserAuthentication().getPrincipal(); final Map<String, Object>

问题 I'm trying to move my project to Spring Boot 1.5.1 and right now my configuration of Outh2 + JWT tokens stopped working. Right now I receive 401 error while performing a following test: RestTemplate restTemplate = new RestTemplate(); CreateDecisionRequest decisionRequest = new CreateDecisionRequest(name, description, url, imageUrl, parentDecisionId, tenantId); HttpHeaders headers = new HttpHeaders(); headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON)); headers.add(SecurityTestUtils

问题 I have two resource servers: one that has an API for emailing notifications and one that runs scheduled tasks. When a scheduled task starts, I want to call out to the email service to notify users that their task is starting. Both services use OAuth2 for authentication. The scheduled task service has client credentials set up so that it can get an access token by presenting it's client credentials: To accomplish this, I'm using Spring Boot with Spring Security OAuth2. The Task service has an

问题 I have two resource servers: one that has an API for emailing notifications and one that runs scheduled tasks. When a scheduled task starts, I want to call out to the email service to notify users that their task is starting. Both services use OAuth2 for authentication. The scheduled task service has client credentials set up so that it can get an access token by presenting it's client credentials: To accomplish this, I'm using Spring Boot with Spring Security OAuth2. The Task service has an

问题 Is it possible to combine authoryzation and authentication by login basic and by oauth2 in one application? My project is based on jhipster project with simple spring security session login, now i need add oauth2 security for mobile app and it's look like it is not possible. Now i have situation when work one of them, oauth2 ok if WebSecurityConfigurerAdapter had bigger order number than ResourceServerConfiguration. That's mean if oauth security filter is first. I read a lot in stackoverflow

问题 what is recommended way to create custom pages OAuth Approval page: I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point? I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same. 回答1: The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm

问题 what is recommended way to create custom pages OAuth Approval page: I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point? I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same. 回答1: The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm

问题 I have Spring Boot (1.2.1.RELEASE) application that serves OAuth2 (2.0.6.RELEASE) authorization and resource server in one application instance. It uses custom UserDetailsService implementation that makes use of MongoTemplate to search users in MongoDB. Authentication with grant_type=password on /oauth/token works like a charm, as well as authorization with Authorization: Bearer {token} header while calling for specific resources. Now I want to add simple OAuth confirm dialog to the server,

问题 I am developing spring-social-login using Spring Boot . In this example, I have created App on the https://developers.facebook.com. When I am trying to login using the Facebook into my application, I see the below error comes. Why ?? URL blocked: This redirect failed because the redirect URI is not white-listed in the app's client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs. Facebook login setting: And below

问题 I created userinfo endpoint in my authorization server. @GetMapping("/userinfo") public Principal me(Principal principal) { return principal; } It returns this JSON: { ... "userAuthentication": { ... "principal": { "id": 2, "username": "xyz", "password": "......", "accountNonExpired": true, "accountNonLocked": true, "credentialsNonExpired": true, "enabled": true, "authorities": [ { "authority": "ROLE_DONOR" } ], "createdAt": "2019-11-08T20:50:46" }, ... "name": "xyz" }, ... "principal": { "id