spring-security-oauth2

问题 Using @EnableGlobalMethodSecurity(prePostEnabled = true) it seems that @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } @PreAuthorized has no effect: @PreAuthorize("permitAll()") @RequestMapping(value = "/users/change-email", method = RequestMethod.GET) public void changeEmail() { // .. } I have also moved the annotation into the service layer with the same result: @PreAuthorize(

问题 I'm working on integrating Spring Security OAuth2 with JWT tokens into a Spring Boot project. My authentication server is configured similar to what is found in this sample project. When the OAuth2 client performs the POST on /oauth/token it is unable to create the access token. The specific error logged is: o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: NoSuchBeanDefinitionException, No qualifying bean of type [org.springframework.transaction.PlatformTransactionManager] is defined

问题 I am implementing spring security with oauth2 and jwt. the below is my login function function doLogin(loginData) { $.ajax({ url : back+"/auth/secret", type : "POST", data : JSON.stringify(loginData), contentType : "application/json; charset=utf-8", dataType : "json", async : false, success : function(data, textStatus, jqXHR) { setJwtToken(data.token); }, error : function(jqXHR, textStatus, errorThrown) { alert("an unexpected error occured: " + errorThrown); window.location.href= back+'/login

问题 I am trying to implement Microservices architecture backend using Spring Boot 1.5.6.RELEASE and Spring Cloud Dalston.SR3 that would be consumed by mobile/web endpoints. API Gateway application @SpringBootApplicatio @EnableEurekaClient @EnableZuulProxy public class GatewayApplication { public static void main(String[] args) { SpringApplication.run(GatewayApplication.class, args); } } API security @Configuration @EnableWebSecurity @Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)

问题 How do I add the custom UserDetailsService below to this Spring OAuth2 sample? The default user with default password is defined in the application.properties file of the authserver app. However, I would like to add the following custom UserDetailsService to the demo package of the authserver app for testing purposes: package demo; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org

问题 I have build a Authentication Service and Webapplication in Spring 5 and Spring boot 2.0.0.M3 and I am trying to port it to Spring boot 2.0.0.M6 now. I noticed the @EnableOauth2Sso is not available anymore in spring-boot-autoconfigure ; I had used this annotation to configure my web application in spring boot 2.0.0.M3 fashion. I have looked into the examples on Spring for configurating the Oauth2 Client using @EnableOAuth2Client but the Configuration objects used in the examples like

问题 I have a simple project that requires the simple following configuration : I have a "password" grant_type, which means I can submit the username/password (that the user enters in my login form), and get an access_token on success. With that access_token, I can request an API and get the user's information. I know the URIs of the APIs, I don't want anything huge (I saw the configuration on https://github.com/spring-projects/spring-security-oauth/tree/master/samples) and it seems HUGE. I can

问题 I have a simple project that requires the simple following configuration : I have a "password" grant_type, which means I can submit the username/password (that the user enters in my login form), and get an access_token on success. With that access_token, I can request an API and get the user's information. I know the URIs of the APIs, I don't want anything huge (I saw the configuration on https://github.com/spring-projects/spring-security-oauth/tree/master/samples) and it seems HUGE. I can

问题 We are securing out REST services using spring security OAuth2. Applications can call into either the /oauth/authorize , /oauth/token or /rest-api endpoints. The token and rest-api endpoints are stateless and do not need a session. Can we invalidate the session after the user is authenticated? If so, what is the best approach. We want the user to sign-in always whenever a call to /oauth/authorize is made. Currently, calls to /oauth/authorize are skipping authentication whenever a session

问题 I try to use the approach, described here https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout : So I have following backend codebase: @EnableAutoConfiguration @Configuration @EnableOAuth2Sso @Controller public class ClientApplication extends WebSecurityConfigurerAdapter { private Logger logger = LoggerFactory.getLogger(ClientApplication.class); @RequestMapping("/hello") public String home(Principal user, HttpServletRequest request, HttpServletResponse response, Model