spring-security-oauth2

问题 I'm trying to implement Feign Clients to get my user info from the user's service, currently I'm requesting with oAuth2RestTemplate, it works. But now I wish to change to Feign, but I'm getting error code 401 probably because it doesn't carry the user tokens, so there is a way to customize, if Spring support for Feign is using, a RestTemplate so I can use my own Bean? Today I'm implementing in this way The service the client @Retryable({RestClientException.class, TimeoutException.class,

问题 In my Spring Boot application I have RESTful API and MVC web dashboard for administration. Is it possible to have both - Spring Security OAuth2 authentication/authorization(token based, stateless) for RESTful API and FormLogin(stateful) for Spring MVC web dashboard in a one application ? How to properly configure it with Spring Boot ? 回答1: You need to configure your web security for form based login and Resource Server Security form REST Endpoints Here is a working configuration that uses

问题 I am using Spring Security's OAuth2 server implementation. I am trying to get the access_token from the servers' /oauth/token endpoint using the OAuth2 "Password" grant type by only supplying username and password and the client id without the client secret. This works fine as long as I provide the client id and the client secret in the Authorization header of my HTTP request like so: curl -u clientid:clientsecret http://myhost ... -d "grant_type=password&username=user&password=pw&client_id

问题 I am starting with Spring OAuth2. I would like to send the username and password to /oauth/token endpoint in POST body in application/json format. curl -X POST -H "Authorization: Basic YWNtZTphY21lc2VjcmV0" -H "Content-Type: application/json" -d '{ "username": "user", "password": "password", "grant_type": "password" }' "http://localhost:9999/api/oauth/token" Is that possible? Could you please give me an advice? 回答1: Solution (not sure if correct, but it seam that it is working): Resource

问题 I am using spring-boot-oauth2 with authorization_code flow and @EnableZuulProxy .I followed the example from tut-spring-security-and-angular-js with oauth2. I set 60 seconds to access_token_validty for development purpose. Everythings work fine until access token is still valid. But when access token was expired (I waited a moment to expire it), I got exception as below.. WARN SendErrorFilter:78 Error during filtering com.netflix.zuul.exception.ZuulException: Filter threw Exception at com

问题 I am using spring-boot-oauth2 with authorization_code flow and @EnableZuulProxy .I followed the example from tut-spring-security-and-angular-js with oauth2. I set 60 seconds to access_token_validty for development purpose. Everythings work fine until access token is still valid. But when access token was expired (I waited a moment to expire it), I got exception as below.. WARN SendErrorFilter:78 Error during filtering com.netflix.zuul.exception.ZuulException: Filter threw Exception at com

问题 I am creating a spring boot 2 OAuth2 client/server application. The authorization server successfully logins and redirects to the client, but when the client receives the redirect (http://localhost:8080/login/oauth2/code/xe?code=ACK4Ae&state=Jw-dCGYvJa6QV-fcoTGjgY-6FyUyJHa-HBjWdsp3HM4%3D) the client browser displays: Your login attempt was not successful, try again. Reason: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be

问题 I am creating a spring boot 2 OAuth2 client/server application. The authorization server successfully logins and redirects to the client, but when the client receives the redirect (http://localhost:8080/login/oauth2/code/xe?code=ACK4Ae&state=Jw-dCGYvJa6QV-fcoTGjgY-6FyUyJHa-HBjWdsp3HM4%3D) the client browser displays: Your login attempt was not successful, try again. Reason: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be

问题 I've a Spring backend with Spring OAuth2 and Angularjs client. Plain username/password password grant is no brainer. But what happens when I want the user also to be able to login with another oauth provider such as FB. I imagine the following flow: First retrieve FB access token from the angular client. Post that token somehow as a password grant request to the spring endpoint From backend fetch userId using the token from FB. Find user with same fb userId. If found create securityContext

问题 I have a project with Spring security and Oauth2. On the resource server I have the following configuration: @Configuration public class SecurityConfiguration extends ResourceServerConfigurerAdapter { @Override public void configure(final HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests().antMatchers("/info", "/health", "/h2-console/**").permitAll() .anyRequest().authenticated() .and().headers().frameOptions().disable(); } } I have the following extractors: