spring-security-oauth2

问题 I'm attempting to implement OpenId Connect sign-on in a Spring Boot 1.3.0 application with Spring Security 3.2.5 on Spring Framework 4.2.3. The implementation is very similar to this question: Protecting REST API with OAuth2: Error creating bean with name 'scopedTarget.oauth2ClientContext': Scope 'session' is not active, except that I've implemented the suggested bean for the RequestContextFilter . @Configuration @EnableOAuth2Client public class OpenIdConnectConfig { @Value("${oidc.clientId}"

问题 I'm developing an web application with Spring Boot using Azure AD and OAuth2.0 for authentication to secure up the backend. If I log-out via for example the Outlook Web App, my web application should register this process and logout as well (at least if I reload or reopen the page). How do i implement that? Now the Web-Application seems as still logged in. Unfortunately I did not find an approach to implement this behavior consistently. Only if I use the self-implemented log-out button, it

问题 I have a native android client with OAuth2 authentication to my JHipster monolithic app. It worked properly with the JHipster version 5.7.2 , but now I am using version 6.0.1 and I am not been able to get the current user by using getAccount(Principal principal) method in AccountResource class. the object sent by keycloak is not an instance of OAuth2AuthenticationToken class, so I am getting a Exception "User could not be found" In the previous version I used to get a OAuth2Authentication

问题 I have a case where my authentication server is different whereas authorizaion and resource servers are same. I have created one dummy application where it works fine with same authentication and authrorization server but not when they are different. I can navigate to authentication server from Spring security but not sure how to pass the value that it is authenticated. 来源： https://stackoverflow.com/questions/55217881/oauth2-spring-security-resource-and-authorization-server-same-but-different

问题 I am trying to authenticate the user using the password flow in the latest version of Spring Security - 5.2. The docs seem to suggest how to do that. @Bean public OAuth2AuthorizedClientManager passwordFlowAuthorizedClientManager( HttpClient httpClient, ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository) { HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); requestFactory

问题 My goal is to perform a call to a REST webservice using an outbound gateway, this webservice needs a token provided by another web service. I've tried using Spring oauth without any luck since I am not sure how to integrate both frameworks. <int:chain input-channel="requestChannel"> <int-http:outbound-gateway url="https://webservice.url/..." http-method="GET" expected-response-type="java.lang.String" rest-template="restTemplate" /> ... </int:chain> <oauth:resource id="oauth1" client-id="admin

问题 I would like to have better control of the "state" param used in OAuth2 with spring security. DefaultStateKeyGenerator just returns a random 6 character string. AuthorizationCodeAccessTokenProvider has a setStateKeyGenerator but I'm not sure how to get an instance to call the setter. I find it strange that StateKeyGenerator takes an OAuth2ProtectedResourceDetails , but the default implementation just ignores it and there's no details on how to configure your own ~/repos/jtor > mvn dependency

问题 I'm trying to setup a very basic oAuth2 authentication in spring boot 2.x.x using either authorization code grant or implicit grant but I can't seem to access the Resource server (which resides in the same spring boot app as the Authorization server) after the token is obtained. Following is the configuration of WebSecurityConfigurerAdapter @EnableWebSecurity @Configuration public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { private static final String[] IGNORE_URIS =

问题 I have a set of micro-services, written using Springboot 1.5.6, which contain the business logic to be consumed by a SinglePageApplication. The task is to implement method based security for the Restful APIs using OAuth2 and providing both username-password based and social login based security. I created (with great difficulty and sub-par understanding) a new micro-service and implemented an Auth Server (AS), allowing username-password based authentication. I incidentally, also managed to

问题 Im trying to run my Spring MVC application but for some reason the GlobalAuthenticationConfigurerAdapter cant be found. Heres the code snippet: package co.uk.zohaibkhan.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security