spring-security-oauth2

问题 I am new to Spring Boot, and I am trying to configure OAuth 2.0. The problem I am having at this moment is that I keep getting the following message when I attempt to request for an access token: { "error": "invalid_grant", "error_description": "Bad credentials" } The error message in the Spring Boot console says that the user cannot be found. : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider : User 'stromero' not found : Returning cached

问题 I have implemented oAuth2 with spring security and it is working fine for me. But Now I want to create user token from back-end manually without password. Because I have only username of user. Can any one help me. 回答1: Got Answer!!! HashMap<String, String> authorizationParameters = new HashMap<String, String>(); authorizationParameters.put("scope", "read"); authorizationParameters.put("username", "user"); authorizationParameters.put("client_id", "client_id"); authorizationParameters.put(

问题 Im trying to split the resource server from the authorization server in spring-boot. I have two different applications that i'm running separately. In the authorization server i can get the bearer token from oauth/token but when i'm trying to get access to the resource(sending the token in header) i'm getting an invalid token error. My intention is to use the InMemoryTokenStore and the bearer token. Can anyone tell me what is wrong in my code? Authorization Server: @SpringBootApplication

问题 I have implemented JWT and LDAP Authentication using Spring Security Oauth2. It seems to be working fine and I can login with my LDAP credentials. Now, there is one requirement that I need to use the currently logged in user info to save details in database - specifically like when that user add/update a new record. I tried to get that using Spring security way using SecurityContextHolder.getContext().getAuthentication().getDetails() but it doesn't return all that information which I have in

问题 I want my server be a ResourceServer, which can accept a Bearer Access token However, If such token doesn't exist, I want to use the OAuth2Server to authenticate my user. I try to do like: @Configuration @EnableOAuth2Sso @EnableResourceServer public class SecurityConfiguration extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated(); } } However, in this case, only the

问题 I'm attempting to implement an API with resources that are protected by either Oauth2 OR Http-Basic authentication. When I load the WebSecurityConfigurerAdapter which applies http-basic authentication to the resource first, Oauth2 token authentication is not accepted. And vice-versa. Example configurations: This applies http-basic authentication to all /user/** resources @Configuration @EnableWebMvcSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private LoginApi

问题 I currently use Jpa via Hibernate in my application. Since spring security oauth2 provides JdbcTokenStore, I started using it. But the problem with that is, I cannot use cache (which all my entities in the application currently share). It hits the database in a separate flow. I am thinking implementing JpaTokenStore thats backed by Jpa & leverage the cache advantages that comes with it. Did anyone try implementing this/see any downsides using this approach? 回答1: There is nothing stopping you

问题 In previous versions of OAuth2 it was possible to add a custom token granter by adding it to the xml configuration in the <authorization-server> element. I wonder how I could extend the authorization server with Java Config using a AuthorizationServerConfigurerAdapter, without losing the default configuration, which contains the implicit, client credentials, refresh token and authorization code grant types. First attempt was using creating the TokenGranter with @Component: @Component(

问题 OAuth2ProtectedResourceFilter in org.springframework.security.oauth2.provider.filter: Collection<String> resourceIds = auth.getClientAuthentication().getResourceIds(); if (resourceIds!=null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) { throw new InvalidTokenException("Invalid token does not contain resource id ("+resourceId+"): " + token); } I think it is not useful. What does this code check for? 回答1: Based on what I've gathered, it is the id of the resource service. It

问题 I would have one question regarding the configuration of spring-security-oauth2 2.0.7 please. I am doing the Authentication using LDAP via a GlobalAuthenticationConfigurerAdapter: @SpringBootApplication @Controller @SessionAttributes("authorizationRequest") public class AuthorizationServer extends WebMvcConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(AuthorizationServer.class, args); } @Override public void addViewControllers(ViewControllerRegistry registry)