spring-security-oauth2

问题 As context, I've been trying to get a fairly simple @SprintBootApplication with an additional @EnableOAuth2Sso annotation integrated with WSO2 Identity Server for quite some time now. In my mind getting this working should be a matter of configuration (as advertised on Spring Cloud Security) - but I've had no luck thus far. In an effort to understand what is going on I've used my debugger to step through spring-security-oauth2 code to figure out what is going on. In doing so I've noticed that

问题 We have an application which is using spring-security-oauth2:1.0 . I was trying to change it to a newer version, spring-security-oauth2:2.0.7.RELEASE . Some classes were removed, some package structure is changed, I managed to sort out all those things and I was able to start the server without any issue. But I am facing a strange issue here. With OAuth2 - 1.0 version , when the user logs in we used to do a GET request on /oauth/token , For example : http://localhost:8080/echo/oauth/token

问题 I have an application which has @EnableOAuth2Sso on the WebSecurityConfigurerAdapter After adding @EnableOAuth2Sso the application redirects me to the authorization server and allows access after login at this authorization server. I want to offer API access as well, so i want applications be able to access my resources by passing an accesstoken via the Authorization-Header Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9... I debuged through the authentication filter which is used

问题 I am investigating microservice architecture. I chose the spring cloud framework. My application shema looks like this: Also I have discovery server eureka but I decided to skip on the picture to simplify it. Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud Problem explanation: hello world service: @GetMapping("/helloWorld") @HystrixCommand(fallbackMethod = "reliable") public String hello() { return this.restTemplate.getForObject("http://hello

问题 I'm developing an single-page with Javascript+AngularJS on the client side and Spring MVC + Spring Security OAuth2 on the server side. Spring MVC acts as a REST controller for any AJAX requests from the page. For authorization, the script sends an "Authorization: Bearer ..." headers with each AJAX request. This works fine when requesting small amounts of data. To download XML files (export user data) I download them via AJAX, using the OAuth2 headers and create a Blob to allow saving the file

问题 I've been working for a few days to attempt to implement oauth2 protection on a REST API. I've tried a ton of different configurations but still haven't managed to get it to work. I'm proving the code that I have right now, but I'm in no way married to this implementation. If you can show me some radically different way to accomplish what I want to accomplish, great. My flow looks like this: Client checks Auth Server, gets token. Client sends token to Resource Server. Resource Server uses

问题 Complete code for a Spring OAuth2 implementation of multi-factor authentication has been uploaded to a file sharing site that you can download by clicking on this link. Instructions below explain how to use the link to recreate the current problem on any computer. A 500 point bounty is offered. THE CURRENT ERROR: An error is being triggered when a user tries to authenticate using two factor authentication in the Spring Boot OAuth2 app from the link in the preceding paragraph. The error is

问题 In a Spring Boot application, I have an OAuth2 Authorization/Resource servers. Based on this and Spring Security, I have secured my Spring MVC REST API endpoints. In addition to this, I'd like to add authentication to my REST endpoints based on 3rd party OAuth providers like Twitter, Facebook, Google. In my application I have two entities - User and SocialUser . SocialUser represents user profile in social networks. User can have 0-* associated SocialUsers . Right now I can authenticate a

问题 We have a entitlements database which has application id, roles and users mapped to roles per application. Following the advice on thread how do I map user roles to oauth2 scopes/authorities based on resourceId? Ignoring the entitlements database I mentioned above do I map roles "USER", "READER", "WRITER" to oauth2 scopes/authorities based on user and resourceId in below code? User Authentication/Authorization Config @Configuration @Order(-10) protected static class LoginConfig extends

问题 I'm considering to use OAuth2 for my application. The architecture I'm trying to implement is as follows: I will have my own (and only this) Authorization Server Some Resource Apps validating access to their resources using the Authorization Server Some client apps (web, mobile) which will redirect the user to the Authorization Server for authentication and on success will consume the api's on the Resource Apps. So far I have managed to implement this interaction between 3 basic apps (1 auth