spring-security-oauth2

问题 I am migrating from Spring Boot 1.4.9 to Spring Boot 2.0 and also to Spring Security 5 and I am trying to do authenticate via OAuth 2. But I am getting this error: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null From the documentation of Spring Security 5, I get to know that storage format for password is changed. In my current code I have created my password encoder bean as: @Bean public BCryptPasswordEncoder passwordEncoder() { return new

问题 I am adding spring security oauth2 to my spring boot application. I have followed a few of the examples on the web and in github from the spring team (had to make some mods for my use case), but I am still not able to return an oauth2 access token from the /oauth/token endpoint. I have been working on this for several days and started off trying to do it in JavaConfig, but then switched to xml config and was able to make some progress. I should note the only config I am doing in xml is the

问题 I am trying to redirect a user who have been authenticated to another page other than the home page. I am using spring boot 1.5.6 and Oauth 2. User is authenticated but was redirected to the home page. I don't understand why this is happening. Please, someone should help me. Some answers to related problem on stackoverflow and the internet didn't help me. Here is my SecurityConfig file @Configuration @EnableGlobalAuthentication @EnableOAuth2Client @EnableGlobalMethodSecurity(prePostEnabled =

问题 I am using spring security oauth2 for authentication for my android application clients.When the client request comes with grant_type as password the server issues the access token and refresh token.If the access token expires i can issue a new access token by sending a request with grant_type as refresh_token.Now what will i do if my refresh token expires?I dont want to prompt the users to authenticate again using his credentials.So is there a way to issue a new refresh token along with the

问题 What is the best way to run Spring Boot integration tests agains a OAuth Resource server configured web application. I can think of two theoretical approaches: Mock the security context in the resource server without acutally calling the Authorization server. Embed the Authorization server as part of the test and redirect the authentication to it. I was wondering how others have approach this problem. 回答1: I use spring security 4.x @WithSecurityContext('user') annotation to create mock

问题 Authorization code Grant : I know the code is short lived token exchanged for the real long-lived access token. I have gone through the Oauth 2.0 but could not find this information so asking here: What is the life cycle of code? Is it for only one-time use? How many times can a code be exchanged to get access token? What happen to a code after access token is given for that code? I am using oAuth 2.0 plugin on Kong API gateway. it is keeping the code alive for a particular time and multiple

问题 I'm securing Spring Cloud/Spring Boot microservices with OAuth2 and all seems nicely wired up in the Authorization Server. But when I send a POST request via postman to /oauth/token to obtain an access token with grant_type = client_credentials I get the following response: { "error": "invalid_client", "error_description": "Unauthorized grant type: client_credentials" } However in the oauth_client_details database table where OAuth Clients are registered, I have the following setup for the

问题 Does client_credentials grant type support a refresh token scenario? How should access_token expiry be handled when using client_credentials grant type? I have an authorization service and secured services behind a proxy service (Zuul with EnableOAuth2Sso ) which acts as a gateway for all requests coming from client application. Here is the flow I have: A proxy service (zuul) that accepts requests (rest api) from client application Proxy service invokes Authorization Service api by posting

问题 Good day, I have setup a working example implementing SSO & the API Gateway pattern (similar to what is described here https://spring.io/guides/tutorials/spring-security-and-angular-js/#_the_api_gateway_pattern_angular_js_and_spring_security_part_iv). The system consists of separate server components: AUTH-SERVER, API-GATEWAY, SERVICE-DISCOVERY, RESOURCE/UI SERVER. At the API-GATEWAY (implemented with Spring Boot @EnableZuulProxy @EnableOAuth2Sso) I have configured multiple OAuth providers,

问题 In a multi modules app I've defined 5 RequestMatchers mapped to the same FilterChain, like below: @Configuration public class Module1SecurityFilterChain extends ResourceServerConfigurerAdapter { @Override public void configure( HttpSecurity http ) throws Exception { http.sessionManagement().sessionCreationPolicy( STATELESS ); http.requestMatchers().antMatchers( "/module1/**") .and() .authorizeRequests() .antMatchers( "/module1/resource").authenticated() .antMatchers( "/module1/test" ).access(