spring-security-oauth2

问题 Im upgrading from spring-security-oauth2 1.0.5 to 2.0.5, is there any tutorial or good description of the differences to start with this? Im having a lot of issues because I have several customization's and all of them failed because there are a lot of differences and things like AuthorizationRequestHolder doesnt exists anymore and it is not easy to change it for simple AuthorizationRequest objects. Thanks 回答1: The main thing I noticed that changed was the token stores packages where changed

问题 I am following the Spring guide at https://github.com/spring-guides/tut-spring-boot-oauth2/tree/master/logout and applying that to my own example application. I authenticate via GitHub oauth2 app. If I log out, I expect not to be able to access protected url's after but I can. I am not sure how to debug this because so much is built in and I "just" have to extend the http configuration to handle logout. I would expect to have to authenticate again or at least for the application to get

问题 I am new in Spring Security, I need implement in my application JWT authentication. So I made this code by OAuth2 guide on spring site. It is working nice, but by default is using SHA256 signing algorithm. Can you tell me how to change my code, to using SHA512, or some other algorithm? Thanks. Here is my implementation: @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Value("${security.signing-key}") private String signingKey; @Value("$

问题 I'm currently trying to set up a basic OAuth2 authentication with Spring Boot, following some tutorials. However right now I'm getting some strange Bean creation error that refers to a circular dependency. Looking at the stacktrace it seems that it has something to do with the way I create the AuthenticationManagerBean . I have however no clue how to solve the problem. I already tried to create a customAuthenticationManagerBean but then resulted in the same error. Can somebody give me a hint

问题 I am trying to create Authorization server and resource server. When tried to get access token from Authorization server its working and getting access token with following details. { "access_token": "5ffbc2d7-2a27-4f08-921f-f7de2410b5f5", "token_type": "bearer", "refresh_token": "d0fb85b3-52e0-45e0-84dc-ed38d55176a6", "expires_in": 599, "scope": "READ", "authorities": [ { "authority": "delete_profile" }, { "authority": "update_profile" }, { "authority": "read_profile" }, { "authority":

问题 I am getting the error: "error": "invalid_grant", "error_description": "Bad credentials" Here is the request which I make: POST /oauth/token HTTP/1.1 Host: localhost:8443 Authorization: Basic bW9iaWxlOg== Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded username=admin&password=pass&client_id=mobile&grant_type=password&client_secret= My code is from here: https://github.com/juleswhite/mobilecloud-14/tree/master/examples/9-VideoServiceWithOauth2 Here is the code:

问题 We are using spring API security in a spring boot application. We have implemented two level of security which is page level and also API level. We support both login from our own application and SSO login. we also skiping two apis from authN ( api/login and /api/token) I have few questions regarding the architecture. Number 1: We have our own login which will get input as userName and password for authentication and returns an access token. How can I add SSO(Single Sign On) to this API?

问题 I am currently trying to bypass the approval/denial step of the access authorization process in Spring Security OAuth2 since a previously authorized access (for a specific client_id and user_id) should be memoized and allow the OAuth-app to be redirected to the client-app without the user being asked each time for his approval. <version.spring-security>3.2.0.RELEASE</version.spring-security> <version.spring-security-oauth>1.0.5.RELEASE</version.spring-security-oauth> So I have an

问题 I am using the following: spring 4.2 spring security 4.0.2 spring oauth2 2.0.7 I am trying to configure a single server which handles: general MVC stuff (some protected and some not) authorization server resource server It seems like the resource server configuration is not limited to /rest/** but is overriding ALL security configuration. i.e calls to protected NON-OAuth resources are not being protected (i.e. the filter is not catching them and redirecting to login). The configuration (I

问题 I have created my j hipster application called Bookstore.After running my application it will go authentication . i need not this authentication .if there is any way to open my application without j hipster log in page? 回答1: In the path "app/config" there is the class MicroserviceSecurityConfiguration.class Change the permissions there, in the case ("/api/**").Authenticated() for ("/api/**").permitAll() 回答2: Assuming you want to build an application that keeps JHipster admin features: Remove