spring-security-oauth2

问题 Hi I am creating the AuthorizationServerConfigurerAdapter authentication server with Spring Oauth2. I have selected JdbcTokenStore and set the TokenStore database as OrientDb. Here is how I am defining clientDetailsService @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { // @formatter:off DataSource dataSource = DataSourceBuilder.create() .driverClassName("com.orientechnologies.orient.jdbc.OrientJdbcDriver") .url("jdbc:orient:remote:localhost/pricewiz

问题 Is it possible to completely skip login page (default/custom) and directly go to authorization endpoint for authentication: @EnableWebSecurity public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .oauth2Login() .loginPage("/login/oauth2") ... .authorizationEndpoint() .baseUri("/login/oauth2/authorization") .... } } 回答1: I could NOT remove the default/custom login page of spring security but

问题 Actually We have following flow and scenario to poll data in to my Spring boot App Active Directory --> Keycloak --> Spring boot App Here we are able to poll data in but in future if there is any record change in Active Directory keycloak has a provision to poll data in it's DB periodically but the same changed (Newly Added /Deleted /Updated ) records from key cloak to Spring boot application there is some eventing option but I do not see how and where to implement it ? I suppose there should

问题 I have a server running and I want to connect an android client to the server with spring's oauth2. I use Android Studio. My problem is related to the gradle configurations, which I don't know how it should be. Problem : When I run the app, I get this error: Error:Execution failed for task':app:transformDexArchiveWithExternalLibsDexMergerForDebug'.> com.android.builder.dexing.DexArchiveMergerException: Unable to merge dex I have seen many other questions with the same problem, I tried the

问题 I have two different Spring Boot Applications that run on localhost on different ports (8080, 8081) and different configs (application.yml). These apps use SSO with OAuth 2.0 to get authorization token from Authorization Server. I log in to my first application, get authorization and everything works great here. Now I need to share these authentication details with second Spring Boot App (on port 8081) to authorize second app in Authorization Server. Googled and found 2 aproaches: I can try

问题 After upgrading our authentication server from Spring Boot 1.5.13 to 2.1.3 it stopped redirecting after successful logins. It tries to reload the /login page now. I created a web site, proxy server and authentication service in GitHub to demonstrate the problem. For this integration test, create a PCF Space that includes a service registry and these micro-services: Angular Example - If you bypass the proxy and go to the angular example route the page loads. TRY IT. Authentication Example - If

问题 With this reference to the Spring OAuth2 Client docs: And the following section: If you desparately need password grants to work from a Java client, then use the same mechanism to configure your OAuth2RestTemplate and add the credentials to the AccessTokenRequest (which is a Map and is ephemeral) not the ResourceOwnerPasswordResourceDetails (which is shared between all access tokens). How can the credentials be added to the AccessTokenRequest? Or more generally, how can I get a reference to

问题 I would like to override the CheckTokenEndpoint to provide my own custom output as Map to the resource server. I have tried the following, but not working. Introducing new custom controller for (/oauth/check_token), but Spring rejects this custom and registers its own. Overriding bean definition for bean 'checkTokenEndpoint' with a different definition: replacing [Generic bean: class [com.datami.auth.security.CheckTokenEndpoint]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0

问题 Let me explain my use case. I need to have a spring boot oauth2 client application (not a resource server As we already have a separate resource server). Also I have following requirements: For each out going request to resource server, we need to send id_token. (Done by customizing resttemplate). For any request, no matter if it invokes resource server or not, If access token is expired my application must refresh it automatically (without any user intervention like any popup or redirection.

问题 I set an additional information by using OAuth2AccessToken enhance. I can see the additional information in the token but how can I get that list in my services class? public final class CustomTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance( OAuth2AccessToken accessToken, OAuth2Authentication authentication) { Map<String, Object> additionalInfo = new HashMap<>(); List<String> companies = new ArrayList<>(); companies.add("Company 1"); companies.add("Company