spring-security-oauth2

问题 Getting 404 on authorizationcode and accesstoken service I am Trying to upgrade spring security oauth2 from 1.0.5.Release to 2.0.5.Release. I am using spring security 3.2.5 version,spring core 3.2.13 and spring oauth2 2.0.5.Release. Do we need spring 4 for spring-oauth2-2.0.5.Release? Do I need to use java config for spring-oauth2-2.0.5.Release? When I use the same xml config which works in 1.0.5 doesnot work in spring-oauth2-2.0.5.Release? 回答1: Do we need spring 4 for spring-oauth2-2.0.5

问题 I have a Spring application ( let's call it A for Authentication ) used as an authentication server. A is enabling SSO for two other applications ( B for Business and C for Client ). SSO authentication is done by redirection : a User goes to the B or C URL, he is redirected to the A login page for Authentication. Once logged in, he is redirected back to the B or C application. The redirection is done using the redirectUrl parameter in the org.springframework.security.web.savedrequest

问题 I'm trying to set up a spring boot app that uses oauth2 with Active Directory Federation Services as the authentication provider. I started with the tutorial here... https://spring.io/guides/tutorials/spring-boot-oauth2/ ... and got the facebook example to work. Then, I started adapting it to work with ADFS. It is close to working, but ADFS expects a resource parameter to be passed with the authorization request and I can't figure out how to set it. Here's what I've got so far in the config..

问题 Having the following web.xml class based configuration: public class WebApp extends AbstractDispatcherServletInitializer { @Override protected WebApplicationContext createServletApplicationContext() { AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); context.scan(ClassUtils.getPackageName(getClass())); return context; } @Override protected String[] getServletMappings() { return new String[]{"/api/*"}; } @Override protected WebApplicationContext

问题 I am newbie to OAuth2 and understood its implementation theoretically very well. I followed this link to handle OAuth2 callback URL Build Authorization Callback Handler. But i am using Spring Security in my project, so i don't have to do much work myself. I am using salesforce API. Whenever there is UserRedirectionRequiredException , the spring security OAuth2's ClientContextFilter handles it and redirects for authorization.It all works very Well. I am able to get contacts , tags from

问题 I try to configure Spring Security OAuth2. I have to authentication manager : clientAuthenticationManager and authManager . If I understand correctly clientAuthenticationManager is used to client authorization (by client id and client secret) and authManager is used to user authorization (by user login and password) am I right? But when I debug my application I see when I send http://localhost:8080/myApp/oauth/token request that autorization is made by authManager (not

问题 I am using @Secured("ADMIN"), my role definition is also ADMIN (not ROLE_ADMIN). When I access the API, I am not getting the expected value, it says access denied. Below is the code, how I have overridden ROLE_ value @PostMapping("/users") @Loggable @Secured({"Administrator"}) public ResponseEntity<?> createUser( @Valid @RequestBody User userRequest) { ..... } Implemented CustomAccessDecisionManager where the role prefix (setRolePrefix("")) was set to empty and the CustomDecisionManager was

问题 I am using Oauth2 with spring boot 1.5.2.RELEASE. When I am trying to override the configure method of the ResourceServerConfigurerAdapter class it gives me a compilation error. But this is working fine with Spring boot 1.2.6.RELEASE. Below is my code, @Override public void configure(HttpSecurity http) throws Exception { http .exceptionHandling() .authenticationEntryPoint(customAuthenticationEntryPoint) .and() .logout() .logoutUrl("/oauth/logout") .logoutSuccessHandler

问题 Following the sample from Spring Boot: example code from GitHub everything seems to work fine. But when I integrate Spring Boot Security OAuth2 in the project, my OAuth2 endpoints stop working. There's a warning in the logs: 2017-05-04 08:56:24.109 WARN 2827 --- [nio-8080-exec-1] o.glassfish.jersey.servlet.WebComponent : A servlet request to the URI http://127.0.0.1:8080/oauth/token contains form parameters in the request body but the request body has been consumed by the servlet or a servlet

问题 I'm using spring-security-oauth2-client for the authentication in my project, but the library expects a "token_type" to be present in the response of the POST-request to https://www.linkedin.com/oauth/v2/accessToken. The library is built following the OAuth2 convention, but LinkedIn is not following this convention. The AccessToken convention: https://tools.ietf.org/html/rfc6749#section-5.1 Does anyone have a fix for this problem? I temporarily cloned one of the child libraries of spring