spring-security-oauth2

Getting 404 after oauth2 authentication success and an anonymous token

☆樱花仙子☆ 提交于 2019-12-10 15:25:40
问题 I am using oauth2 with springboot 1.5.6.RELEASE and I am using jdbc authentication with oauth2. I added the property: security.oauth2.resource.filter-order = 3 1- AuthorizationServerConfigurerAdapter: @Configuration @EnableAuthorizationServer public class OAuth2Config extends AuthorizationServerConfigurerAdapter { @Autowired @Qualifier("authenticationManagerBean") @Lazy private AuthenticationManager authenticationManager; @Autowired private Environment env; @Override public void configure

How to generate a JWT access token with some custom claims in it?

浪尽此生 提交于 2019-12-10 13:11:28
问题 I'm trying to have my authorization server generate a JWT access token with some custom claims in it. Here is what the Bearer token returned by the authorization server /auth/token endpoint looks like: 51aea31c-6b57-4c80-9d19-a72e15cb2bb7 I find this token a bit short to be a JWT token and to contain my custom claims... And when using it in subsequent requests to the resource server, it complains with the error: Cannot convert access token to JSON I'm using the following dependencies: <parent

Spring deferred result & request scoped bean(Oauth2ClientContext) in the web filter

微笑、不失礼 提交于 2019-12-10 10:39:22
问题 From my controller I'm returning deferred result which is filled by another thread: FooController.java @RequestMapping("/deferred") public DeferredResult<String> deferred() throws InterruptedException, ExecutionException{ DeferredResult<String> deferred = new DeferredResult<>(); pagePreparer.setResult(deferred); return deferred; } PagePreparer.java @Async public void setResult(DeferredResult<String> result){ try { logger.debug("Execute method asynchronously - " + Thread.currentThread()

Spring Boot OAuth2 implicit flow + form login and Request method 'POST' not supported error

不想你离开。 提交于 2019-12-10 10:33:23
问题 In my Spring Boot application I'm trying to configure OAuth2 implicit flow. For this purpose I'm trying to configure custom login form. This is my config: @Configuration public class WebMvcConfig extends WebMvcConfigurerAdapter { @Override public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { configurer.enable(); } @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/").setViewName("index"); registry

Spring OAuth2 refresh token to change after refreshing access token

会有一股神秘感。 提交于 2019-12-10 04:47:49
问题 I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token with grant_type=refresh_token , however, spring returns same refresh token. I am wondering if there is a way to get a new refresh token when calling oauth endpoint to refresh access token? 回答1: By taking a look at refreshAccessToken method in the DefaultTokenServices class: public OAuth2AccessToken refreshAccessToken

How to enable Bearer authentication on Spring Boot application?

杀马特。学长 韩版系。学妹 提交于 2019-12-09 16:02:25
问题 What I am trying to achieve is: users, authorities, clients and access tokens stored in a database (i.e. MySQL) accessed via jdbc API exposes endpoints for you to ask "can I have an OAuth2 bearer token? I know the client ID and secret" API lets you access MVC endpoints if you supply a Bearer token in your request header I got pretty far with this — the first two points are working. I was not able to use a completely default OAuth2 setup for my Spring Boot application, because the standard

Does OAuth2 allow for authorization using non-password or custom credentials?

空扰寡人 提交于 2019-12-09 11:22:34
问题 I'm using Spring Security OAuth2. The client application (that we own) makes a "password" grant request that passes the user's username and password. Just like the draft specifies. I need this mechanism to also support other types of credentials, like card number, PIN, and even a pre-authenticated, password not required grant. Please keep in mind, these requests will only be permitted by a privileged client_id, one that will only be used from the application we own. 回答1: Dave, thanks for the

Spring Oauth2 Authorization Server

帅比萌擦擦* 提交于 2019-12-09 05:40:50
问题 I setting the Spring Configuration Below: @EnableAuthorizationServer @EnableWebSecurity @Configuration public class Oauth2Provider extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer { /* * @Autowired private TokenStore tokenStore; */ @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser(

Configuring resource server with RemoteTokenServices in Spring Security Oauth2

梦想与她 提交于 2019-12-09 01:16:56
问题 I'm trying to implement a authorization server and a resource server using spring security oauth2. So far i've managed to setup the authorization server and since i dont want to share a jdbc token store i'm trying to use the remoteTokenService to validate my tokens @ resource server. But i'm getting a 401 error every time i try to access a resource REST method. I'm using xml configuration to setup spring security due to the nature of the project. I've tried with a another sample project using

Spring Security OAuth 2 with form login

百般思念 提交于 2019-12-08 22:13:32
I'm trying to configure my Spring boot application to use a form login, and to verify the credentials using an OAuth 2 authorization server (sending the credentials from the form login to the user authorization URL. However, when I'm using the following SecurityConfig and I go to a resource, rather than using a form login it redirects to the authorization server, asking for my credentials (using basic authentication) and then redirects back to the application itself. I'm using the following SecurityConfig : @Configuration @EnableOAuth2Sso public class SecurityConfig extends
订阅 spring-security-oauth2