spring-security-oauth2

We are developing an application in a microservice architecture, which implements signle sign-on using Spring Cloud OAuth2 on multiple OAuth2 providers like Google and Facebook. We are also developing our own authorization server, and will be integrated on next release. Now, on our microservices, which are resource servers, I would like to know how to handle multiple token-info-uri or user-info-uri to multiple authorization servers (e.g. for Facebook or Google). This type of situation is generally solved by having a middle-man; a single entity that your resource servers trust and that can be

Is it possible to combine authoryzation and authentication by login basic and by oauth2 in one application? My project is based on jhipster project with simple spring security session login, now i need add oauth2 security for mobile app and it's look like it is not possible. Now i have situation when work one of them, oauth2 ok if WebSecurityConfigurerAdapter had bigger order number than ResourceServerConfiguration. That's mean if oauth security filter is first. I read a lot in stackoverflow and try many solution like: Spring security oauth2 and form login configuration for me thats one don't

In switching from Spring Cloud Brixton.M5 to Brixton.RC1 my ZuulProxy no longer passes Authorization headers downstream to my proxied services. There's various actors in play in my setup, but most all of them are fairly simple: - AuthorizationServer: runs separately; hands out JWTs to clients - Clients: get JWTs from OAuth server; each with access to a subset of resources. - ResourceServers: consume JWTs for access decisions - MyZuulProxy: proxies various resource servers; should relay JWTs. It should be noted that MyZuulProxy has no security dependencies whatsoever; It passed the

How do I add the custom UserDetailsService below to this Spring OAuth2 sample ? The default user with default password is defined in the application.properties file of the authserver app. However, I would like to add the following custom UserDetailsService to the demo package of the authserver app for testing purposes: package demo; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core

I'm using Spring Security OAuth2. The client application (that we own) makes a "password" grant request that passes the user's username and password. Just like the draft specifies. I need this mechanism to also support other types of credentials, like card number, PIN, and even a pre-authenticated, password not required grant. Please keep in mind, these requests will only be permitted by a privileged client_id, one that will only be used from the application we own. Dave, thanks for the quick response. I actually found the perfect solution, one which you took part in. It has to do with "custom

I am developing a client-server application based on Spring 4.3 and Angular (TypeScript) 4.3, in a CORS scenario where, in production, server and client are on different domains. Client ask for REST server APIs via http requests. 1. REST AND OAUTH CONFIGURATION: The server exposes REST APIs: @RestController @RequestMapping("/my-api") public class MyRestController{ @RequestMapping(value = "/test", method = RequestMethod.POST) public ResponseEntity<Boolean> test() { return new ResponseEntity<Boolean>(true, HttpStatus.OK); } } Protected by Oauth2 as explained on spring documentation. Obviously I