spring-security-oauth2

I am using Spring Security OAuth2 2.0.7.RELEASE. As i am using ORM to connect to my database and default JdbcUserDetailsManager uses jdbc i wanted to implement my own UserDetailsService, which is @Service public class UserService implements UserDetailsService { @Override public UserDetailsService loadUserByUsername(String username) throws UsernameNotFoundException { // I tested this logic and works fine so i avoid this lines return userDetailsService; } } Besides, i've modified authorities schema as follows: mysql> describe authorities; +--------------+---------------------+------+-----+------

We are building an Angular Material application, consuming a RESTful Spring MVC API, with Spring Security & OAUTH2. For testing purpose, we gave ROLE_ANONYMOUS access to our /users endpoint: <intercept-url pattern="/users" method="POST" access="ROLE_ANONYMOUS"/> But when we try to send a JSON by POST, we still get a 401 response from the server. This is not happening with non-angular clients like Postman. If we disable the Spring Security filter, everything works fine. GET requests to the same endpoint also work fine. This is our app.config: angular.module('App') .constant('RESOURCES',

OAuth2ProtectedResourceFilter in org.springframework.security.oauth2.provider.filter: Collection<String> resourceIds = auth.getClientAuthentication().getResourceIds(); if (resourceIds!=null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) { throw new InvalidTokenException("Invalid token does not contain resource id ("+resourceId+"): " + token); } I think it is not useful. What does this code check for? Based on what I've gathered, it is the id of the resource service. It becomes more clear when you consider separating your oauth token provider servlet and your resource servers

There is a guide how to implement OAuth2 using Spring and Spring Boot https://spring.io/guides/tutorials/spring-boot-oauth2/ I need to store OAuth2 information like accessToken, refreshToken in my database for future use. Right now I can only get accessToken. I can't figure out how to get refreshToken based on this guide. What is the proper way to get refreshToken using approach described in this guide ? UPDATED I have an access to refreshToken in OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication method but only accessToken is paased to ResourceServerTokenServices

I have written a sample spring application which have some rest services protected using spring-security-oauth2 . Now I want to move these services to the original application which uses spring security form login. In the original application I want rest services to be protected from spring-security-oauth2 and other spring controllers to be protected using a form login. What I want to know is, is this approach is right or wrong, if right, how could I complete this action. This is Sample app codes, which uses ouath2, @Configuration @EnableWebSecurity public class WebSecurityConfiguration

I try to use the approach, described here https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout : So I have following backend codebase: @EnableAutoConfiguration @Configuration @EnableOAuth2Sso @Controller public class ClientApplication extends WebSecurityConfigurerAdapter { private Logger logger = LoggerFactory.getLogger(ClientApplication.class); @RequestMapping("/hello") public String home(Principal user, HttpServletRequest request, HttpServletResponse response, Model model) throws ServletException { model.addAttribute("name", user.getName()); return "hello"; } @Override