spring-security-oauth2

Thanks a lot in advance for reading this question. Setup I am using: spring-security-oauth2:2.0.7.RELEASE spring-cloud-security:1.0.1.RELEASE spring-session:1.0.1.RELEASE and would have a question regarding the persistence of spring-security-oauth2 OAuth2ClientContext in a Redis datastore when using spring-session (via @EnableRedisHttpSession ) in a Single-Sign-On ( @EnableOAuth2Sso ), reverse proxy ( @EnableZuulProxy ) gateway. Problem It seems to me that the SessionScoped JdkDynamicAopProxied DefaultOAuth2ClientContext created in org.springframework.cloud.security.oauth2.client

We have an application which is using spring-security-oauth2:1.0 . I was trying to change it to a newer version, spring-security-oauth2:2.0.7.RELEASE . Some classes were removed, some package structure is changed, I managed to sort out all those things and I was able to start the server without any issue. But I am facing a strange issue here. With OAuth2 - 1.0 version , when the user logs in we used to do a GET request on /oauth/token , For example : http://localhost:8080/echo/oauth/token?grant_type=password&client_id=ws&client_secret=secret&scope=read,write&username=john@abc.com&password

We're using the username-password grant to obtain an access token from our auth server. We want to refresh the access token before it expires using the provided refresh token until the user logs out or closes the client app. However I just cannot find any examples of how to issue this refresh token request.. To obtain the token we call something like: curl -v --data "grant_type=password&username=user&password=pass&client_id=my_client" http://localhost:8080/oauth/token So to refresh I'd expect the call to look like this: curl -v --data "grant_type=refresh_token&access_token=THE_ACCESS_TOKEN

I have Spring Boot (1.2.1.RELEASE) application that serves OAuth2 (2.0.6.RELEASE) authorization and resource server in one application instance. It uses custom UserDetailsService implementation that makes use of MongoTemplate to search users in MongoDB. Authentication with grant_type=password on /oauth/token works like a charm, as well as authorization with Authorization: Bearer {token} header while calling for specific resources. Now I want to add simple OAuth confirm dialog to the server, so I can authenticate and authorize e.g. Swagger UI calls in api-docs for protected resources. Here is

Let's consider a fairly simple hypothetical application where users can read or write posts. Some users can read and write articles while some others can only read them. With Spring Security (3.2.1) I modeled this by having 2 roles: ROLE_WRITE: this role grants users access to writing posts. ROLE_READ: this role grants users access to reading posts. Implementing this with Spring security is fairly straightforward... Now I want to also allow third-party apps to read and write posts on behalf of users by implementing an OAuth2 provider using Spring Security OAuth (version 2.0.0.M3 ATM) . During

I am investigating microservice architecture. I chose the spring cloud framework. My application shema looks like this: Also I have discovery server eureka but I decided to skip on the picture to simplify it. Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud Problem explanation: hello world service: @GetMapping("/helloWorld") @HystrixCommand(fallbackMethod = "reliable") public String hello() { return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class); } hello service: @GetMapping("/hello") public String hello(

In my Spring Boot application I have RESTful API and MVC web dashboard for administration. Is it possible to have both - Spring Security OAuth2 authentication/authorization(token based, stateless) for RESTful API and FormLogin(stateful) for Spring MVC web dashboard in a one application ? How to properly configure it with Spring Boot ? You need to configure your web security for form based login and Resource Server Security form REST Endpoints Here is a working configuration that uses single sign on with an Authorization Server deployed separately. @Configuration @EnableOAuth2Sso

I'm trying to migrate my Grails 2.5 project into Grails 3.1.4. In my old BuildConfig I was using the following: plugins { compile ':spring-security-core:2.0-RC5' compile ':spring-security-oauth:2.1.0-RC4' compile ':spring-security-oauth-facebook:0.2' compile ':spring-security-oauth-google:0.3.1' } Now my build.gradle looks like: dependencies { compile 'org.grails.plugins:spring-security-core:3.1.1' //compile 'org.grails.plugins:spring-security-oauth:2.1.0-RC4' //compile 'org.grails.plugins:spring-security-oauth-facebook:0.2' //compile 'org.grails.plugins:spring-security-oauth-google:0.3.1' }