spring-security-oauth2

Mapping user roles to oauth2 scopes/authorities

若如初见. 提交于 2019-11-28 10:52:33
We have a entitlements database which has application id, roles and users mapped to roles per application. Following the advice on thread how do I map user roles to oauth2 scopes/authorities based on resourceId? Ignoring the entitlements database I mentioned above do I map roles "USER", "READER", "WRITER" to oauth2 scopes/authorities based on user and resourceId in below code? User Authentication/Authorization Config @Configuration @Order(-10) protected static class LoginConfig extends WebSecurityConfigurerAdapter { .... @Override protected void configure(AuthenticationManagerBuilder auth)

Which plugin / module of Spring Sec OAuth should be used in Grails 3.x?

痴心易碎 提交于 2019-11-28 10:27:31
问题 I'm trying to migrate my Grails 2.5 project into Grails 3.1.4. In my old BuildConfig I was using the following: plugins { compile ':spring-security-core:2.0-RC5' compile ':spring-security-oauth:2.1.0-RC4' compile ':spring-security-oauth-facebook:0.2' compile ':spring-security-oauth-google:0.3.1' } Now my build.gradle looks like: dependencies { compile 'org.grails.plugins:spring-security-core:3.1.1' //compile 'org.grails.plugins:spring-security-oauth:2.1.0-RC4' //compile 'org.grails.plugins

Do I need resource server with Spring Security OAuth2?

核能气质少年 提交于 2019-11-28 09:31:43
问题 I am trying implement OAuth2 authentication with JWT tokens. If I understand, I need send credentials to authorization server, this verify my credentials, and return back signed JWT token. Next I tried implement WebSecurityConfig which extends WebSecurityConfigurerAdapter , and there I have to set which endpoints are secured and which aren't. But my question is: do I need resource server? It do same job as my potential WebSecurityConfig , or not? My goal is create simple JWT authentication

EnableOAuth2Sso simultaneously for multiple social networks

随声附和 提交于 2019-11-28 09:05:04
问题 I am implementing a spring boot application that needs to provide OAuth2 token authorization and support multiple social services (google+, facebook etc). The user should be able to select his preferred social network and sign-in using the OAuth2 authorization framework. I am implementing the above using the approach described here http://cloud.spring.io/spring-cloud-security/. Currently my application.yml looks like this spring: oauth2: client: clientId: {{my app's google id} clientSecret: {

Spring security OAuth2 accept JSON

点点圈 提交于 2019-11-28 07:52:15
I am starting with Spring OAuth2. I would like to send the username and password to /oauth/token endpoint in POST body in application/json format. curl -X POST -H "Authorization: Basic YWNtZTphY21lc2VjcmV0" -H "Content-Type: application/json" -d '{ "username": "user", "password": "password", "grant_type": "password" }' "http://localhost:9999/api/oauth/token" Is that possible? Could you please give me an advice? Solution (not sure if correct, but it seam that it is working): Resource Server Configuration: @Configuration public class ServerEndpointsConfiguration extends

Oauth2 cross origin solution

余生长醉 提交于 2019-11-28 06:43:44
问题 I'm having an rest application which is written using spring framework and using spring oauth2 for security.. And whenever I'm calling this rest services from my Angular App , I'm getting a CORS error.. both applications are running on my local machine(localhost) but with different port(8080 for backend java and 3000 for frontend).. I've added @crossorigin() in my controller of backend application and all the cross origin for resources APIs are fixed.. but for spring oauth2 authentication url

how to Secure Spring Boot RESTful service with OAuth2 and Social login

五迷三道 提交于 2019-11-28 06:25:12
问题 I am trying to use Angular 2 Front End application as a client which will consume the resource from Spring RESTful Web Service. So thought of protecting this web service with OAuth 2 authentication and Social Login (Google and Facebook). After successful login with Social Login it's not redirecting to the URL (port at which Angular 2 is running in local environment with 3000 port) from which I made the request but its redirecting to 8080 port in local environment localhost:3000 - Front End

Spring-Security-Oauth2: Full authentication is required to access this resource

送分小仙女□ 提交于 2019-11-28 05:20:11
I am trying to use spring-security-oauth2.0 with Java based configuration. My configuration is done, but when i deploy application on tomcat and hit the /oauth/token url for access token, Oauth generate the follwoing error: <oauth> <error_description>Full authentication is required to access this resource</error_description> <error>unauthorized</error> </oauth> My configuration is on Git hub, please click on link The code is large, so refer to git. I am using chrome postman client for send request. follwing is my request. POST /dummy-project-web/oauth/token HTTP/1.1 Host: localhost:8081 Cache

CORS issue with Google Oauth2 for server side webapps

心已入冬 提交于 2019-11-28 04:15:08
问题 I referred this question on SO: Google oauth 400 response: No 'Access-Control-Allow-Origin' header is present on the requested resource but the solution suggested is for Javascript web app using implicit grant flow . My setup is such that my front end is built on angular 4 but I package it and deploy it alongwith rest api on the same server. Si I am following the server side web app flow: https://developers.google.com/identity/protocols/OAuth2WebServer (In the below example the server port is

Integrate Spring Security OAuth2 and Spring Social

你说的曾经没有我的故事 提交于 2019-11-28 03:57:43
I'm working with a Spring Boot + Spring Security OAuth2 application that I believe was inspired by examples from Dave Syer. The application is configured to be an OAuth2 authorization server, with a single public client using the Resource Owner Password Credentials flow. A successful token is configured to be a JWT. The public Angular client sends a POST request to /oauth/token with a basic auth header containing the client id and secret (this was the easiest way to get the client to authenticate, even though the secret is not private). The body of the request contains username, password, and
订阅 spring-security-oauth2