spring-security-oauth2

问题 I have a requirement to use two different authorization servers (two Okta instances) to validate authentication tokens coming from two different web applications inside a single Spring Boot application which is a back-end REST API layer. Currently I have one resource server working with the following configuration: @Configuration @EnableWebSecurity public class ResourceServerSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws

问题 I'm trying to implement the example from the book OAuth-2.0-Cookbook using Spring cloud OAuth2. I managed to implement his functionality but unfortunately I'm facing a problem: In order to make successful call I have to provide basic authentication credentials( Authorization: Basic YWRtaW46cXdlcnR5 ): @PostMapping("/oauth/revoke") public ResponseEntity<String> revoke(@RequestParam Map<String, String> params) { RevocationService revocationService = revocationServiceFactory .create(params.get(

问题 I'm trying to implement the example from the book OAuth-2.0-Cookbook using Spring cloud OAuth2. I managed to implement his functionality but unfortunately I'm facing a problem: In order to make successful call I have to provide basic authentication credentials( Authorization: Basic YWRtaW46cXdlcnR5 ): @PostMapping("/oauth/revoke") public ResponseEntity<String> revoke(@RequestParam Map<String, String> params) { RevocationService revocationService = revocationServiceFactory .create(params.get(

问题 Is there any way to configure Spring Security OAuth2 so it automatically purge TokenStore? I want to remove the expired tokens from time to time. I've seen the InMemoryTokenStore code and it performs a flush every now and again. But JdbcTokenStore does not perform any purge, so Who is in charge of removing the expried tokens from the storage? I've implemented a TokenStore that uses MongoDB as storage, but I have the same problem. Nobody is removing the expired tokens from the storage. 回答1:

问题 Is there any way to configure Spring Security OAuth2 so it automatically purge TokenStore? I want to remove the expired tokens from time to time. I've seen the InMemoryTokenStore code and it performs a flush every now and again. But JdbcTokenStore does not perform any purge, so Who is in charge of removing the expried tokens from the storage? I've implemented a TokenStore that uses MongoDB as storage, but I have the same problem. Nobody is removing the expired tokens from the storage. 回答1:

问题 I am working on microservices with Spring Cloud and Netflix OSS Eureka and Ribbon. I have another service running as oauth-server which provides OAuth2 token. All my microservices are registered with Eureka including oauth-server. My whole solution works if I use hardcoded url of oauth-server as "clientCredentialsResourceDetails.setAccessTokenUri("http://localhost:9000/oauth/token");" but when I try to use Eureka Discovered url of oauth-server like "clientCredentialsResourceDetails

问题 I am working on microservices with Spring Cloud and Netflix OSS Eureka and Ribbon. I have another service running as oauth-server which provides OAuth2 token. All my microservices are registered with Eureka including oauth-server. My whole solution works if I use hardcoded url of oauth-server as "clientCredentialsResourceDetails.setAccessTokenUri("http://localhost:9000/oauth/token");" but when I try to use Eureka Discovered url of oauth-server like "clientCredentialsResourceDetails

问题 Problem Reuse End-User Google Authentication via Spring Security OAuth2 to access Google Calendar API in Web Application Description I was able to create a small Spring Boot Web application with Login through Spring Security application.yaml spring: security: oauth2: client: registration: google: client-id: <id> client-secret: <secret> scope: - email - profile - https://www.googleapis.com/auth/calendar.readonly When application starts I can access http://localhost:8080/user and user is asked

问题 I want to work with Spotify Web API, but I'm having trouble with Spring Security Configuration. Here are my security dependencies: /* springBootVersion = '2.1.2.RELEASE' */ implementation "org.springframework.security:spring-security-oauth2-client" implementation 'org.springframework.security:spring-security-oauth2-jose:5.1.6.RELEASE' implementation "org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.1.7.RELEASE" And here's my security in my application.yml file:

问题 when I am trying to access OAuth HTTPS endpoints from spring boot app , i am getting below error, but HTTP endpoint works perfectly fine Error: 2018-07-24 10:25:06.292 [DEBUG][8464][https-jsse-nio-8084-exec-8] o.apache.coyote.http11.Http11Processor: Error parsing HTTP request header java.io.EOFException: null at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1250) at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1190) at