spring-security-oauth2

问题 I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter . I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one. I've found some similar questions here in stackoverflow but there are not clearly answered. 回答1: From reading the

问题 I'm trying to create a Spring Boot REST application that has to make a remote REST call to another Spring Boot application protected by OAuth2 (with grant type client_credentials). The first application is using the Reactive WebClient to make the call to the second OAuth2 REST application. I've configured the the WebClient with grant_type "client_credentials" (see code below) public WebClient messageWebClient( ClientRegistrationRepository clientRegistrations, OAuth2AuthorizedClientRepository

问题 As I see Spring Security OAuth2.x project was moved to Spring Security 5.2.x. I try to implement authorization and resource server in new way. Everythin is working correctly except one thing - @PreAuthorize annotation. When I try to use this with standard @PreAuthorize("hasRole('ROLE_USER')") I always get forbidden. What I see is that the Principal object which is type of org.springframework.security.oauth2.jwt.Jwt is not able to resolve authorities and I have no idea why. org.springframework

问题 As I see Spring Security OAuth2.x project was moved to Spring Security 5.2.x. I try to implement authorization and resource server in new way. Everythin is working correctly except one thing - @PreAuthorize annotation. When I try to use this with standard @PreAuthorize("hasRole('ROLE_USER')") I always get forbidden. What I see is that the Principal object which is type of org.springframework.security.oauth2.jwt.Jwt is not able to resolve authorities and I have no idea why. org.springframework

问题 As to not reveal confidential information, the provider will be replaced by $PROVIDER . The authorization works, but instead of redirecting me to the index, it redirects me to /error . Steps to reproduce Start the application Go on any page, it will redirect me to http://localhost/oauth_login which displays a link login . Click on the link login (which links to http://localhost/oauth2/authorization/$PROVIDER ) Get redirected to http://localhost/error The error page displays the following (I

问题 Using Spring Security 5 oauth I successfully ran through the whole authentication/authorization cycle using Google as OAuth provider, but I am stuck if I use an OAuth provider that I made myself, running on a different application. I'm using the following 2 dependencies: <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-client</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2

问题 What is the difference between spring-security-oauth2 and spring-security-oauth2-core in spring? Is spring-security-oauth2 substituted by spring-security-oauth2-core? spring-security-oauth2 release link : http://repo.spring.io/release/org/springframework/security/oauth/spring-security-oauth2/ spring-security-oauth2-core release link http://repo.spring.io/release/org/springframework/security/spring-security-oauth2-core/ 回答1: Yes there is a big difference. spring-security-oauth2 (Spring

问题 I am using Spring Security Oauth2 to secure my Spring Boot REST app. I want to process some operation after a user login success and failure. The problem is each time I send a request with the user bearer token, AuthenticationSuccessEvent is published even the user is already authenticated. This handler is always called: @Async @EventListener( { AuthenticationSuccessEvent.class } ) public void listenAuthenticationSuccessEvent( AuthenticationSuccessEvent event ) { AbstractAuthenticationToken

问题 I implemented oAuth2 authorization server using Spring Boot version 1.5.2.RELEASE. The authorization server supports implicit flow. With the WebSecurityConfig below the login form (http://localhost:8200/login) works well. @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private JpaUserDetailsService userDetailsService; @Bean @Override public UserDetailsService userDetailsServiceBean() throws Exception { return userDetailsService; } @Bean public

问题 I’m trying to migrate JHipster from using Zuul to Spring Cloud Gateway. JHipster uses Eureka to look up routes and I believe I’ve configured Spring Cloud Gateway correctly to look up routes and propagate the access token to them. Here’s my config: spring: cloud: gateway: default-filters: - TokenRelay discovery: locator: enabled: true lower-case-service-id: true route-id-prefix: /services/ httpclient: pool: max-connections: 1000 The problem I’m experiencing is the access token is not sending