spring-security-oauth2

问题 Some additional info is sent from OAuth Authorization Server that is needed inside a custom UserDetails class on Resource Server, and preferably inside SpringSecurity Principal. Current approach is setting a username as Principal and adding additional info as an additional details of Authentication object like this. public class CustomAccessTokenConverter extends JwtAccessTokenConverter{ @Override public OAuth2Authentication extractAuthentication(Map<String, ?> claims) { OAuth2Authentication

问题 I am having problems with redirecting to access token entry point /oauth/token which will detail bellow. I am hoping someone could give me some light to it as I took a lot of time implementing this. Also, interesting is the fact that I cannot test with with SoapUI 5.0 community edition even following their instructions. It gest the authorization code but fails later as you need to set the redirect URI as "urn:ietf:wg:oauth:2.0:oob". Since Spring-Security-Oauth2 lacks a lot of good

问题 I have 2 applications: Spring Application 1 is client and resource server. Spring Application 2 is authorization server. User will be able to login in Application 1 and access its resources. And I want to implement the following flow: User enter his credentials in login form -> Application 1 will get token from Application 2 using user credentials and its clientId with password grant type -> Access resources of Application 1 with token. The question is if Spring Security 5 supports password

问题 I am writing a RESTful web service ( Jersey running on Tomcat ) that needs to authenticate users' email address, and possibly access their Google Calendar. The plan is that users will be redirected to login to Google via OAuth2 . My web service is already protected by Spring Security . It works fine with basic authentication (i.e. hard-wired list of users and passwords.) If I try to access any of the protected resources I am prompted to login. Now I am trying to wire in Spring Security OAuth2

问题 I'm 50+ hours deep on this solution and would appreciate any input. I have a JHipster 4.x generated application using Angular + Spring + JWT stateless authentication (myApp). I am wiring up a 3rd party OAuth 2 interface (battle.net) for authenticated myApp users to OAuth against battle.net so we can prove they own the battle.net account and pull their battle.net user id so the accounts are linked in myApp. So JWT southbound, OAuth2 northbound. JWT works fine and OAuth appears to work fine. I

问题 I'm 50+ hours deep on this solution and would appreciate any input. I have a JHipster 4.x generated application using Angular + Spring + JWT stateless authentication (myApp). I am wiring up a 3rd party OAuth 2 interface (battle.net) for authenticated myApp users to OAuth against battle.net so we can prove they own the battle.net account and pull their battle.net user id so the accounts are linked in myApp. So JWT southbound, OAuth2 northbound. JWT works fine and OAuth appears to work fine. I

问题 I'm using spring OAuth2 and JWT tokens to secure an application. I am extending org.springframework.security.core.userdetails in order to add some additional attributes to the token which can then be used to perform authorization ones an endpoint is called. public class CustomUser extends User { private Set<String> bookIds; public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities) { super(username, password, authorities); } public CustomUser

问题 I have implemented authorization_code grant flow which works fine when my Auth Server is run locally. A client is getting redirected to auth server login page through /oauth/authorize end point. On successful login it is getting redirected to the redirect_uri provided in the /oauth/authorize call where it is getting the authorization_code . Very well. The problem is when the Auth Server is put behind proxy the last step where after successful login client is supposed to get the authorization

问题 I am new to spring security. While analyzing the below code change, I could not comprehend why "#post" is used instead of "post" ? Why is the word "post" prefixed with a "#"? post is an object. @PreAuthorize("hasPermission(#post, 'MANAGER') or hasRole('ROLE_MODERATOR')") + @PreAuthorize("hasPermission(#post, 'write') or hasRole('ROLE_MODERATOR')") public void updateFullyPost(Post post) throws AppException; I referred to spring security documentation and found the below. hasPermission(Object

问题 I have errors with OAuth2. I need to retrieve a token to start working with this tool, to protect my resources. I want to integrate it to all my requestmappings. I´ll add the error for authorize and token endpoints. I hope somebody have managed oauth2... many thanks! My OauthServerConfig: @Configuration public class OAuth2ServerConfigAuthorizationServerConfiguration { private static final String RESOURCE_ID = "restservice"; @Configuration @EnableResourceServer protected static class