I made my own implementation of ClientDetailsService:
@Service
public class JpaClientDetailsService implements ClientDetailsService {
@Autowired
private ClientRepository clientRepositoy;
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
ClientDetails client = clientRepositoy.findOne(clientId);
if (client == null) {
throw new ClientRegistrationException(String.format("Client with id %s not found", clientId));
}
return client;
}
}
ClientRepository is a standard JpaRepository.
I configured an AuthorizationServerConfigurerAdapter like this:
@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private ClientDetailsService clientDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
}
}
But when I go to http://localhost:9999/oauth/authorize?response_type=code&client_id=lipton, I get a
java.lang.StackOverflowError: null. Spring loops on com.sun.proxy.$Proxy81.loadClientByClientId(Unknown Source).
I don't understand why.
I do not understand why, but if I inject my bean directly instead of injecting the interface, it works :
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
...
@Autowired
private JpaClientDetailsService clientDetailsService;
...
it also works if I annotate my service with @Primary annotation:
@Service
@Primary
public class JpaClientDetailsService implements ClientDetailsService {
I had similar problem. Finally I resolved bug when I gave my clientDetailsService another name i.e. myClientDetailsService and then injected this by name in AuthorizationServerConfig class:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Resource(name = "myClientDetailsService")
private ClientDetailsService clientDetailsService;
...
I think that if my own implementation of ClientDetailsService wasn't yet created Spring inject into AuthorizationServerConfig some kind of proxy.
So, if you want to resolve this kind of bug you must be sure that Spring inject proper ClientDetailsService in AuthorizationServerConfig. You can achieve this if you:
- give spring information about preference of your own ClientDetailsService (Arnaud answer), or
- inject this service by name
What ended up working for me was adding the ClientDetailsService @Bean to the @EnableAuthorizationServer class:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration implements AuthorizationServerConfigurer {
...
@Autowired
ClientDetailsService clientDetailsService;
...
@Bean
public ClientDetailsService clientDetailsService() {
return new CustomClientDetailsServiceImpl();
}
...
}
I would say that the best solution is to be explicit - if you are autowiring a clientDetailsService - then say so.
@Autowired
ClientDetailsService myClientDetailsService;
@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.setClientDetailsService(myClientDetailsService);
....
}
However, My problem was slightly different and the above solutions did not work. Here are the conditions that created it. I created a CustomTokenEndpointAuthenticationFilter - which required an instance of OAuth2RequestFactory. I created my instance of OAuth2RequestFactory with a call to endpoints.getOAuth2RequestFactory(); before the clientDetailsService had been set.
If The OAuth2RequestFactory gets created this way, DefaultOAuth2RequestFactory gets created with a default clientDetailsService, so even if you set the clientDetailsService later explicitly in the AuthorizationServerEndpointsConfigurer it will not be in the OAuth2RequestFactory used by your custom Filter.
So in sum in this edge case
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
endpoints.setClientDetailsService(myClientDetailsService);
...
}
wont work but
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.setClientDetailsService(myClientDetailsService);
oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
...
}
will.
Another way to be sure is to create your own OAuth2RequestFatory
oauth2RequestFactory = new DefaultTokenRequestFactory(myClientDetailsService);
来源:https://stackoverflow.com/questions/31798631/stackoverflowerror-in-spring-oauth2-with-custom-clientdetailsservice