Questions tagged [spring-oauth2]

1

votes
1

answer
363

Views

Spring boot oauth2 auth server sessions

I'm attempting to understand how spring boot uses http sessions to manage the oauth authorization code flow. I understand that after the user submits their credentials via the /login form spring will persist the authentication object so it can be retrieved when the browser is redirected to retrieve...
Sam
1

votes
0

answer
342

Views

Spring Oauth2.0 performance issue on heavy load

We have implemented Spring OAuth 2.0 in one of my application and when we did performance test on the sam, the application started throwing exception DuplicateKeyException and we assume that this happens because the same user tries to create token multiple time. We will avoid this issue by ensuring...
Delon
1

votes
0

answer
22

Views

Can't allow an anonymous access on my resource server

I have two servers: authorization and resource, it works perfect if I am using Bearer access_token for my resource server but I need to have an anonymous access to some endpoints (i.e. http://localhost:8080/games but not http://localhost:8080/games/new). How to make it? Now I'm trying to allow an an...
Шах
1

votes
1

answer
270

Views

Spring Security OAuth2 Resource Server retry/resilience

I’m developing a Resource Server using Spring Security OAuth2(http://projects.spring.io/spring-security-oauth/docs/oauth2.html) which interacts with Authorization Server to retrieve/validate Auth Tokens. The OAuth Flow used here is ‘client credentials’. The Application is working fine when Re...
Haran
1

votes
1

answer
323

Views

Multiple Login endpoints Spring Security OAuth2

I'm trying to implement multiple login strategies for different user roles (Spring Security OAuth2 with Spring Boot 2), and each strategy should use a different endpoint. I have 3 user types, REGULAR, EXTERNAL, CLIENT, where regular logs in vía username/password, external logs in via documentId/key...
Desiderantes
1

votes
1

answer
77

Views

Public API access with OAuth 2.0

As a Resource Owner, I am able to get a response from a Protected Resource Server (here: Service) using the Resource Owner Password Credentials grant type (aka password) via org.springframework.security.oauth2.client.OAuth2RestTemplate. Resource Owner (e.g. a Users with a browser) + ^ (1)| |(6)...
Matthias
1

votes
0

answer
177

Views

Disabling Authorization endpoint in Spring Oauth

I am spring boot oauth2 2.0.0.RELEASE. I am trying to disable the authorize endpoints as we wont be using it ? Is there a configuration I can set to disable it ? We only use the token endpoint
sam
1

votes
2

answer
480

Views

Spring: forwarding to /oauth/token endpoint loses authentication

I'm building a Spring Boot authorization server which needs to generate Oauth2 tokens with two different auth methods. I want to have a different endpoint for each method, but by default Spring only creates /oauth/token, and while it can be changed, I don't think it is possible to have two different...
Anxo
1

votes
0

answer
200

Views

Multiple oauth2 rest templates in Spring without using OAuth2ClientContext

I'am having some difficulties to setup mulitple OAuth2RestTemplates in Spring Boot using the spring-security-oauth2-autoconfigure package. Basically, what I want to achieve is, that users can login to my website using SSO (I am using the @EnableOAuth2Sso). The same SSO session is then used to recei...
Sauerbier99
1

votes
0

answer
76

Views

Feign masking OAuth2 OAuth/token spring boot

I'm trying to mask oauth/token the token generation through feign client port but not with oauth server port. I have added my request interceptor. But when I'm trying to generate token I'm getting 406 not acceptable as below : Can someone please post a solution ? public class UserFeignClientIntercep...
vamsi
1

votes
0

answer
50

Views

How to Handle the RedirectMismatchException in Spring oAuth Server?

When working with Spring OAuth Server there is a redirect_uri request parameter which when does not match any of the registered URIs in a oauth client details database table causes the oauth server to throw a RedirectMismatchException. I cannot catch this RedirectMismatchException using the @Contro...
Simplyi
1

votes
1

answer
113

Views

WARNING: Encoded password does not look like BCrypt

Controller class method: @RequestMapping(value = '/admin', method = RequestMethod.GET) public String adminPage() { return 'privatePage'; spring-security configuration: Error: Your login attempt was not successful, try again. Reason: Bad credentials. Appreciate any response.
vikas kumar
1

votes
0

answer
169

Views

Spring Boot OAuth org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 null

I am following a pluralsight tutorial, but even copying the code from the source it still gives HttpClientErrorException$Unauthorized: 401 error. The application that acts as server has in application.properties server.port=9001 server.servlet.context-path=/services security.oauth2.resource.user-i...
Oana-Elena Danescu
1

votes
0

answer
57

Views

Adding a resource server to an existing JSF/Spring security application

Currently, we've implemented a centralized authorization server using the oauth2.0 protocols and a password flow. I will post the user, pwd, secret and clientID to the auth server endpoint, get a JWT back and be on my way. What I currently have in this existing 'client' application is some spring se...
user10776719
1

votes
0

answer
96

Views

AntMatcher and contextPath for API security

I have spring boot application. I have configured OAuth2 - both authorization and resource servers (separated). In the resource server (application.properties) I have: server.servlet.context-path=/api as well as: @Configuration @EnableResourceServer public class ResourceServerConfig extends Resource...
user3529850
1

votes
0

answer
62

Views

How to set connection timeout with OAuth2RestTemplate while fetching access token

We are able to fetch access token using attached code snapshot but didn't find any way to set connection timeout as we do with spring restTemplate.Is there any way to set a connection timeout with OAuth2RestTemplate.
Hemant Kumar
1

votes
0

answer
52

Views

Request HTTPS resource with OAuth2RestTemplate

I am trying to fetch some data from an API secured with SSL. I have configured my OAUth2RestTemplate with the necessary configuration but I am getting the following exception Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for 'https://.../oauth/token': s...
Smajl
1

votes
0

answer
19

Views

Spring boot oauth application not redirecting to the login.html after successful logout

I have followed Spring Boot and OAuth2 tutorial and done some of the changes for the UI as below. Created a login.html with below content Demo Login With Google: click here And in the index.html I have removed the below piece of code Login With Google: click here I have also provided the Google clie...
Naveen Kumar H S
1

votes
0

answer
19

Views

How to logout a user from Wordpress site who was logged in using oauth

My Site (mysite.com) uses Spring OAuth2 Client registration to Authenticate and Authorize a user using a Wordpress Site (thatsite.com), and after login with correct credentials, wordpress site redirects that user back to my site along with token details, this flow is working fine. So with this proc...
imvishalpatel18
1

votes
0

answer
39

Views

How to secure different Spring Boot rest APIs Using OAuth2

I want to secure different Spring boot rest APIs using OAuth2 authorization server. What is the best solution to achieve this?
Mushtaq hussain
1

votes
2

answer
392

Views

Redundant Oauth authentication server (high availability / failover)

We are considering to use oauth authentication between our microservices. It's very important these services will keep working even when the authentication server is down. Shouldn't the AuthorizationServer be redundant in my scenario ? We are using our own AuthorizationServer (based on https://gith...
Raymond Domingo
1

votes
1

answer
364

Views

@Post Filter is not filtering the method returned collection using acl and oauth spring security

I m trying to integrate both Oauth security and acl spring security. Instead of below oauth expression handler I used the acl expression handler following configuration as explained in http://krams915.blogspot.in/2011/01/spring-security-3-full-acl-tutorial_30.html. I am able to make acl entries in t...
anu
1

votes
1

answer
380

Views

How to get oauth token with GsonHttpMessageConverter?

I am using the following libraries: spring-security-oauth2-2.0.9 spring-4.2.1 Gson - 2.2.4 and configured GsonHttpMessageConverter in applicationContext.xml: Added : By default spring-oauth2 uses jackson-converter to serialize/deserialize json. With including jackson libraries, I am not able to ge...
chiku
1

votes
1

answer
1.5k

Views

Spring Security OAuth2 JWT anonymous token

What I Did First I accept that I am lacking in spring security knowledge. I am trying secure rest services for one of our product. I am using spring security OAuth2 JWT. I want to allow anonymous as well as registered users to access my resources. Suppose I have one service 'http://localhost:8282...
Ani
1

votes
1

answer
1.1k

Views

Remove HTTP Strict Transport Security (HSTS) response header in spring oauth2 token API

I am using Spring Security and Spring Oauth2 and JWT in my API project The default API in order to login which Spring oauth 2 provided, is /oauth/token This API always adds 'Strict-Transport-Security: max-age=31536000 ; includeSubDomains' header to the response. But I don't want this in my situatio...
congtinit
1

votes
1

answer
95

Views

What type of security should I use in Spring REST application

I have a Spring REST application, and I'm thinking about what type of security to use. I'm considering between two options: Spring Security with OAuth2 Spring Security with JWT like here https://www.toptal.com/java/rest-security-with-jwt-spring-security-and-java Any other option? It must be good and...
Orest
1

votes
1

answer
3.2k

Views

Single login page within authorization server using Spring Boot and OAUTH2

I need an OAUTH2 authentication server for my single page webapps. I was able to build OAuth2 authentication server that supports grant type PASSWORD using Spring Boot. But Spring requires a client secret for basic authentication on the /auth/token endpoint. I red it's not safe, anyone could extract...
Vojtech
1

votes
1

answer
1.2k

Views

spring-security returns 401 despite authorizeRequests().anyRequest().permitAll()

I'm using spring-security and spring-security-oauth2 (JWT access tokens) for authentication and authorization. The idea is to let all requests through, but to be able to distinguish between authenticated users and unauthenticated users. As soon as I enable @EnableResourceServer my configured HttpSec...
msparer
1

votes
1

answer
114

Views

How can provide username and password for consuming rest controller with oAuth security in Angular 4?

I made rest controller method that returns list of person in spring boot, and provided oAuth service to secure my rest methods and this is service in angular 2 for consuming this rest service. import { Observable } from 'rxjs'; import {Http,Response} from '@angular/http'; import 'rxjs/add/operator/m...
1

votes
1

answer
434

Views

“Unsupported configuration attributes: [IS_AUTHENTICATED_FULLY]” when trying to configure Spring 4 / OAuth 2

I recently upgraded to Spring SEcurity 4.2.2.RELEASE and now I'm having trouble with my OAuth2 configuration (using v 2.0.7.RELEASE). I want to force URLs that look like '/context-path/api/**' to require an OAuth access token. SO I have HOwever, after upgrading to Spring SEcurity 4, I'm getting th...
Dave
1

votes
1

answer
173

Views

Fetch authentication provider for spring oauth2

Been going through the examples on the spring website https://spring.io/guides/tutorials/spring-boot-oauth2/ I've made minimal changes to also allow google as a provider. However the authentication details format is different depending on the provider. How can one tell given the Principal which pro...
Wes
1

votes
1

answer
529

Views

Spring OAuth 2 - Database Schema as JPA Entities

I want to create the database for my JDBC TokenStore independent from the database type. So I want to use JPA Entities to automatically create tables and columns. There are a lot of schemas (e.g. this one) for the database which is used by Spring OAuth2 to be found online. But I can't find any JPA e...
user2738996
1

votes
1

answer
254

Views

Testing org.apache.http.entity.ContentType when the HTTP response content type doesn't contain a space

I am writing a test for an authorization server that tests that the content type of an oauth response is JSON. The authorization server is using spring-security-oauth2 2.0.1.4.RELEASE and my JUnit test is using rest-assured 2.9.0. @Test public void testTokenEndpoint() throws Exception { // Client Cr...
zero01alpha
1

votes
1

answer
1.1k

Views

Spring OAuth2 Custom Authentication Manager ClassCastException

i've a big problem and no idea how to solve it... I need to use customAuthenticationManager for third party log-in in my spring boot application, but when i declare custom authenticator i get : Handling error: ClassCastException, java.lang.String cannot be cast to com.nexus.demooauth.models.User If...
1

votes
1

answer
0

Views

Spring OAuth2 server cannot refresh token with Resource owner credentials (password) grant flow

I have configured an OAuth2 authorisation server with spring security oauth, using jwt tokens: @Configuration @EnableAuthorizationServer public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { ... @Override public void configure(final ClientDetailsServiceConfigure...
Archie
0

votes
0

answer
2

Views

Customization of TokenEndpoint in Sprin OAuth2

I would like to provide a custom implmentation of the TokenEndpoint class in Spring framework. Ive copied over the TokenEndpoint class of spring and have made my changes to the required places. But when the applications starts, I'm always getting the error Caused by: java.lang.IllegalStateException...
Athomas
1

votes
2

answer
1.7k

Views

Cannot inject LoadBalanced annotated OAuth2RestTemplate

I am using Spring Cloud Angel.SR4. My Configuration class for creating an OAuth2RestTemplate bean is as follows: @Configuration public class OAuthClientConfiguration { @Autowired private MyClientCredentialsResourceDetails resource; public OAuthClientConfiguration() { } @Bean @Qualifier('MyOAuthRestT...
Armin Balalaie
0

votes
0

answer
3

Views

How to disable default Spring OAuth2 REST APIs?

We use the following version of spring-security-oauth2: org.springframework.security.oauth spring-security-oauth2 2.0.11.RELEASE When enabling the authorizationserver and configuring it, the framework enables default APIs like '/oauth/check_token' or '/oauth/token_key'. I don´t use these APIs (exce...
dso
1

votes
2

answer
1.2k

Views

How can Spring add a new _csrf token to a session variable?

When someone does a POST to /oauth/authorize in Spring OAuth2 (Source code for the API at this link), the CSRF token is updated at the server. What specific code syntax can be used to: 1.) Access the newly minted CSRF token in code? 2.) Assign a copy of the newly minted CSRF token to an inert sess...
CodeMed
1

votes
1

answer
581

Views

How to store facebook authenticated user in DB?

I tried to implement this tutorial https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout This is my application config(spring boot) @Configuration @ComponentScan(basePackages = {'org.fiodorov.controller','org.fiodorov.service', 'org.fiodorov.config'}) @EntityScan(basePackages =...
Filosssof

View additional questions