Questions tagged [spring-security-oauth2]

0

votes
0

answer
2

Views

Customization of TokenEndpoint in Sprin OAuth2

I would like to provide a custom implmentation of the TokenEndpoint class in Spring framework. Ive copied over the TokenEndpoint class of spring and have made my changes to the required places. But when the applications starts, I'm always getting the error Caused by: java.lang.IllegalStateException...
Athomas
1

votes
1

answer
355

Views

Grails spring security oauth2 provider request for resource with correct bearer token redirects to login

As the title implies, I have a controller method protected by the oAuth2 plugin, but when I send a request to it including a correct Authorization: Bearer (using Postman), the response I get is the HTML for the login page. Method in question: @Secured(['ROLE_USER', '#oauth2.clientHasAnyRole('ROLE_...
OsaSoft
0

votes
0

answer
3

Views

How to disable default Spring OAuth2 REST APIs?

We use the following version of spring-security-oauth2: org.springframework.security.oauth spring-security-oauth2 2.0.11.RELEASE When enabling the authorizationserver and configuring it, the framework enables default APIs like '/oauth/check_token' or '/oauth/token_key'. I don´t use these APIs (exce...
dso
1

votes
2

answer
229

Views

Prevent spring session override in the same war

Let's say I have a WAR which has a front-end in JSP, and includes a JAR with a REST API. I have one spring-security.xml in which multiple authenticationProviders are configured. The problem I'm facing is as follows: A user (user1) is logged in into the JSP-front-end through basic authentication (loc...
Thomas Stubbe
1

votes
1

answer
916

Views

Basic Authorization header stripped for oauth/token request

I have a serious issue with my Oauth2 authorization and I am slowly giving up after four evenings, so I hope that someone can help me. Client: I have an Angular2 client as a separate front-end project. I know how oauth/token post should like, because I already tested it with Postman. The thing is t...
Durin
1

votes
2

answer
1k

Views

Spring OAuth - Reload resourceIds and authorities of authentication

I just apply Spring Boot and Spring Cloud to build a microservice system. And I also apply Spring Oauth to it. Honestly, everything is perfect. Spring does a great job in it. In this system, I have a microservice project does the job of an OAuth server, using JDBC datasource, and I using Permission...
Nguyen Minh Dung
1

votes
2

answer
796

Views

Unable to wire Spring-Integration with RestTemplate

I am a complete noob with Spring Integration Framework. I am trying to consume a REST API that uses OAuth2. I am using Spring Integration xml-based configuration. My issue is that cannot seem to get the Gateway and the Rest Template wired properly to send the body (multi-part) for the token request...
ochi
1

votes
2

answer
510

Views

Role hierarchy and OAuth2 Security using Spring Boot

I know there is a lot of threads about Role hierarchy however I could not find any example combined with OAuth2. So, most of threads point that I need to implement RoleHierarchy bean: Beans.java @EnableJpaRepositories(basePackages = 'com.template.service.repository') @EnableAspectJAutoProxy @Compo...
ilovkatie
1

votes
1

answer
296

Views

Error 403 after @EnableOAuth2Sso in Spring security

I've got my own mapping setCred/ and when it gets called via a http POST request it returns a 403 Error. But when I remove the @EnableOAuth2Sso it all works fine. I don't have any idea what part I'm missing here. @EnableOAuth2Sso @Controller public class TestAPI { @RequestMapping(value = '/setCred',...
Oleg
1

votes
2

answer
1k

Views

How to reuse oauth2 token from user (authorization_code) in a Rest Template

I have 3 applications Frontend application OAuth2 authentication server REST api (RepositoryRestResources) My users have to log in before being able to use the frontend application. This happens through SSO. They receive a token which is validated by the client before being let in. I would like to r...
p.streef
1

votes
1

answer
343

Views

dynamically add param to userAuthorizationUri in oauth2

Sometimes user's refresh token in local DB becomes stale. To replenish I'm trying to add prompt=consent param while making the oauth2 call. I was trying to @Autowire AuthorizationCodeAccessTokenProvider in my config class and in the afterPropertiesSet I was doing a setTokenRequestEnhancer and then r...
Anand Rockzz
1

votes
2

answer
1.3k

Views

Add optional Google Sign In in my Spring Boot + Security + web Application

I am working on a Spring boot web application. I have now working a registration and login system using Spring Security with a custom userDetailService. Now I want add a register-login system using Google Accounts. I created my Google API keys and added them to the application.properties. I think is...
Genaut
1

votes
2

answer
4.2k

Views

Spring cloud Feign OAuth2 request interceptor is not working

I am trying to create a simple REST client using spring cloud feign to consume a service which is secured with OAuth2 security tokens. I am using OAuth2FeignRequestInterceptor for adding the bearer token, check my below code. I am facing 401. and when try to debug my code I don't find the bearer tok...
Pravin K
1

votes
1

answer
571

Views

OAuth2RestTemplate with custom ErrorHandler

i have configured an OAuth2RestTemplate with a custom error handler with which i want to disable the default behaviour of throwing an Exception if the status is 4xx or 5xx (i want to check the HttpStatus on the ResponseEntity itself) The implementation looks like this @Bean public OAuth2RestTemplate...
Akroma
1

votes
2

answer
260

Views

Dynamically changing JWT subject field

I successfully implemented JWT as a authentication filter in my web application. When user's login is successful, I am creating a new JWT and assigning userName in the sub field of JWT. In the subsequent request's I am using userName in the JWT sub field to identify the user. But what if the user c...
Sandesha J
1

votes
1

answer
406

Views

Logout in spring security without redirecting anywhere

Hi I implimented spring security in my spring boot application. But on clicking logout it needs some redirect url. How to avoid it? My WebSecurityConfig is @Override protected void configure( HttpSecurity http ) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers(HttpMethod.PO...
Virat
1

votes
2

answer
1k

Views

Configure custom OAuth2AccessToken on a client Spring Boot Application

The standard JSON format that an authorization server usually gives you, has a property named 'expires_in', but now I'm working with an autorization server that gives me a property named 'access_token_expires_in'. Because of this, my OAuth2AccessToken always returns isExpired to false even when then...
Patrix
1

votes
1

answer
477

Views

refresh_token grant type supplies another refresh token?

While developing my Spring Rest API I am noticing something I don't quite understand. I am using the refresh_token grant type. It works fine when I access /myapi/oauth/token?grant_type=refresh_token but I am confused as to why it returns a shiny new refresh token along with a new access token. Woul...
zero01alpha
1

votes
1

answer
783

Views

Spring OAUTH: Override CheckTokenEndpoint 'check_token?token=' response map

I would like to override the CheckTokenEndpoint to provide my own custom output as Map to the resource server. I have tried the following, but not working. Introducing new custom controller for (/oauth/check_token), but Spring rejects this custom and registers its own. Overriding bean definition fo...
Kanagavelu Sugumar
1

votes
2

answer
3.4k

Views

Spring Boot - Using JWT, OAuth, and Separate Resource and Auth Servers

I am attempting to build a Spring application that uses JWT tokens and the OAuth2 protocol. I have the Authentication Server running thanks to this tutorial. However, I am struggling with getting the Resource Server to function properly. From following the article, and thanks to a response to a prio...
KellyMarchewa
1

votes
2

answer
781

Views

Spring OAuth2 custom request - put parameters on body like raw data

I am implementing a client with Spring Security OAuth2 to use resources through an API, I have to customize the request like this: POST https://example.com/v2/oauth2/token HTTP / 1.1 Authorization: Basic xxxXXXXxxXXXXXXxXXxxXX Content-Type: application / x-www-form-urlencoded Accept: application / j...
Mauro Arisci
1

votes
1

answer
402

Views

Custom DefaultTokenServices bean not being used

I have a Spring Boot Rest API using JWT and OAuth2 Spring Boot 1.5.10 using the default versions for spring security starter and the oauth2 and jwt modules. In my Authorization Server config I am declaring a custom DefaultTokenServices based off of this guide here http://www.baeldung.com/spring-secu...
zero01alpha
1

votes
1

answer
1.8k

Views

Angular 4/5 + Spring Boot + Oauth2 support

i have my web app builded with Angular 4/5 and Spring Boot. Now i want to add user-accounts to my app and there i have some problems. I would like have my Auth serwer (in Spring Boot) and also i want use providers like Facebook and Google. There is my first question, when user will choose Facebook t...
destro1
1

votes
1

answer
1.1k

Views

OAuth2LoginAuthenticationFilter Spring Security

At the moment I'm taking a look into Spring Boot 2, OAuth2 and single sign on. I'm running a sample project but am getting: ClassNotFoundException: org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter I'm unable to located the Maven dependency that will give me this class....
MikeMelo91
0

votes
1

answer
23

Views

Spring Oauth2 Authorization server User Info Endpoint with multiple grant_type not working

I've authorization server which has inbuilt DB Authentication manager. Here are the configurations. AuthConfig.java @Configuration @EnableAuthorizationServer public class AuthConfig extends AuthorizationServerConfigurerAdapter { @Autowired @Qualifier('authenticationManagerBean') private Authenticati...
Karthik Prasad
1

votes
2

answer
872

Views

Spring Oauth2 SSO - Unable to logout from the Auth server

I am using @EnableOauth2Sso following an architecture similar as the one described in Spring's oauth2 tutorial: an auth server, a zuul proxy that enables the sso, a separated UI application etc. Auth server ---- Resource Server (Zuul app) ---- Angular UI App The problem is that when the UI logs o...
codependent
5

votes
2

answer
307

Views

How get a token in spring boot 2 oauth2?

I'm new in spring security oauth2. I want to run this authorization server sample code. I run it successfuly, for get token, I set postman as follow and then send request: In this case, I entered client id with its password, but I want to login without them. For example my users send username, passw...
Morteza Malvandi
1

votes
4

answer
3.9k

Views

HttpSecurity configuration problems in spring-security-oauth2

I'm pretty new with Spring, and I'm trying to build an OAuth Server using spring-security-oauth2. I mainly refered to the sample and a tutorial given by spring.io. https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2 http://spring.io/guides/tutorials/spring-boot-oauth...
Just_CJ
1

votes
1

answer
483

Views

How does spring oauth2sso works? Why this redirect sequence happen?

I want to write hello world example to understand SSO/oauth2 I took following example: http://www.baeldung.com/sso-spring-security-oauth2 First of all I need to say that it works properply. My question is wy it is working. My question related with client application. It is simple application which c...
gstackoverflow
1

votes
1

answer
504

Views

Override UserAuthenticationConverter for JWT OAuth Tokens

I am trying to create a spring resource server secured with oauth2. I am using auth0 for my auth2 service, and I have an api and client configured with scopes. I have a resource server that mostly works. It is secured, and I can use @EnableGlobalMethodSecurity and @PreAuthorize('#oauth2.hasScope('pr...
niltz
1

votes
1

answer
730

Views

Oauth2 doesn't work in Spring Boot

I have question about Spring Boot. Our app works as Authorization server and Resource server as well. We provide token to users and also secure rest controllers. Now we starting new app and we decide to use Spring Boot 2.0.1. We have implemented Oauth configuration in previous app (1.5.X) so we want...
Denis Stephanov
1

votes
1

answer
325

Views

Spring security Basic Auth and Form login for the same API

I would like to access all my API's via two authentication mechanisms, Basic Auth & Form login. I know that there are existing questions, but, the answers did not work for me, and my use case is a little bit different. My config: @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true)...
G.Mast
1

votes
2

answer
1.3k

Views

Java Spring Security: 401 Unauthorized for token OAuth2 end point

I have a fairly basic setup in my Spring Boot project. I'm trying to set up OAuth2 to protect my API but I'm running into issues with my /oauth/token end point. Making either a POST or GET request to my /oauth/token end point results in the following response (With a 401 Unauthorized status code): {...
Jonathon
1

votes
1

answer
568

Views

How to refresh OAuth2 token with Spring Security 5 OAuth2 client and RestTemplate

Spring Security 5.1.0.M2 (release notes) added support for automatic refreshing of tokens when using WebClient. However, I am using RestTemplate. Is there a similar mechanism for RestTemplate or do I need to implement that behavior myself? The OAuth2RestTemplate class looks promising but it's from t...
Steffen Harbich
1

votes
2

answer
253

Views

Configure Spring Security 5 Oauth 2 to use access_token uri parameter

I am creating an application based on this example - Background - https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver-webflux It works perfectly fine of the OAuth2 token is in the Header. Problem - However I would like to change it to use an OAuth 2 toke...
Pushkar
1

votes
2

answer
296

Views

Spring Boot Secured Rest API

I currently tried to understand the concept of secured microservices and want to use Spring Boot and Spring Security. Frontend: login via oauth2 provider + token retrieval. REST-API: request with token in header + token validation + return myListOfinterestingThings() I thought the Security 5 librar...
Gustav Gans
1

votes
1

answer
317

Views

Spring security JWT without OAuth

Recently I started learn how to configure spring boot with oauth 2.0 + jwt, and I have a question: is it possible to use spring boot security + jwt avoiding oauth 2.0?
TimurJD
1

votes
1

answer
274

Views

spring-security-oauth2 vs spring-cloud-starter-oauth2

I am working on building an oAuth2 application using spring boot. However, there are various sample projects in Github using spring-security-oauth2 and spring-cloud-starter-oauth2. Do we have specific scenarios where we can use a specific jar among both for an application? Though Spring cloud is ma...
user3430478
1

votes
2

answer
200

Views

Spring Boot add additional attribute to WebClient request in ServerOAuth2AuthorizedClientExchangeFilterFunction

I am trying to implement the client_credentials grant to get a token in my spring boot resource server. I am using Auth0 as an Authorization server. They seem to require an extra parameter in the request body to be added called audience. I have tried to do the request through postman and it works....
DArkO
1

votes
1

answer
53

Views

How can I enable request only for user's own endpoint

I have a rest-endpoint like this: /users/{userId}/something I implemented authentification using oauth2. My WebSecurityConfig looks like this: protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .loginPage('/logi...
Joker

View additional questions