FAQ Database Discussion Community


Standalone Spring OAuth2 JWT Authorization Server + CORS

spring-security,cors,jwt,spring-security-oauth2
So I have the following Authorization Server condensed from this example from Dave Syer @SpringBootApplication public class AuthserverApplication { public static void main(String[] args) { SpringApplication.run(AuthserverApplication.class, args); } /* added later @Configuration @Order(Ordered.HIGHEST_PRECEDENCE) protected static class MyWebSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http //.csrf().disable()...

spring security oauth2 ClassCastException configuring DefaultTokenServices

spring,spring-security,spring-security-oauth2
I'm trying to run an sample application using spring boot and spring security oauth with a configured JdbcTokenStore and a DefaultTokenServices with infinite lifetime access tokens. Running this application with gradle bootRun, the application won't start and throws an "Caused by: java.lang.ClassCastException: com.sun.proxy.$Proxy51 cannot be cast to org.springframework.security.oauth2.provider.token.DefaultTokenServices" Why is...

Neo4J TokenStore Spring oauth2

java,spring-security,neo4j,oauth-2.0,spring-security-oauth2
I'm working on Spring REST webservices secured with oauth2. I'd like to separate AuthorizationServer from ResourceServer with two different applications - AuthorizationServer is oauth2 SSO(single sign-on) and ResourceServer is the second application for business REST services. This way I can't use inmemory tokenstore because my applications will live on different...

spring security oauth2 disable jsessionid based session

spring-mvc,spring-security,spring-security-oauth2
I dont have reputation to comment, otherwise this post describes exactly the same issue. I have successfully implemented spring security oauth2 2.0.5 in a spring 4 application. All works fine, i can generate tokens and api requests are properly authenticated. But the problem is that once an api is authenticated...

Jackson: is it possible to replace the serializer set with @JsonSerialize annotation (e.g. with ObjectMapper)?

json,jackson,spring-security-oauth2
Quick question: is it possible to override @JsonSerialize annotation (using attribute) with ObjectMapper? I'm have spring-security-oauth2 integrated and I want to customize the way OAuth2Exception is serialized to JSON format. The problem is that this class uses @JsonSerialize(using = OAuth2ExceptionJackson2Serializer.class) I tried registering custom serializer with: SimpleModule module = new...

spring-security-oauth2 2.0.7 refresh token UserDetailsService Configuration - UserDetailsService is required

spring,spring-security,spring-security-oauth2,spring-security-ldap
I would have one question regarding the configuration of spring-security-oauth2 2.0.7 please. I am doing the Authentication using LDAP via a GlobalAuthenticationConfigurerAdapter: @SpringBootApplication @Controller @SessionAttributes("authorizationRequest") public class AuthorizationServer extends WebMvcConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(AuthorizationServer.class, args); } @Override public void addViewControllers(ViewControllerRegistry registry) {...

Spring-boot oauth2 splitting authorization server and resource server

java,oauth-2.0,spring-boot,spring-security-oauth2
Im trying to split the resource server from the authorization server in spring-boot. I have two different applications that i'm running separately. In the authorization server i can get the bearer token from oauth/token but when i'm trying to get access to the resource(sending the token in header) i'm getting...

how to limit one connection/user with oAuth2/spring security

java,spring,spring-security,spring-security-oauth2
I am currently building a video/chat application. Server side is spring-based, with spring security and oAuth2 about security concerns. Front end is a Java FX8 application. I want to limit my service to one connection per user. I don't see any support of that in SpringSecurity/oAuth2. What is the best...

Spring security form logging and outh2 in same app

spring,spring-security,spring-security-oauth2
I have written a sample spring application which have some rest services protected using spring-security-oauth2. Now I want to move these services to the original application which uses spring security form login. In the original application I want rest services to be protected from spring-security-oauth2 and other spring controllers to...

Download files in Javascript with OAuth2

oauth,spring-security,spring-security-oauth2
I'm developing an single-page with Javascript+AngularJS on the client side and Spring MVC + Spring Security OAuth2 on the server side. Spring MVC acts as a REST controller for any AJAX requests from the page. For authorization, the script sends an "Authorization: Bearer ..." headers with each AJAX request. This...

oauth2 reload user authorities

spring,token,spring-security-oauth2
I am wondering what's the best way to this. My scenario is the following: I have separate oath2 server and resource server sharing the auth information via database. The user authentication is being made by a provider that extends from AbstractUserDetailsAuthenticationProvider. Whenever I build UserDetails object, I attach the authorities...

Spring OAuth2 client_credentials in combination with preauthenticated user

java,spring-mvc,spring-security,spring-boot,spring-security-oauth2
My app uses preauthentication I want to consume OAuth2 protected resources using ClientCredentialsResourceDetails (signed fetch). When using this in combination with an preauthenticated UserDetails, spring does not store the OAuth token: DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security[email protected]4662f11e: Principal: User = *** How...

How to enable /oauth/check_token with Spring Security Oauth2 using XML

spring,spring-security,spring-security-oauth2
I have successfully enabled the '/oauth/check_token' endpoint using spring-security 3.2.* and javaconfig but currently I'm restricted to spring-security 3.1.4 and then i'm stucked to XML config. '/oauth/token' endpoint is working as i wish but I can't get the check_token endpoint to be enabled and I can't find any (non javaconfig)...

A dependency cycle was detected when trying to resolve the AuthenticationManager (Spring Security and Oauth)

spring,spring-security,spring-security-oauth2
I'm getting following error when configuring spring security, can anyone help me? The current configuration have resource server and authentication servers in same server for testing, may this causing conflicts. Caused by: org.springframework.beans.FatalBeanException: A dependency cycle was detected when trying to resolve the AuthenticationManager. Please ensure you have configured authentication....

How to Logout from Oauth2 SSO Server

java,single-sign-on,spring-security-oauth2,spring-cloud
I found tutorial about SSO https://github.com/dsyer/spring-security-angular/tree/master/oauth2 with configuration oauth2-authserver @Configuration @Order(-10) protected static class LoginConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .formLogin().loginPage("/login").permitAll() .and() .requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access") .and()...

spring cloud oauth sso without authorize step

spring,spring-security,spring-boot,spring-security-oauth2,spring-cloud
I have a spring cloud oauth @EnableAuthorizationServer that uses a jpa backend to store the accounts. I also have a couple of different clients, a website, an intranet and a ionic mobile app. all the clients have separate client credentials inline in the oauth config block. i have then tried...

Spring Security Oauth 2 custom token end point url

java,spring-security-oauth2
Hello I have to integrate spring security oauth2 in my project. So I added the configuration related part and its working fine. But the problem is that the first request for token goes to "/oauth/token" and I want to change it to "api/v1/token" . I searched for that and find...

Spring Boot OAuth2 Custom Login Form Use case

spring-boot,spring-security-oauth2
The oauth2 JWT project from the "Getting Started Spring Security and Angular JS Series" has a custom login. Adding the same code for a custom login page to the oauth2-vanilla project fails as the authorization code is always empty in the login response. I also tried porting the Sparklr2 (https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2)...

Spring Security + OAuth, fallback if access token absent

java,spring,spring-security,oauth-2.0,spring-security-oauth2
I'm using Spring Security in my application to protect most of my endpoints. I'm using Spring Security OAuth2 to protect a certain subset. This subset of OAuth protected endpoints are going to be accessed both by external servers, and by users on the resource server itself. Is it possible to...

Spring security OAuth2 UserRedirectRequiredException

java,google-app-engine,spring-security,spring-security-oauth2
I am trying to setup OAuth2 with spring security for Google App Engine aplication. Here is my OAuth2 config: @Configuration @EnableOAuth2Client public class OAuth2Config { @Bean public OAuth2ProtectedResourceDetails googleOAuth2Details() { AuthorizationCodeResourceDetails googleOAuth2Details = new AuthorizationCodeResourceDetails(); googleOAuth2Details.setAuthenticationScheme(form); googleOAuth2Details.setClientAuthenticationScheme(form); googleOAuth2Details.setClientId("*********************");...

OAuth2 with Spring Security - InsufficientAuthenticationException

java,spring,exception,oauth-2.0,spring-security-oauth2
i am currently working on a project involving spring security (for OAuth2). We are using the authorization_code flow. However when the client hits the AuthorizationEndpoint (/oauth/authorize) we get an "InsufficientAuthenticationException". This may be due to an external system which is also involved in this flow which performs a redirect for...

Configuring spring security using oAuth and form based authentication

spring-security,spring-security-oauth2
I have a server application with two components: a) A set of REST API that are secured using oAuth ( Spring security oAuth) b) A dashboard for management with role based UI For business reasons, these two components need to be co-hosted i.e deployed as a single war. Till now...

Apache Oltu Github integration example with Spring MVC

oauth,oauth-2.0,spring-security-oauth2,oltu
I'm developing an "Apache Oltu Spring MVC Github" integration example. In this example I will be sending "App ID" and "Secret" to get the "access_token" in order to access the protected resources like "Gist", "user" etc. So first step is to create / register the "App" using https://github.com/settings/applications/new. Once you...

Spring OAuth: Resource Server with Authorization Server backend

spring-security,oauth-2.0,spring-security-oauth2,spring-cloud
I want to develop two independent services, one for the business stuff and one for the user authentication using Spring OAuth 2 Let's call them Business-Service and OAuth-Service. Now I want the Business-Service delegate to the OAuth-Service if a request is not authenticated. The client application (an Android app) should...

Spring Security OAuth2 - Add parameter to Authorization URL

spring,spring-security,oauth-2.0,spring-security-oauth2
I am using Spring Security with OAuth2 for authentication/authorization using following project. http://projects.spring.io/spring-security-oauth/ I have a requirement to add parameter to OAuth2 authorization url. I am not sure how should I add it to AuthorizationCodeResourceDetails bean? The problem is I want to start the user journey by login or registration...

Spring OAuth2 not giving refresh token

java,spring,spring-security,spring-security-oauth2
I am running a OAuth Provider using Spring and "password" grant type. Running this (provider is on port 8080): curl -u "app:appclientsecret" "http://localhost:8080/oauth/token" --data "grant_type=password&username=marissa&password=koala" returns: {"access_token":"56da4d2b-7e66-483e-b88d-c1a58ee5a453","token_type":"bearer","expires_in":43199,"scope":"read"} For some reason there is no refresh token. I know according to the spec, the refresh token is optional; is there some way...

jhipster oauth : How can i get the access_token via CURL

angularjs,curl,spring-boot,jhipster,spring-security-oauth2
i'm trying to use the jhipster tool in order to create a new project with the oauth2 authentication. The project example work fine, i can login with the angularjs interface, but can't understand how can i create a new user and then get the access token via Curl command line...

PreAuthorize error handling

spring,spring-security,spring-boot,spring-annotations,spring-security-oauth2
I'm using Spring Oauth2 and Spring Pre-post Annotations With Spring-boot I Have a service class MyService. one of MyService methods is: @PreAuthorize("#id.equals(authentication.principal.id)") public SomeResponse getExampleResponse(String id){...} can i control in some manner the json that is returned by the caller Controller? the json that is returned by default is: {error...

SAXParseException, the root element of the document is not

spring,spring-mvc,spring-security,xsd,spring-security-oauth2
Here is the header of my spring-security.xml : <?xml version="1.0" encoding="UTF-8" ?> <b:beans xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc"...

Where is an Example Spring Security OAuth2 Client Configuration using XML for Authorization Code?

spring-security,spring-security-oauth2
Where can I find an basic applicationContext.xml configuration of an OAuth2 Client for Authorization Code grant type using spring-security-oauth2 version 2.0.x ?

Spring security fails JdbcClientDetailsService error

java,spring,spring-security,spring-security-oauth2
I am currently getting this error: org.springframework.dao.EmptyResultDataAccessException: Incorrect result size: expected 1, actual 0 Which is handled by the DaoAuthenticationProvider however, it throws an InternalAuthenticationServiceException exception. This bypasses the exception handling of the ProviderManager, which does not call my customDaoProvider which would authenticate the user. There are 2 DaoAuthenticationProvider registred...

Spring Security with Java EE 6 Restful Service

spring,java-ee,spring-security,java-ee-6,spring-security-oauth2
I have created a JavaEE 6 Restful service and now willing to integrate it with SpringSecurity. But, I really don't want to use SpringMVC and keep the library dependencies as least as possible. But, whenever I create a web.xml file and include a filter into that <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy...

Spring Oauth2 RemoteTokenServices error on extractAuthentication

java,spring,oauth,spring-security,spring-security-oauth2
I have a resource server and an auth server. On resource request it verifies the received access_token with the auth server on a /oauth/check_token endpoint. This gives a response that makes my request crash. The response is sent as: Written [{exp=1433335640, scope=[read, write], authorities=[ROLE_USER], client_id=client-w-s}] as "application/json;charset=UTF-8" using [org.springfr[email protected]58a88f5a] When...

Anonymous access of method from Jersey webservice which is secured with spring security and oAuth2

spring,spring-security,jersey-2.0,jersey-client,spring-security-oauth2
I have one Jersey Rest web service which handles person account CRUD. I have spring security+ oAuth2 to secure this api , what i am not able to configure is , i wanted to make anonymous of Account create method. i tried to configure intercept url but it does not...

Spring Security with Java EE Restful Service

spring,rest,spring-security,java-ee-6,spring-security-oauth2
I have created a Java EE 6 restfull service and tried to integrate that with Spring Security. But, all the time I get different weird exceptions. Which doesn't make any sense or may be make sense but at least not for me. Direction structure of my application is something like...

Creating a Google Login using Grails

grails,spring-security,grails-plugin,google-login,spring-security-oauth2
I'm trying to create a Google Login option in a Grails project. I'm new to Grails and am using version 2.4.4 as this was the latest at the time of installing. After much searching of the Grails Plugins I've added the last 4 lines to my BuildConfig.groovy file: plugins {...

AngularJS & Spring Security with ROLE_ANONYMOUS still returns 401

angularjs,spring-mvc,spring-security,cors,spring-security-oauth2
We are building an Angular Material application, consuming a RESTful Spring MVC API, with Spring Security & OAUTH2. For testing purpose, we gave ROLE_ANONYMOUS access to our /users endpoint: <intercept-url pattern="/users" method="POST" access="ROLE_ANONYMOUS"/> But when we try to send a JSON by POST, we still get a 401 response from...