Questions tagged [spring-security-oauth2]

Spring Security implementation of the OAuth2 spec. We don't get many questions on OAuth 1(a) but feel free to tag them here.

0
votes
0answers
9 views

Blocked by CORS Policy when redirecting from one domain to another

I am setting up a spring-security-oauth2 server with a custom login page for my micro-service application. I have designed the Login page using angular. My gateway is running on port 8761 and my ...
0
votes
0answers
9 views

TokenEnhancer with RedisTokenStore

I am using Redis Token store with spring security Oauth2. I have a custom token enhancer. But this custom token enhancer is not invoked when I use Redis Token store. However, with an In-memory token ...
0
votes
0answers
12 views

Spring security and oauth2 authentication problem

My problem is if I use org.springframework.security.authentication.ProviderManager for my autheticationManager in applicationContext-security.xml then I unable to authenticate with oauth2. If I switch ...
0
votes
0answers
11 views

@DataMongoTest fails because of UnsatisfiedDependencyException

I'd like to test my repository method. However when I run my test, it fails because of UnsatisfiedDependencyException. It for some reason tries to create AuthorizationServerConfig (or other bean if I ...
0
votes
2answers
30 views

Unauthorized error on Spring Boot Authorization Server /oauth/authorize

I am trying to develop a simple POC for OAuth2 Authorization Server in Spring Boot using @EnableAuthorizationServer and a in-memory client. My Web Security configuration class looks like follows: ...
0
votes
0answers
14 views

Oauth2 password vs implicit grant type for SPA spring boot

I am planning to implement my own OAuth2 Authorization Server for my Spring boot REST API's and Angular SPA apps. All the apps are owned by us, there is no 3rd party integration currently. We are ...
0
votes
0answers
37 views

Redirect loop after approving scopes in OAuth2 Spring Security auth server

I'm having a problem with Spring Boot 2 with Spring Security 5 application that uses OAuth2 to authorize users. Instead of being allowed to see secured page user is redirected back to authorization ...
0
votes
0answers
8 views

spring security Oauth2 skip authentication

I have a requirement where authentication(App1) and authorization&resource (App2) servers are different as posted in OAuth2 spring security - resource and authorization server same but different ...
0
votes
0answers
22 views

Oauth2 authentication in Angular 6 and spring boot are on different host

I've frontend application is written on Angular 6 and backend app(REST) is written Spring Boot. I need authorization through social network VK. What have I already done? Backend server interceprs ...
0
votes
0answers
29 views

Spring- Security No AuthenticationProvider found for org.springframework.security.oauth2.provider.OAuth2Authentication

I am using authorization_code grant type to generate access token. I am using /oauth/confirm_access path to get approval from user for scope= read. After user approves above scope, auth code is ...
0
votes
0answers
23 views

Spring Boot + OAuth2 + JWT: Trouble to store refresh token in Cookie

I've implemented a security authentication using OAuth2 and JWT on my Spring Boot application that nice works. Now I'm trying to store the generated refresh token in Cookie on the server and remove it ...
0
votes
1answer
14 views

No redirection to the app with Spring Boot + OAuth2 + Gitlab authentication

I am trying to add authentication layer to my app. It should use OAuth2 provided by our local Gitlab. I have registered the app on Gitlab, so I get the security.oauth2.client.clientId and security....
0
votes
0answers
27 views

Unable to handle failure/success login

I'm currently facing a problem to handle any success & failure login attempts on my Spring Boot REST API server. I want to know if the user enter a wrong combinaison of login/password in order to ...
0
votes
1answer
70 views

Spring Security And Angular 6 HTTPS requests

my backend app in spring boot and secured with ssl. I used OAuth2 facebook login. Also the frontend app in Angular 7 and secured by ssl. My problem is sending requests Angular to my Spring boot App. ...
0
votes
0answers
21 views

OAuth2 spring security - resource and authorization server same but different authentication server

I have a case where my authentication server is different whereas authorizaion and resource servers are same. I have created one dummy application where it works fine with same authentication and ...
0
votes
0answers
18 views

Angular client getting unauthorized request due to CORS failure [duplicate]

We have an spring rest api annotation based where client in angularJS is trying to authenticate for OAuth on server but getting Unauthorized exception due to CORS failure. Below are the client side ...
0
votes
1answer
24 views

Decode Spring Boot 2.1 OAuth2 encoded JWT on Resource Server

Trying to upgrade existing resource services from Spring Boot 1.x to 2.x. Spring Security 4.5 is running on the authentication server and encodes JWT tokens like this: @Bean public ...
0
votes
1answer
24 views

Customization of TokenEndpoint in Sprin OAuth2

I would like to provide a custom implmentation of the TokenEndpoint class in Spring framework. Ive copied over the TokenEndpoint class of spring and have made my changes to the required places. But ...
0
votes
1answer
22 views

Username and password have been treated as anonymous in Spring-security-oauth2 password mode

I'm using Spring Boot and Spring Security OAuth2 to issue tokens to the front-end. Postman When I use postman to test, everything works fine. . Browser But when I sent a same request on browser ...
1
vote
1answer
27 views

What class/method in Spring Security handles redirecting to /oauth2/authorization/{registrationId}? Need to override for container

We're deploying our API in a docker container behind a gateway. Everything behind the gateway is http, not https. As a result, when Spring Security tries to redirect a user to the authorization Uri, ...
0
votes
0answers
18 views

Spring Boot 2 OpenID Connect redirect loop

i want to configure OpenID client with spring boot 2.1.3.RELEASE and keycloak server. i have a problem when i want to access a basic endpoint. The login goes well but after the browser didn't go back ...
-1
votes
2answers
59 views

Prevent multiple login in Spring boot Rest API [closed]

I want to prevent same user logging twice at the same time. I know about the Spring Security session prevention methods which can limit session, but can it be applied to RESTful applications also, if ...
0
votes
0answers
16 views

Configure Spring Security to allow requests to link

I have these links which I would like to use to get data without authentication: GET http://localhost:8080/web_payment/wpf/3jeglsv7e5umcmz7e4b9wa6tq61v3q7a POST http://localhost:8080/web_payment/en/...
0
votes
0answers
14 views

Login in Spring security special character in password [duplicate]

I am new to spring security.The default login url of oauth is like: {{base url}}/oauth/token?username=your_username&password=ourpassword&grant_type=password&client_id=customer-client ...
0
votes
0answers
35 views

Setting access token to cookie in Spring Security OAuth2

I would like to write OAuth2 access token to a cookie instead of writing to response. Since my OAuth request uses /oauth/token endpoint defined in TokenEndpoint.java of Spring Security OAuth2 module, ...
0
votes
0answers
36 views

Rest API & MVC in same Spring Boot application [closed]

I have a Spring Boot + Thymeleaf application secured with Spring Security application. It works fine. Now I have a requirement to open some REST endpoints in the same application and OAuth login ...
0
votes
1answer
30 views

SpringBoot 1 vs 2 and Spring Oauth2- Password Grant and Client Secret

Does anybody know how the versioning in SpringBoot and Spring Oauth2 works? When I change the versions of SpringBoot and Spring Oauth2 I go from getting valid access and refresh tokens to an "...
0
votes
1answer
43 views

How to test AuthenticationPrincipal and getting an ID Token in Spring Security?

I have the following LogoutResource class that returns an ID Token. package com.mycompany.myapp.web.rest; import org.springframework.http.ResponseEntity; import org.springframework.security.core....
-1
votes
0answers
24 views

AuthorizationServerEndpointsConfiguration required a bean of type 'java.util.List' that could not be found

EDIT-UPDATE: I've created a brand new project following this tutorial and I've noticed that, after configuring the pom, the problem is if I add @EnableAuthorizationServer @EnableResourceServer ...
-1
votes
1answer
16 views

How can I use curl to obtain access token for a Spring Boot Rest API?

I am developing a Spring Boot Rest API using token authentication.However I don't know how to obtain access token using curl.I have developed a client for this application but I can't obtain access ...
0
votes
1answer
17 views

Spring Security and MockMvc - Need to mock authentication or principal

I'm using Spring Security, and facing issue writing unit test case (using MockMvc) for a controller. I have a method in my controller that goes something like this: @GetMapping public ResponseEntity&...
0
votes
1answer
22 views

spring-security-oauth2-autoconfigure usage

I'm little confused on the usages of the below project: <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-...
0
votes
0answers
16 views

ClientDetailsService gets called 6 times during authentication

We wrote a custom ClientDetailsService for our OAuth2 authorization server: public class MyClientDetailsService implements ClientDetailsService { @Override public ClientDetails ...
0
votes
0answers
6 views

How can I use external network name when acessing OAUTH server?

I Have an OAuth2 server implemented in Spring Boot. @Configuration @EnableAuthorizationServer public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { //blah ...
-1
votes
1answer
50 views

How to disable default Spring OAuth2 REST APIs?

We use the following version of spring-security-oauth2: <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2&...
1
vote
0answers
13 views

Spring OAuth2 refresh token is going to authenticate the user again

I am sending request to server for getting new access token by using refresh token but there is call going to authenticate and I think it shout not authenticate as user is already authenticated. I ...
1
vote
0answers
16 views

Spring boot oauth application not redirecting to the login.html after successful logout

I have followed Spring Boot and OAuth2 tutorial and done some of the changes for the UI as below. Created a login.html with below content <!doctype html> <html lang="en"> <head> ...
0
votes
0answers
15 views

Implementing logout using Identity Broker and Identity Provider using JWT tokens

I am having trouble figuring out how to do a proper logout using an Identity Broker (Keycloak) and an Identity Provider (written using Spring Boot / Security OAuth). Here is the flow, using ...
-1
votes
0answers
13 views

Custom security for spring websocket with rest Api

I currently have restApi with spring security, and now I want to addition spring websocket. public class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(...
0
votes
0answers
14 views

Spring security - is it possible to use @EnableOAuth2Sso, @EnableResourceServer and @EnableAuthorizationServer on the same application?

I am busy setting up an oauth2 authentication server. Currently i have the authentication server and the resource server within one application. I am curious though if is possible to also setup a ...
0
votes
0answers
25 views

NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.authentication.AuthenticationManager' available gradle

I am developing Rest API with Gradle,Spring Boot and Spring Security.The API will be secured using token authenication. However when I run the Spring Boot application I get the following error: ...
0
votes
1answer
31 views

How to set UnmodifiableRandomAccessList to Set<Object> in java

There is an Oauth2Authentication object that contains user-authority. When I want to get its authority and set it in authority of User object like this: OAuth2Authentication oAuth2Authentication = (...
0
votes
0answers
23 views

Problem with access to Spring OAuth2 authorization server endpoint from java

I have implemented authorization server using Spring Framework. I have problem with access to authorization server /user endpoint, I always recieve in response 401 status when I trying to access it ...
0
votes
1answer
30 views

Spring Oauth2 Authorization server User Info Endpoint with multiple grant_type not working

I've authorization server which has inbuilt DB Authentication manager. Here are the configurations. AuthConfig.java @Configuration @EnableAuthorizationServer public class AuthConfig extends ...
0
votes
0answers
26 views

How to get Principal object of Oauth2 as same as Principal object of Spring Security

There is an application in which Spring Security is configured for user-authentication. Any where of my application that I need to get the authenticated user, SecurityUtility.getAuthenticatedUser() ...
0
votes
0answers
13 views

Just change ClientDetailsService from inMemory to jdbc, token_key endpoint get a 401 code

Configuration: @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { PasswordEncoder passwordEncoder = PasswordEncoderFactories ....
1
vote
1answer
42 views

Two difference implementation of Principal interface between Spring Security & OAuth2

There had been being a monolithic java-application that is configured by Spring Security. Whenever I want to get the authenticated user, the org.springframework.serurity.authentication....
1
vote
0answers
41 views

Spring Boot REST service – End User Authentication vs APP (REST client) Authentication

I have gone through many posts and articles but didn't find a straightforward solution for the case below which I have to implement. Platform: Spring Boot 2.x.x (Spring Security 5.x.x) with embed ...
0
votes
0answers
17 views

OAuth2 authentication : serialized class imcompatible after Java update

Here is the context : I have a Spring Boot application which uses spring-security to implement OAuth2 system. It is linked to a mySQL database. I made a mysqldump export of my database on my old ...
0
votes
1answer
16 views

OAUTH2 + OpenID Connect what endpoint to use for adding some scopes for the user?

I have: Spring boot client application with some public endpoints and private endpoints which require @PreAuthorize("#oauth2.hasScope('resource.read')") for example I have a external authorization ...

http://mssss.yulina-kosm.ru