16

what is recommended way to create custom pages OAuth Approval page:

default page

I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point?

I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same.

Barbadoss
  • 1,136
  • 3
  • 14
  • 22

2 Answers2

16

The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm_access". You can look at WhitelabelApprovalEndpoint for the default implementation. Don't forget to use @SessionAttributes("authorizationRequest") in your controller.

Community
  • 1
  • 1
Dave Syer
  • 56,583
  • 10
  • 155
  • 143
  • Is there another way to customize the page. In my setup application `HandlerMapping` has order lower than `org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping` and as a result, custom mappings are picked up after default ones and don't override the latter? – schatten Mar 01 '17 at 00:23
  • I don't think I follow that. You just have to provide a resource at /oauth/confirm_access (or whatever you customize the endpoint path to be). It doesn't matter how you do it. – Dave Syer Mar 01 '17 at 12:13
  • 2
    `Framew‌​orkEndpointHandlerMa‌pping` has an order of `Order.LOWEST_PRECEDENCE - 2`, but my custom `RequestMappingHandlerMapping` has an order of `Order.LOWEST_PRECEDENCE` thus `org.springframework.web.servlet.DispatcherServlet#getHandler` picks `Framew‌​orkEndpointHandlerMa‌pping`'s mapping and request never reaches my customer controller. Unfortunately changing orders is not an option for me at this moment. What I ended up doing is `authorizationEndpoint.setUserApprovalPage("forward:/oauth/customer_path")`; in `@PostConstruct` method of `AuthorizationServerConfiguration`. – schatten Mar 01 '17 at 21:46
  • Since `/oauth/customer_path` is not mapped by `Framew‌​orkEndpointHandlerMa‌pping`, dispatcher reaches my controller's mapping. – schatten Mar 01 '17 at 21:46
  • Also, don't forget to change your controller to have a bean name os something other than WhitelabelApprovalEndpoint otherwise the Spring one will get precedence (as I found out eventually)..... – PaulNUK Jul 17 '18 at 15:27
7

In addition to @DaveSyer's answer, which should work for the most of the cases. Sometimes based on configuration and customization the aforementioned method may not work, if Framew‌orkEndpointHandlerMa‌pping from Spring Security OAuth package has higher order than RequestMappingHandlerMapping of your application. If this is the case, then servlet dispatcher will never reach you mapping and will always show the default page.

One way to fix it is to change the order of mappers, given that Framew‌orkEndpointHandlerMa‌pping's order is Order.LOWEST_PRECEDENCE - 2.

Another way is to set the approval page to a custom URL, not mapped by Framew‌orkEndpointHandlerMa‌pping, thus servlet dispatcher will reaches you application's mapping 

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthorizationEndpoint authorizationEndpoint;

    @PostConstruct
    public void init() {
        authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
        authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
    }
}

With such a configuration mappings of /oauth/custom_confirm_access and /oauth/custom_error will be used as a confirmation page and an error page respectively.

Community
  • 1
  • 1
schatten
  • 1,497
  • 1
  • 12
  • 19