14

I have build a Authentication Service and Webapplication in Spring 5 and Spring boot 2.0.0.M3 and I am trying to port it to Spring boot 2.0.0.M6 now.

I noticed the @EnableOauth2Sso is not available anymore in spring-boot-autoconfigure; I had used this annotation to configure my web application in spring boot 2.0.0.M3 fashion. I have looked into the examples on Spring for configurating the Oauth2 Client using @EnableOAuth2Client but the Configuration objects used in the examples like UserInfoTokenServices also do not seem to exist anymore.

How can I configure my client webapplication for OAuth2 in spring boot versions >= 2.0.0.M6?

saw303
  • 8,051
  • 7
  • 50
  • 90
Markus Antonius
  • 141
  • 1
  • 3
  • I configured my Spring-boot 2.0.0.M6 app now to have a spring.security.oauth2.client.registration.[client-id] and spring.security.oauth2.client.provider.[provider-id] in it application yaml and delared a @EnableOAuth2Client. the webapplication redirects now to the authorisation service and the user is able to authenticate on the authorisation server and is redirected again to the webapplication. However authorization on the client still fails as the userNameAttribute in the client provider configuration is not picked up. – Markus Antonius Nov 21 '17 at 08:11
  • When manipulating the userNameAttribute for the provider in the ClientRegistration the authorisation seems to exceed but when going through the filter chain again on return I still get a failure. – Markus Antonius Nov 21 '17 at 08:13
  • In the OAuth2ClientPropertiesRegistrationAdapter#getBuilder(Builder builder, Provider provider) I do not see the userNameAttributeName property set!? `private static Builder getBuilder(Builder builder, Provider provider) { copyIfNotNull(provider::getAuthorizationUri, builder::authorizationUri); copyIfNotNull(provider::getTokenUri, builder::tokenUri); copyIfNotNull(provider::getUserInfoUri, builder::userInfoUri); copyIfNotNull(provider::getJwkSetUri, builder::jwkSetUri); return builder; }` – Markus Antonius Nov 21 '17 at 08:33

3 Answers3

6

The existing GitHub issue on spring boot, has been elaborated on, and I was eventually led to the annotation's location in the 2.0.0 release. It has been moved to a project completely new to the 2.0.0 release artifacts.

To resolve this issue and migrate your project, add the artifact org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure to your dependency management configuration:

<dependency>
  <groupId>org.springframework.security.oauth.boot</groupId>
  <artifactId>spring-security-oauth2-autoconfigure</artifactId>
  <version>2.0.0.RELEASE</version>
</dependency>
Jaywalker
  • 3,079
  • 3
  • 28
  • 44
romeara
  • 1,426
  • 1
  • 17
  • 26
  • Before it's suggested, I could not clarify this or otherwise provide this answer in the original GitHub discussion location, as a project maintainer chose to lock the conversation immediately after answering the question – romeara Mar 15 '18 at 01:07
1

This issue is now tracked in GitHub and is available in 2.0.0 SNAPSHOT and targeted for an RC1 release.

View issue here: https://github.com/spring-projects/spring-boot/pull/10672

Inigo Montoya
  • 23
  • 5
1

Looks like the @EnableOauth2Sso annotation has been moved here:

compile group: 'org.springframework.security.oauth.boot', name: 'spring-security-oauth2-autoconfigure', version: 2.0.0.RELEASE

Bartek Walacik
  • 3,386
  • 1
  • 9
  • 14