I'am having some difficulties to setup mulitple OAuth2RestTemplates in Spring Boot using the spring-security-oauth2-autoconfigure package.
Basically, what I want to achieve is, that users can login to my website using SSO (I am using the @EnableOAuth2Sso). The same SSO session is then used to receive user specific data (e.g. username, profile picture). And additionally admins can go to the admin panel and register a backend account that also uses oauth2 authentication to receive rest data that is only accessable to internal services. For instances I'am fetching the remote server's time, version & my Ingame bank account (This is for the game Eve Online a realy nice game btw :D).
So here are my two resource configs:
//These are the user login / user data details
security.oauth2.client.client-id=xxx
security.oauth2.client.client-secret=xxx
security.oauth2.client.user-authorization-uri=https://login.eveonline.com/oauth/authorize
security.oauth2.client.access-token-uri=https://login.eveonline.com/oauth/token
security.oauth2.client.pre-established-redirect-uri=http://localhost:8081/login
security.oauth2.resource.user-info-uri=https://esi.tech.ccp.is/verify/
security.oauth2.client.use-current-uri=false
security.oauth2.client.scope=esi-wallet.read_character_wallet.v1 esi-markets.read_character_orders.v1
//And these are the backend details
security.oauth2.client.client-id=xxx
security.oauth2.client.client-secret=xxx
security.oauth2.client.user-authorization-uri=https://login.eveonline.com/oauth/authorize
security.oauth2.client.access-token-uri=https://login.eveonline.com/oauth/token
security.oauth2.client.pre-established-redirect-uri=http://localhost:8081/backend/setServiceAccount
security.oauth2.resource.user-info-uri=https://esi.tech.ccp.is/verify/
security.oauth2.client.use-current-uri=false
security.oauth2.client.scope=esi-markets.structure_markets.v1 esi-ui.write_waypoint.v1
In my SecurityConfiguration I have configured these two templates:
//The user details
@Bean
public AuthorizationCodeResourceDetails eveUserAuth(){
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("eveUserApp");
details.setClientId(clientID);
details.setClientSecret(clientSecret);
details.setAccessTokenUri(tokenURL);
details.setUserAuthorizationUri(userAuth);
details.setScope(Arrays.asList(scopes));
details.setPreEstablishedRedirectUri(redirectUri);
details.setUseCurrentUri(false);
return details;
}
//Note: this is the user template that is used to recieve user specific data
@Bean
public OAuth2RestTemplate eveUserRestTemplate(OAuth2ClientContext clientContext){
OAuth2RestTemplate template = new OAuth2RestTemplate(eveUserAuth(), clientContext);
return template;
}
//The backend details
@Bean
public AuthorizationCodeResourceDetails eveBackendAuth(){
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("eveBackendApp");
details.setClientId(backendClientID);
details.setClientSecret(backendclientSecret);
details.setAccessTokenUri(backendTokenURL);
details.setUserAuthorizationUri(backendUserAuth);
details.setScope(Arrays.asList(backendScopes));
details.setPreEstablishedRedirectUri(backendRedirectUri);
details.setUseCurrentUri(false);
return details;
}
//note: this is the backend template that doesnt use the clientContext Bean
@Bean
@Qualifier("eveBackendTemplate")
public OAuth2RestTemplate eveBackendTemplate(){
OAuth2RestTemplate template = new OAuth2RestTemplate(eveBackendAuth());
return template;
}
Now the following exception is thrown, if any of these templates does not use the clientContext Bean (in this case the backendTemplate)
java.lang.IllegalArgumentException: [/account/logon?ReturnUrl=%2Foauth%2Fauthorize] is not a valid HTTP URL
at org.springframework.web.util.UriComponentsBuilder.fromHttpUrl(UriComponentsBuilder.java:278) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.redirectUser(OAuth2ClientContextFilter.java:99) ~[spring-security-oauth2-2.3.3.RELEASE.jar:na]
at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:70) ~[spring-security-oauth2-2.3.3.RELEASE.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.31.jar:8.5.31]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_151]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_151]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.31.jar:8.5.31]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_151]
At this point, google doesn't want to help me and I'am so frustrated that Iam thankful for any advice you have :)
