configuring method level authentication with spring-security and oauth2

Question

I need to configure preAuthorize with method level scope check using oauth2. I have added all the configurations as shown below. It redirects me to user name , password console always. In my case I just want to validate the scope of given access token and have to disable the username and login screen.

//configuration class
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        OAuth2MethodSecurityExpressionHandler expressionHandler = new OAuth2MethodSecurityExpressionHandler();

        return expressionHandler;
    }
}

//controller class
@RestController
public class UserInformationController {

    @PreAuthorize("#oauth2.hasScope('testscope')") 
    @RequestMapping("/me")
    public UserInformation getUserDetails (@RequestHeader(required = false, value = "Authorization" ) String token) {
    return getUserInformation(token);
    }
}

//spring-boot class
@SpringBootApplication
public class MindsphereSampleApplication {

    public static void main(String[] args) {
        SpringApplication.run(MindsphereSampleApplication.class, args);
    }
}

It is redirecting me to user name and login screen which I dont need.

Show your resource server configuation. It looks like your are using Spring Boots default Sprig Security configuration. — dur, May 09 '19 at 09:16
@dur I am not using any resource server. Do I need to add that ? — Dileep Shivannachar, May 09 '19 at 12:21
How could you use OAuth2 without ressource server? Do you implement an OAuth2 client? However, show your Spring Security confirugation. — dur, May 09 '19 at 13:30

configuring method level authentication with spring-security and oauth2

0 Answers0