2

I'm trying to develop a spring-authorization-server 1.0.1 with Spring Boot 3 and JPA. Does anyone have experience with it?

When I try to authenticate I get the error message:

No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

Here is my AuthorizationServerConfig:

@Configuration(proxyBeanMethods = false)
public class AuthorizationServerConfig {

    @Autowired
    JpaRegisteredClientRepository jpaRegisteredClientRepository;

    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationServerConfig.class);

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    /**
     * A Spring Security filter chain for the Protocol Endpoints.
     * aus Doku übernommen (1)
     */
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {

        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .oidc(Customizer.withDefaults());   // Enable OpenID Connect 1.0
        http
                // Redirect to the login page when not authenticated from the
                // authorization endpoint
                .exceptionHandling((exceptions) -> exceptions
                        .authenticationEntryPoint(
                                new LoginUrlAuthenticationEntryPoint("/login"))
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);

        return http.build();

    }

    @Bean
    @Order(2)
    /**
     * A Spring Security filter chain for authentication.
     */
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
            throws Exception {
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .anyRequest().authenticated()
                )
                // Form login handles the redirect to the login page from the
                // authorization server filter chain
                .formLogin(Customizer.withDefaults());

        return http.build();
    }

    @Bean
    /**
     * An instance of UserDetailsService for retrieving users to authenticate.
     */
    public UserDetailsService userDetailsService() {
        UserDetails userDetails = User.withDefaultPasswordEncoder()
                .username("utilo")
                .password("utilo")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(userDetails);
    }

    /**
     *  An instance of RegisteredClientRepository for managing clients.
     * in Doku vorhanden (4)
     */
    @Bean
    @Primary
    public RegisteredClientRepository registeredClientRepository() {

        RegisteredClient client = jpaRegisteredClientRepository.findByClientId("utilo-client");
        List<RegisteredClient> registrations = new Vector<RegisteredClient>();
        registrations.add(client);

        InMemoryRegisteredClientRepository inMemoryRegisteredClientRepository
                = new InMemoryRegisteredClientRepository(registrations);
        return inMemoryRegisteredClientRepository;

    }

    /*
     * Generate the private/public key pair for signature of JWT.
     */
    @Bean
    /**
     * An instance of com.nimbusds.jose.jwk.source.JWKSource for signing access tokens.
     */
    public JWKSource<SecurityContext> jwkSource() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        RSAKey rsaKey = new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return new ImmutableJWKSet<>(jwkSet);
    }

    /**
     * An instance of java.security.KeyPair with keys generated on startup used to create the JWKSource above.
     */
    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        }
        catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

    @Bean
    /**
     *  An instance of JwtDecoder for decoding signed access tokens.
     */
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
    }

    @Bean
    /**
     * An instance of AuthorizationServerSettings to configure Spring Authorization Server.
     */
    public AuthorizationServerSettings authorizationServerSettings() {
        return AuthorizationServerSettings.builder().build();
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

}

Please let me know if more problem solving classes are needed.

starball
  • 20,030
  • 7
  • 43
  • 238
Christian Osterrieder
  • 35
  • 3
  • I don't understand your use of a second `RegisteredClientRepository` marked `@Bean @Primary`. This doesn't seem necessary. Please also enable trace logging for the `org.springframework.security` package and include the logs from the failed flow. – Steve Riesenberg Jan 05 '23 at 16:03
  • Steve, thanks for the tip, I was able to solve it with that. – Christian Osterrieder Jan 10 '23 at 08:23

0 Answers0