Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
6
votes
2 answers

Spring Boot, OAuth2 authentication is lost between requests

EDIT: log from org.springframework.security: 2022-01-17 12:31:03.495 IST 2022-01-17 10:31:03.495 DEBUG [080-exec-5] o.s.s.w.s.SessionManagementFilter - Request requested invalid session id D5F8BA31A3D7466AK3K3C8EA26A4F037 Default 2022-01-17…
MLugo
  • 93
  • 7
6
votes
1 answer

Use @PreAuthorize("#oauth2.hasScope('internal')") with SpringSecurity 5.4.5

I'm still learning and try to understand security topics used in Spring. I'm working on microservices applicatin where at the startup every service is connecting to OAuth service and get his bearer token. Every service has got claim "scope":…
EnGoPy
  • 333
  • 4
  • 14
6
votes
1 answer

Enable /oauth/token endpoint springdoc-openapi-ui

I'm upgrading from springfox-swagger2 to springdoc-openapi-ui. I use the swagger definitions on the frontend to autogenerate types. The /oauth/token endpoint is missing in springdoc-openapi-ui. This is my…
yasgur99
  • 756
  • 2
  • 11
  • 32
6
votes
3 answers

Spring Boot Oauth2 Resource Server UserDetailsService

Trying to get a UserDetailsService working for an oauth2 resource server I set up. I'm able to successfully authenticate the jwt, but nothing I do seems to get it to call the loadUserByUsername method. This originally was using SAML and it was…
MGZero
  • 5,812
  • 5
  • 29
  • 46
6
votes
1 answer

Can I disable issuer validation upon resource server startup?

I'm trying to set up a resource server using Spring Security and now I want to run it on my machine which has to go through a SSH tunnel to reach the token issuer, so the URI my app ends up calling is something like…
Thomas Kåsene
  • 5,301
  • 3
  • 18
  • 30
6
votes
3 answers

Spring Cloud Gateway redirects to Keycloak login page although Bearer token is set

I am using a setup with Keycloak as Identity Provider, Spring Cloud Gateway as API Gateway and multiple Microservices. I can receive a JWT via my Gateway (redirecting to Keycloak) via…
Felix
  • 117
  • 3
  • 11
6
votes
2 answers

OAuth2FeignRequestInterceptor class deprecated in Spring Boot 2.3

In our last feign client security configuration we have this Bean: @Bean public RequestInterceptor oauth2FeignRequestInterceptor( ClientCredentialsResourceDetails oauth2RemoteResource) { return new…
ChetoCovers
  • 61
  • 1
  • 2
6
votes
1 answer

How to extract custom Principal in OAuth2 Resource Server?

I'm using Keycloak as my OAuth2 Authorization Server and I configured an OAuth2 Resource Server for Multitenancy following this official example on GitHub. The current Tenant is resolved considering the Issuer field of the JWT token. Hence the token…
1Z10
  • 2,801
  • 7
  • 33
  • 82
6
votes
1 answer

Spring Security 5.2 Password Flow

I am trying to authenticate the user using the password flow in the latest version of Spring Security - 5.2. The docs seem to suggest how to do that. @Bean public OAuth2AuthorizedClientManager passwordFlowAuthorizedClientManager( …
spc16670
  • 504
  • 6
  • 15
6
votes
1 answer

OAuth2AuthenticationToken vs OAuth2Authentication

1-What is the difference between OAuth2AuthenticationToken and OAuth2Authentication? 2-In my spring boot client web application, I've used dependency "spring-boot-starter-oauth2-client" to implement (single sign on) sso with an authorization server,…
MATRIX81
  • 83
  • 8
6
votes
2 answers

Should oauth2 Resource Server Interrogate Userinfo Endpoint on Authentication Server

When creating a resource server to protect my api endpoints in spring boot I am using spring-boot-starter-oauth2-resource-server and it does not try to pull back the claims from the userinfo endpoint on the authentication server. I am wondering if…
Jonathan Jensen
  • 83
  • 1
  • 7
6
votes
2 answers

Spring security - oauth2 resource server tests

I am having some problems when testing an oauth2 resource server using @WebMvcTest and the POST HTTP method. I always receive a 403 status code when I don't send the csrf token, even though the token is not required when I am using a bearer token. …
henriquels
  • 518
  • 4
  • 20
6
votes
4 answers

Implementing authentication and authorization using Zuul Proxy, Oauth2 on REST Microservices

I am trying to implement the above architecture in the workflow with Spring Boot. Web client makes a request to Resource Server (Microservices Endpoints) through Zuul Proxy. Zuul Proxy redirects to oauth2 server for authentication. Oauth2…
anandasubedi
  • 441
  • 1
  • 6
  • 17
6
votes
2 answers

Spring Boot 2 OAuth2 Resource Server Does not hit authorization server for access token validation

I have implemented Spring boot 2 + OAuth2 Oauthorization server. I only want to use Client_credential to secure resource Server I am able to get access token from Auth server, but when I pass this to access rest api, resource server does not…
Harsh Hardaha
  • 121
  • 1
  • 1
  • 6
6
votes
1 answer

using HttpSecurity.requestMatchers in class ResourceServerConfiguration.configure in spring oauth2

I have been struggling to understand how and when to use HttpSecurity.requestMatchers. Though I use HttpSecurity.requestMatchers but I have call authorizeRequests and antMatchers to specify the security rules. When should I use …
Shiva
  • 1,962
  • 2
  • 13
  • 31
1 2 3
99 100