Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
30
votes
3 answers

PreAuthorize error handling

I'm using Spring Oauth2 and Spring Pre-post Annotations With Spring-boot I Have a service class MyService. one of MyService methods is: @PreAuthorize("#id.equals(authentication.principal.id)") public SomeResponse getExampleResponse(String…
royB
  • 12,779
  • 15
  • 58
  • 80
30
votes
4 answers

How to change spring security oauth2 default token endpoint?

We have spring security oauth2 based application. Every thing is working fine. But i am failed to change default token endpoint from "/oauth/token" to "/external/oauth/token". My spring-servlet.xml
Srikanth
  • 534
  • 1
  • 7
  • 20
28
votes
3 answers

Unable to get EnableOauth2Sso Working -- BadCredentialsException: Could not obtain access token

I'm trying to get a simple Spring OAuth2 SSO application working and I've been unable to do so. Here's the steps and results of what's happened: Hit endpoint /user, which is secured by OAuth2 I get forwarded to a simple Spring OAuth2 authorization…
Centinul
  • 874
  • 3
  • 10
  • 18
27
votes
2 answers

@EnableResourceServer @EnableAuthorizationServer are deprecated?

I am writing a simple application to test Oauth. But i see that both the annotations @EnableResourceServer @EnableAuthorizationServer were deprecated! I don't find an alternative way to deal with it and I don't find any info anywhere. What is the…
rakesh mehra
  • 618
  • 1
  • 9
  • 21
27
votes
4 answers

How to allow a User only access their own data in Spring Boot / Spring Security?

I have some rest api like this: /users/{user_id} /users/{user_id}/orders /users/{user_id}/orders/{order_id} How I must secure them? every user must see only her/his data, But admin can see all of them. How & What I must implement in Spring Security…
GLinBoy
  • 606
  • 1
  • 10
  • 20
27
votes
6 answers

Standalone Spring OAuth2 JWT Authorization Server + CORS

So I have the following Authorization Server condensed from this example from Dave Syer @SpringBootApplication public class AuthserverApplication { public static void main(String[] args) { …
Michael K.
  • 2,392
  • 4
  • 22
  • 35
26
votes
2 answers

Request new access token using refresh token in username-password grant in Spring Security OAuth2

We're using the username-password grant to obtain an access token from our auth server. We want to refresh the access token before it expires using the provided refresh token until the user logs out or closes the client app. However I just cannot…
Pete
  • 10,720
  • 25
  • 94
  • 139
23
votes
6 answers

Consider defining a bean of type 'org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository' in your configuration

I am currently using Spring OAuth2Client version 5.2.4.RELEASE in my project. I have implemented Spring Security by referring to the Official Spring Docs here. import org.springframework.context.annotation.Bean; import…
raj03
  • 445
  • 1
  • 6
  • 19
23
votes
2 answers

Using scopes as roles in Spring Security OAuth2 (provider)

Let's consider a fairly simple hypothetical application where users can read or write posts. Some users can read and write articles while some others can only read them. With Spring Security (3.2.1) I modeled this by having 2 roles: ROLE_WRITE:…
Christophe L
  • 13,725
  • 6
  • 33
  • 33
22
votes
4 answers

spring security permitAll still considering token passed in Authorization header and returns 401 if token is invalid

I am using spring security oauth in my project. I am excluding some urls from authentication by configuring in spring security ResourceServerConfigurerAdapter. I added http.authorizeRequests().antMatchers(url).permitAll(). Now, what I am seeing is…
user3565529
  • 1,317
  • 2
  • 14
  • 24
22
votes
2 answers

Two factor authentication with spring security oauth2

I'm looking for ideas how to implement two factor authentication (2FA) with spring security OAuth2. The requirement is that the user needs two factor authentication only for specific applications with sensitive information. Those webapps have their…
James
  • 11,654
  • 6
  • 52
  • 81
22
votes
2 answers

Own Spring OAuth2 server together with 3rdparty OAuth providers

In a Spring Boot application, I have an OAuth2 Authorization/Resource servers. Based on this and Spring Security, I have secured my Spring MVC REST API endpoints. In addition to this, I'd like to add authentication to my REST endpoints based on 3rd…
alexanoid
  • 24,051
  • 54
  • 210
  • 410
21
votes
2 answers

What are the steps to implement Spring's Token Store as a MySQL file?

I have an application that currently uses the Spring OAuth 2.0 In Memory Token Store. I need to convert the Spring Security OAuth 2.0 JAR to use a persisted file rather than an in memory to ensure the access tokens are valid over server restarts. …
Donald F. Coffin
  • 665
  • 2
  • 6
  • 13
20
votes
5 answers

How to logout oauth2 client in Spring?

I have the simplest oauth2 client: @EnableAutoConfiguration @Configuration @EnableOAuth2Sso @RestController public class ClientApplication { @RequestMapping("/") public String home(Principal user, HttpServletRequest request,…
gstackoverflow
  • 36,709
  • 117
  • 359
  • 710
20
votes
6 answers

Protecting REST API with OAuth2: Error creating bean with name 'scopedTarget.oauth2ClientContext': Scope 'session' is not active

I've been working for a few days to attempt to implement oauth2 protection on a REST API. I've tried a ton of different configurations but still haven't managed to get it to work. I'm proving the code that I have right now, but I'm in no way…
Joey
  • 760
  • 2
  • 7
  • 23
1
2
3
99 100