Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
1
vote
2 answers

Istio Service Mesh Security with AuthorizationPolicy & RequestAuthentication

The authentication using kyecloak isn't working as expected, it been used Istio vs Keycloak. Istio components configured : Gateway, Virtualservice, AuthorizationPolicy, RequestAuthentication using a valid token: 401 Jwt issuer is not…
Tiago Medici
  • 1,944
  • 22
  • 22
1
vote
0 answers

How to debug OAuth2 class in Spring Boot?

I am testing an endpoint developed with Spring Boot, which throws the following error: { "error": "unauthorized", "error_description": "Full authentication is required to access this resource" } www-authenticate: Bearer realm="oauth2-resource",…
hispanicprogrammer
  • 367
  • 3
  • 6
  • 22
1
vote
0 answers

HAProxy, Keycloak with x509

I have an HAProxy as a reverse proxy to my application which has x509 authentication. HAProxy does X509 validation (client certificate based) and and add the certificate back to request header SSL_CLIENT_CERT. Now I want to identify the user from…
Winster
  • 943
  • 10
  • 28
1
vote
0 answers

How do I make logout possible using Google OAuth2?

I am trying to do log-out, and I am using Spring Boot 2.1.7.RELEASE, and Google OAuth2. This is my class implementing WebSecurityConfigurerAdapter. @Override protected void configure(HttpSecurity http) throws Exception { http …
Roy Ra
  • 504
  • 1
  • 6
  • 23
1
vote
0 answers

Angular Spring Oauth2 without sharing secret no Angular

I have currently an Angular app which authenticates with Spring Oauth2, but currently I have clientID/secret on Front end side but I don't think this is very safe. How do I make it work without sending the client secret from Angular?
John
  • 1,697
  • 4
  • 27
  • 53
1
vote
2 answers

Configuring spring-oauth2-client for non boot spring framework

In spring boot, application.yml takes in the Spring oauth2 client config. How do I configure it for the non-boot application. By configuration I mean giving client ID, secret, scopes and redirect URI.
Dheeraj
  • 13
  • 6
1
vote
2 answers

Get user role after authorization

I want to implement Spring Boot Project with Angular 9 based on OAuth2 for security. The problem which is not clear for me is what is the best way to get the user role after user authentication. I found 2 ways: Add properly after user is…
Peter Penzov
  • 1,126
  • 134
  • 430
  • 808
1
vote
1 answer

Getting Access Token with Spring Cloud Gateway and Spring Security with Keycloak

I am using Spring cloud Gateway with Spring security and Keycloak for Access management. I am having an issue getting the access token with spring cloud gateway as the token I am getting doesn't have all the parameters like what I get from the token…
Vijay
  • 558
  • 6
  • 22
1
vote
0 answers

BlackList isn't working when refresh token tries to get access back using JWT (Spring Boot)

Please bear in mind that I'll eventually move the blacklist to a cache DB, it's not going to be an attribute in the class, this is just temporary. This is my full component for the…
luifon
  • 197
  • 2
  • 16
1
vote
0 answers

Can Spring OAuth2 ClientDetailsServiceConfigurer authenticates with database?

I am new to Spring Boot OAuth2 framework. I have the following working when authenticating incoming requests to ask for token. The "withClient" and "secret" are both hard-coded and I want that to query against database like MySQL. I like different…
Vince Yau
  • 515
  • 1
  • 5
  • 16
1
vote
0 answers

How to get Oauth2 token request on behalf of user

I am new to spring and creating backend using spring and oauth 2 so far I was able to implement outh2 with spring and I can able to get access and refresh token: localhost:8082/oauth/token and response i am getting : { "access_token":…
Rohit Maurya
  • 730
  • 1
  • 9
  • 22
1
vote
1 answer

Spring Cloud Gateway Oauth2Login Return JWT Token Instead of SESSION Cookie Upon Successful Login

sorry in advance if the question is previously asked, but I have not been able to find an answer. I am trying to setup Spring Cloud Gateway to act as a OAuth2 client to authenticate/login users via a Keycloak Authentication server. I have been able…
user2457907
1
vote
1 answer

Insert a custom Filter in the Spring Security Filter Chain in Spring Cloud Gateway

I am working on spring cloud gateway which authenticates with OAuth2 with the help of spring security filter chain. Currently I am having an error at the login page of the OAuth2 because of some unknows authorization request not found error which I…
Vijay
  • 558
  • 6
  • 22
1
vote
1 answer

Implement oauth2 authorization server without using Spring Security OAuth

My requirement is to implement oauth 2 using spring boot. It's for dynamic client registration(client id ,client secret ….) to be stored in the database, not in memory. The first option I see is using spring-security-oauth2. But as per…
abishkar bhattarai
  • 7,371
  • 8
  • 49
  • 66
1
vote
1 answer

Spring Security Expression Baed Access Control with JwtAuthenticationToken

I'm working on an RESTful sevice that uses spring-boot-starter-oauth2-resource-server for security. It has some complex endpoint authorization requirements that involve decisions based not just on roles but on other claims in the JWT like location.…
CeeTee
  • 778
  • 1
  • 9
  • 17
1 2 3
99 100