Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
1
vote
1 answer

Implement TokenEnhancer for OAuth2 + JWT

I'm trying to implement TokenEnhancer for OAuth2 + JWT using this code: public class CustomTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication…
Peter Penzov
  • 1,126
  • 134
  • 430
  • 808
1
vote
1 answer

Is it possible to have two session management strategies for different apis based on ant matcher

I was trying out the following config code, to get different session management for two APIs based on ant matchers http .authorizeRequests().antMatchers("/apiV1/**").authenticated() .and().sessionManagement() …
manofaction
  • 36
  • 5
1
vote
0 answers

Spring Security: Why does Spring only finds the last authority of the access token?

I am trying to get Spring method security running and I have to following problems with my token. It looks like this (Access Token, after calling check_token on the AuthServer): There are nine authorities. BUT......if I try to check like this: I…
MarkusJackson
  • 225
  • 2
  • 12
1
vote
1 answer

Can we load different security configuration based on Mediatype, i.e. One of REST and one for web?

I have developed a regular spring mvc application, and want to add some rest controller for developing mobile application. I have written rest controller, and multi spring security configurations. Problem is, they are in precedence, hence both are…
Abhishek Soni
  • 563
  • 1
  • 6
  • 17
1
vote
0 answers

Bad client credentials in Spring security oauth2

I configured the password mode in spring security oauth2, but when I send request, the postman shows error: invaild_client, description: Bad client credentials. Here's my configuration. Postman request screenshot: click…
a1557944
  • 11
  • 3
1
vote
0 answers

Unable to get user id to resource server client

My service already gets JWT token in request(so I don't need to write Resource Owner or Authorization server) and by interacting with Authorization server API it validates token. Now I want to know the user name/id in controller which I am unable to…
Laksh.S
  • 107
  • 1
  • 1
  • 8
1
vote
1 answer

spring-security-oauth2-autoconfigure - invalid token: What changed from version 2.1.5 to 2.3.1

I have done successfully the following tutorial for setting up some springboot microservies that are secured by oauth2: https://blog.viadee.de/microservices-absichern-mit-spring-boot-netflix-zuul-und-oauth-2-0-teil-1 In the tutorial they hardcoded…
MarkusJackson
  • 225
  • 2
  • 12
1
vote
0 answers

Spring Security OAuth2 Login using password Grant

I'm using Spring Boot 2.3.1 for a spring boot mvc application. I also have an OAuth2 Authorization server that is already setup and configured separately. I'm attempting to utilize Spring Security 5.2 OAuth to process the user login using Resource…
Brad H.
  • 315
  • 1
  • 4
  • 11
1
vote
0 answers

Spring Security and Google Contacts API integration throwing exception

My use case is to retrieve google's contacts for a user and for that I was following https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2login#google-login tutorial along with Google Contacts API docs -…
user977263
  • 45
  • 1
  • 8
1
vote
3 answers

Oauth2Login for only specific urls

I'm trying to have an oauth2 configuration setup for login through Spring Security. But only for specific urls. My security config looks as follows. @Override public void configure(HttpSecurity http) throws Exception { http …
user1840435
  • 57
  • 1
  • 2
  • 4
1
vote
1 answer

access_denied error for client user even though keycloak evaluation says permit

I have multiple resources, each resource pointing to a page on the application. I am using keycloak (v10.0.2) for authentication of requests. I have two users, Admin, and Client. Admin has access to all the resources while Client has access to only…
vinayawsm
  • 845
  • 9
  • 28
1
vote
1 answer

How to Customize "Bad credentials" error response in Spring Security?

I am using Spring-cloud-oauth2 to create an authorisation server. It is based on both client credentials and Username and password. My problem is that I am not able to customise the error response for bad credentials when typing incorrect…
sebin vincent
  • 330
  • 3
  • 12
1
vote
1 answer

Saving Oauth2RestTemplate/Client storing in Security Context

I am securing my web application with OAuth2. I have a custom Authentication Provider which stores the OAuth2Client(OAut2RestTemplate) in the Security Context. CustomAuthenticationProvide @Component public class CustomAuthenticationProvider…
Jocasso
  • 465
  • 1
  • 7
  • 20
1
vote
1 answer

Spring Boot, Security OAuth2 Google Logout and no Autologin

My configuration is: @Configuration @EnableWebSecurity(debug = false) @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private SaveNewOidcUserService…
wojek
  • 21
  • 5
1
vote
1 answer

Active-directory - Cross domain trust with OAuth2 OBO flow

Need some help in reviewing/ improving security architecture that we have. This is kind of architecture that we have The user login flow is KeyCloak backed by AD. When a user logins to the apring app, we authenticate him via AD, and sync the user…
Anand Vaidya
  • 1,374
  • 11
  • 26
1 2 3
99 100