andreapier
Reputation: 2958
No Bean for ResourceServerTokenServices found - Spring-Security-Oauth2
I'm building a sample project with spring-boot just to learn something about it.
Specifically, i'm trying to integrate spring-security-oauth2 module to secure my rest services.
I followed this sample project that shows a very simple in-memory login system: https://github.com/royclarkson/spring-rest-service-oauth
It works, and this is good.
Anyway, when I tried to integrate it in my application i get the following exception:
...
Caused by: java.lang.IllegalStateException: Could not wire ResourceServerTokenServices: please create a bean definition and mark it as @Primary.
at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration.resolveTokenServices(ResourceServerConfiguration.java:170) ~[spring-security-oauth2-2.0.4.RELEASE.jar:na]
at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration.configure(ResourceServerConfiguration.java:140) ~[spring-security-oauth2-2.0.4.RELEASE.jar:na]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:199) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:283) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:68) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration$$EnhancerByCGLIB$$71f30f65.init(<generated>) ~[spring-core-4.0.1.RELEASE.jar:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:367) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:320) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:92) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f.CGLIB$springSecurityFilterChain$3(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f$$FastClassByCGLIB$$ffddf00e.invoke(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.0.1.RELEASE.jar:4.0.1.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:326) ~[spring-context-4.0.1.RELEASE.jar:4.0.1.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f.springSecurityFilterChain(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0]
at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:166) ~[spring-beans-4.0.1.RELEASE.jar:4.0.1.RELEASE]
... 27 common frames omitted
From what i know, the DefaultTokenServices implementation of ResourceServerTokenServices should be ready to use, without further implementation (at leas for this simple scenario). Am I wrong?
The following snippets are my oauth configuration classes:
AuthorizationServerConfiguration:
@Configuration @EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private TokenStore tokenStore = new InMemoryTokenStore();
@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Inject
private ResourceIdProvider resourceIdProvider;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore)
.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("clientapp")
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(this.resourceIdProvider.getResourceId())
.secret("123456");
}
@Bean
public ResourceServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
} }
ResourceServerConfigurationImpl:
@Configuration @EnableResourceServer
public class ResourceServerConfigurationImpl extends ResourceServerConfigurerAdapter {
@Inject
private ResourceIdProvider resourceIdProvider;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(this.resourceIdProvider.getResourceId());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/rest/user")
.authenticated();
} }
InMemoryWebSecurityConfiguration:
@Configuration @EnableWebSecurity
public class InMemoryWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("roy")
.password("spring")
.roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Can somebody help me get this running?
If you need more code let me know.
Thanks in advance!
Upvotes: 1
Views: 6273
Answers (2)
Jonas Flesch
Reputation: 309
I am having the same problem since 2.0.5-RELEASE version, it didn't happen on 2.0.4-BUILD-SNAPSHOT. I opened a issue here: https://github.com/spring-projects/spring-security-oauth/issues/342
Upvotes: 0
Dave Syer
Reputation: 58124
There's a hint in the error message (mark your token services as @Primary). That should work. Also (I think) you can just inject a TokenStore into the ResourceServerConfigurer and share it with the rest of the context.
Upvotes: 2
Related Questions
- Spring boot + oauth2 : Full authentication is required to access this resource
- Spring Boot OAuth2 ResourceServer 401 with PermitAll
- Spring Boot oauth2 : Full authentication is required to access this resource
- Spring security oAuth 2.0 (Invalid token does not contain resource id (oauth2-resource))
- ClassNotFoundException: org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerConfiguration
- Spring-boot OAuth2 implementation: NoSuchBeanDefinitionException: No qualifying bean of type AuthenticationManager
- Spring boot Oauth2 - Security incompatibility between Authorization and Resource server
- Oauth2 with Spring-Security: Error creating bean with name 'oauth2TokenGranter': Cannot create inner bean of type ResourceOwnerPasswordTokenGranter
- Spring boot OAuth2 - Insufficient Scope for this resource
- Spring-OAUTH2.0: No resource available error on calling /oauth/token